← Back to exam page

PT0-002 CompTIA PenTest+

Loading demo links...

Showing 10–12 of 15 questions

Question 10

A penetration tester downloaded a Java application file from a compromised web server and identifies how to invoke it by looking at the following log:

Which of the following is the order of steps the penetration tester needs to follow to validate whether the Java application uses encryption over sockets?

Select an option, then click Submit answer.

  • Run an application vulnerability scan and then identify the TCP ports used by the application.

  • Run the application attached to a debugger and then review the application's log.

  • Disassemble the binary code and then identify the break points.

  • Start a packet capture with Wireshark and then run the application.
Question 11

A penetration tester runs a scan against a server and obtains the following output:

21/tcp open ftp Microsoft ftpd

| ftp-anon: Anonymous FTP login allowed (FTP code 230)

| 03-12-20 09:23AM 331 index.aspx

| ftp-syst:

135/tcp open msrpc Microsoft Windows RPC

139/tcp open netbios-ssn Microsoft Windows netbios-ssn

445/tcp open microsoft-ds Microsoft Windows Server 2012 Std

3389/tcp open ssl/ms-wbt-server

| rdp-ntlm-info:

| Target Name: WEB3

| NetBIOS_Computer_Name: WEB3

| Product_Version: 6.3.9600

|_ System_Time: 2021-01-15T11:32:06+00:00

8443/tcp open http Microsoft IIS httpd 8.5

| http-methods:

|_ Potentially risky methods: TRACE

|_http-server-header: Microsoft-IIS/8.5

|_http-title: IIS Windows Server

Which of the following command sequences should the penetration tester try NEXT?

 

Select an option, then click Submit answer.

  • ftp 192.168.53.23

  • smbclient \\\\WEB3\\IPC$ -I 192.168.53.23 –U guest

  • ncrack –u Administrator –P 15worst_passwords.txt –p rdp 192.168.53.23

  • curl –X TRACE https://192.168.53.23:8443/index.aspx

  • nmap –-script vuln –sV 192.168.53.23

Question 12

A penetration tester is testing input validation on a search form that was discovered on a website. Which of the following characters is the BEST option to test the website for vulnerabilities?

Select an option, then click Submit answer.

  • Comma

  • Double dash

  • Single quote

  • Semicolon