Free CompTIA PT0-002 Practice Exam with Questions & Answers

According to the CompTIA PenTest+ Study Guide, Exam PT0-0021, a statement of work (SOW) is a document that defines the scope, objectives, deliverables, and terms of a penetration testing project. It is a formal agreement between the service provider and the client that specifies what is expected from both parties, including the timeline, budget, resources, and responsibilities. A SOW is essential for any penetration testing engagement, as it helps to avoid misunderstandings, conflicts, and legal issues.

The CompTIA PenTest+ Study Guide also provides an example of a SOW template that covers the following sections1:

Project overview: A brief summary of the project’s purpose, scope, objectives, and deliverables.

Project scope: A detailed description of the target system, network, or application that will be tested, including the boundaries, exclusions, and assumptions.

Project objectives: A clear statement of the expected outcomes and benefits of the project, such as identifying vulnerabilities, improving security posture, or complying with regulations.

Project deliverables: A list of the tangible products or services that will be provided by the service provider to the client, such as reports, recommendations, or remediation plans.

Project timeline: A schedule of the project’s milestones and deadlines, such as kickoff meeting, testing phase, reporting phase, or closure meeting.

Project budget: A breakdown of the project’s costs and expenses, such as labor hours, travel expenses, tools, or licenses.

Project resources: A specification of the project’s human and technical resources, such as team members, roles, responsibilities, skills, or equipment.

Project terms and conditions: A statement of the project’s legal and contractual aspects, such as confidentiality, liability, warranty, or dispute resolution.

The CompTIA PenTest+ Study Guide also explains why having a SOW is important before starting an assessment1:

It establishes a clear and mutual understanding of the project’s scope and expectations between the service provider and the client.

It provides a basis for measuring the project’s progress and performance against the agreed-upon objectives and deliverables.

It protects both parties from potential risks or disputes that may arise during or after the project.

A single quote (') is a common character used to test for SQL injection vulnerabilities, which occur when user input is directly passed to a database query. A single quote can terminate a string literal and allow an attacker to inject malicious SQL commands. For example, if the search form uses the query SELECT * FROM products WHERE name LIKE ‘%user_input%’, then entering a single quote as user input would result in an error or unexpected behavior

According to the Official CompTIA PenTest+ Self-Paced Study Guide1, the correct answer is A. nmap -sn -n -exclude 10.1.1.15 10.1.1.0/24 -oA target_txt.

This command will perform a ping scan (-sn) without reverse DNS resolution (-n) on the IP range 10.1.1.0/24, excluding the attack machine’s IP address (10.1.1.15) from the scan (-exclude). It will also output the results in three formats (normal, grepable and XML) with a base name of target_txt (-oA).

The VRFY and EXPN commands can be used to enumerate user accounts on an SMTP server, as they are used to verify the existence of users or mailing lists. VRFY (verify) asks the server to confirm that a given user name or address is valid. EXPN (expand) asks the server to expand a mailing list into its individual members. These commands can be used by a penetration tester to identify valid user names or e-mail addresses on the target SMTP server.

https://www.bleepingcomputer.com/news/security/certutilexe-could-allow-attackers-to-download-malware-while-bypassing-av/

--- https://docs.microsoft.com/en-us/sysinternals/downloads/accesschk

The certutil command is a Windows utility that can be used to manipulate certificates and certificate authorities. However, it can also be abused by attackers to download files from remote servers using the –urlcache option. In this case, the command downloads accesschk64.exe from http://192.168.2.124/windows-binaries/ and saves it locally. Accesschk64.exe is a tool that can be used to check service permissions and identify potential privilege escalation vectors. The other commands are not relevant for this purpose. Powershell is a scripting language that can be used to perform various tasks, but in this case it uploads a file instead of downloading one. Schtasks is a command that can be used to create or query scheduled tasks, but it does not help with service permissions. Wget is a Linux command that can be used to download files from the web, but it does not work on Windows by default.

Aircrack-ng is a suite of tools that allows the penetration tester to test the effectiveness of the wireless IDS solutions by performing various attacks on wireless networks, such as cracking WEP and WPA keys, capturing and injecting packets, deauthenticating clients, or creating fake access points. Aircrack-ng can also generate different types of traffic and signatures that can trigger the wireless IDS alerts or responses, such as ARP requests, EAPOL frames, or beacon frames.

https://www.kali.org/tools/patator/