Penetration on an assessment for a client organization, a penetration tester notices numerous outdated software package versions were installed ...s-critical servers. Which of the following would best mitigate this issue?
Correct Answer: A
The best way to mitigate this issue is to implement patching and change control programs, which are processes that involve applying updates or fixes to software packages to address vulnerabilities, bugs, or performance issues, and managing or documenting the changes made to the software packages to ensure consistency, compatibility, and security. Patching and change control programs can help prevent or reduce the risk of attacks that exploit outdated software package versions, which may contain known or unknown vulnerabilities that can compromise the security or functionality of the systems or servers. Patching and change control programs can be implemented by using tools such as WSUS, which is a tool that can manage and distribute updates for Windows systems and applications1, or Git, which is a tool that can track and control changes to source code or files2. The other options are not valid ways to mitigate this issue. Revision of client scripts used to perform system updates is not a sufficient way to mitigate this issue, as it may not address the root cause of why the software package versions are outdated, such as lack of awareness, resources, or policies. Remedial training for the client's systems administrators is not a direct way to mitigate this issue, as it may not result in immediate or effective actions to update the software package versions. Refrainment from patching systems until quality assurance approves is not a way to mitigate this issue, but rather a potential cause or barrier for why the software package versions are outdated.
PT0-002 Exam Question 82
A penetration tester managed to exploit a vulnerability using the following payload: IF (1=1) WAIT FOR DELAY '0:0:15' Which of the following actions would best mitigate this type ol attack?
Correct Answer: B
The payload used by the penetration tester is a type of blind SQL injection attack that delays the response of the database by 15 seconds if the condition is true. This can be used to extract information from the database by asking a series of true or false questions. To prevent this type of attack, the best practice is to use parameterized queries, which separate the user input from the SQL statement and prevent the injection of malicious code. Encrypting passwords, encoding output, and sanitizing HTML are also good security measures, but they do not directly address the SQL injection vulnerability. References: * The Official CompTIA PenTest+ Study Guide (Exam PT0-002), Chapter 5: Attacks and Exploits, Section 5.2: Perform Network Attacks, Subsection: SQL Injection, p. 235-237 * Blind SQL Injection | OWASP Foundation, Description and Examples sections * Time-Based Blind SQL Injection Attacks, Introduction and Microsoft SQL Server sections
PT0-002 Exam Question 83
A penetration tester developed the following script to be used during an engagement: #!/usr/bin/python import socket, sys ports = [21, 22, 23, 25, 80, 139, 443, 445, 3306, 3389] if len(sys.argv) > 1: target = socket.gethostbyname (sys. argv [0]) else: print ("Few arguments.") print ("Syntax: python {} <target ip>". format (sys. argv [0])) sys.exit () try: for port in ports: s = socket. socket (socket. AF_INET, socket. SOCK_STREAM) s.settimeout (2) result = s.connect_ex ((target, port) ) if result == 0: print ("Port {} is opened". format (port) ) except KeyboardInterrupt: print ("\nExiting ... ") sys.exit () However, when the penetration tester ran the script, the tester received the following message: socket.gaierror: [Errno -2] Name or service not known Which of the following changes should the penetration tester implement to fix the script?
Correct Answer: A
The socket.gaierror: [Errno -2] Name or service not known is an error that occurs when the socket module cannot resolve the hostname or IP address given as an argument. In this case, the script is using sys.argv[0] as the argument for socket.gethostbyname, which is the name of the script itself, not the target IP address. The target IP address should be the first command-line argument after the script name, which is sys.argv1. Therefore, changing the script to use sys.argv1 as the argument for socket.gethostbyname will fix the error and allow the script to scan the ports of the target IP address. References: *The Official CompTIA PenTest+ Study Guide (Exam PT0-002), Chapter 5: Attacks and Exploits, page 262-263. *socket.gaierror: [Errno -2] Name or service not known | Python1 *How do I fix the error socket.gaierror: [Errno -2] Name or service not known on debian/testing?2
PT0-002 Exam Question 84
A penetration tester is performing reconnaissance for a web application assessment. Upon investigation, the tester reviews the robots.txt file for items of interest. INSTRUCTIONS Select the tool the penetration tester should use for further investigation. Select the two entries in the robots.txt file that the penetration tester should recommend for removal.
Correct Answer:
Explanation: The tool that the penetration tester should use for further investigation is WPScan. This is because WPScan is a WordPress vulnerability scanner that can detect common WordPress security issues, such as weak passwords, outdated plugins, and misconfigured settings. WPScan can also enumerate WordPress users, themes, and plugins from the robots.txt file. The two entries in the robots.txt file that the penetration tester should recommend for removal are: * Allow: /admin * Allow: /wp-admin These entries expose the WordPress admin panel, which can be a target for brute-force attacks, SQL injection, and other exploits. Removing these entries can help prevent unauthorized access to the web application's backend. Alternatively, the penetration tester can suggest renaming the admin panel to a less obvious name, or adding authentication methods such as two-factor authentication or IP whitelisting.
PT0-002 Exam Question 85
A penetration tester is reviewing the security of a web application running in an laaS compute instance. Which of the following payloads should the tester send to get the running process credentials?
Correct Answer: B
The payload file=/proc/self/environ is used to exploit Local File Inclusion (LFI) vulnerabilities in web applications running on Linux systems. This payload allows the attacker to read the environment variables of the process running the web server, which can include sensitive information such as credentials, system paths, and configuration details. The other payloads mentioned are not as directly relevant to obtaining running process credentials in the context of an LFI vulnerability.
