Free CompTIA PenTest+ PT0-002 Practice Test

The principle of 'Scarcity' refers to the human tendency to value and desire something more when it is perceived as rare or dwindling in availability. In the context of social engineering, an attacker may use this principle to create a sense of urgency and prompt immediate decision-making, potentially leading to the victim taking an action they might not have taken under normal circumstances. This may manifest as limited time offers, exclusive access, or in this case, a limited number of available licenses which could lead to hasty purchases without proper verification.

Job rotation is an operational control that requires employees to alternate through different positions within an organization. This practice minimizes the risk associated with a single individual having complete control over a critical process by dispersing knowledge and access among several individuals. It prevents any one person from having too much control or knowledge, which could be misused, and it can also uncover fraudulent activities. Mandatory vacations might temporarily remove an individual from control of a process but are primarily intended to ensure employees take rest. Time-of-day restrictions and user training involve limiting access during certain hours and educating users, respectively, but don't directly address the concentration of control over a process.

Hashcat is known for its capability to perform brute-force and dictionary attacks against various types of hashes, making it an essential tool for penetration testers when assessing password security. It is chosen for its efficiency and broad support of hash types.

Option C is correct because reporting critical findings immediately to the client is crucial when active threats or compromises are discovered. It ensures situational awareness for both the tester and the client, making it possible to take necessary actions quickly to contain and mitigate any ongoing threat. Option A is incorrect because continuing testing without informing the client may exacerbate the situation and hinder the response to an ongoing incident. Option B is incorrect because pausing the analysis and waiting for a regular communication interval could delay the response to an active threat, potentially aggravating the situation. Option D is incorrect because terminating the test could prevent the identification of other threats and disrupt the collection of valuable information about the active threat actor's methods and objectives.

Distributed Denial of Service (DDoS) attacks are particularly effective against IoT devices due to their limited computational resources. IoT devices are also commonly used as part of botnets to conduct large-scale DDoS attacks because they are usually always on and connected to the internet. Incorrect answers, such as Bluejacking and Bluesnarfing, are Bluetooth-related attacks that target mobile devices specifically and not IoT devices in general. SQL injection is a web application attack and does not directly relate to the exploitation of IoT devices.

Public source-code repositories can provide detailed insights into the actual code and technologies used by an organization, including versions and configuration files which could lead to uncovering specific vulnerabilities. It is not uncommon for organizations to inadvertently expose sensitive details in these repositories, which makes them a rich source of information for penetration testers. While the other options also play roles in reconnaissance, they do not offer as direct a route to specific technological details as source-code repositories.

Sending large volumes of traffic to test for a Denial of Service (DoS) vulnerability would be in direct violation of the rules of engagement that prohibit tests potentially leading to service disruptions. SQL injection, directory traversal, and cross-site scripting tests do not inherently risk causing denial of service and thus would not typically be excluded under such a condition, although the way these tests are executed should always consider the potential impact on the organization's services.

A router primarily operates at layer 3 (the Network layer) of the OSI model and is designed to connect multiple subnets and direct data packets between them. Routers use IP addresses to make forwarding decisions and can allow or restrict traffic between subnets. In contrast, switches typically operate at layer 2 (Data Link layer) and handle traffic within the same subnet. Hubs, being even more limited, operate at layer 1 (Physical layer) and merely replicate traffic to all ports. Firewalls, though they can restrict traffic between subnets, are not inherently responsible for allowing communication at the network layer but rather for securing the network by applying policies.

Hping is a network tool that can send custom packets with a varying degree of complexity and analyze responses, making it specifically appropriate for crafting custom ICMP echo requests (ping) and other types of traffic, which is vital for penetration testing and network security assessments. Nmap, while versatile in network scanning, isn't specifically tailored for packet crafting as Hping is. Tcpdump is primarily a packet sniffer and does not have the capability to craft packets. Netcat is known primarily for its network utility for reading from and writing to network connections using TCP or UDP, but it does not have the capacity to craft ICMP packets like Hping.

When evidence of a prior compromise is encountered, it is critical to communicate this to the client immediately. Doing so aligns with situational awareness, enabling the client to understand the current threat landscape and act accordingly. This takes precedence over other communications because it may impact the client's operational security and requires urgent attention. While documenting the issue and revising test boundaries are important, they do not take precedence over immediate communication in such scenarios.

The Payment Card Industry Data Security Standard (PCI DSS) is a regulatory compliance consideration for any entity that stores, processes, or transmits credit card information. Reviewing the Service-level agreement (SLA) or the Non-disclosure agreement (NDA) does not directly address regulatory compliance related to credit card data security. While the Master service agreement provides overall terms and conditions of service between two parties, it may not specifically address compliance with PCI DSS.

The script mentioned is focused on automating the process of identifying valid usernames by systematically attempting logins with various username inputs. By recording successful attempts, the script can enumerate, or list, the valid user accounts on the system. This kind of activity is characteristic of user enumeration, which is often an early step in an attack sequence to gather information about potential targets within a system.

The correct answer, 'Analysis of news articles and breach report databases,' is most relevant because these sources often record and discuss an organization's previous security incidents and breaches. They provide context to past events, allowing a pentester to understand the vulnerabilities that have been exploited in the past and potentially highlighting patterns useful in assessing the current security posture.

The alternative options, such as looking at current SSL certification or manual inspection of web links, might provide current technical information but are not primarily focused on presenting a detailed history of security incidents and breaches.

The correct answer is false. When using '-p-' with Nmap, it instructs Nmap to scan all 65535 TCP ports. It is not limited to the ports listed in the /etc/services file. This is a common misunderstanding as the /etc/services file contains well-known ports and service names, but Nmap's '-p-' option bypasses this listing and targets all possible TCP ports, hence providing a comprehensive scan.

Backdoor accounts, which are sometimes left by manufacturers for maintenance purposes, may not be removed or secured over time, especially with outdated firmware that is no longer supported or updated. These can provide attackers with an easy entry point into the system. The other options could be symptoms of outdated equipment but do not inherently represent security-specific risks posed by outdated firmware or hardware as clearly as the issue of backdoor accounts.