CompTIA Updated PT0-002 Exam Questions and Answers by trent

The Nmap command in the question scans all ports on the remote host and identifies the services and versions running on them. The output shows that port 3306 is open and running MariaDB, which is a fork of MySQL. Therefore, the best command to discover an exploitable service would be to use the mysql-info.nse script, which gathers information about the MySQL server, such as the version, user accounts, databases, and configuration variables. The other commands are either misspelled, irrelevant, or too broad for the task. References: Best PenTest+ certification study resources and training materials, CompTIA PenTest+ PT0-002 Cert Guide, 101 Labs — CompTIA PenTest+: Hands-on Labs for the PT0-002 Exam

DirBuster is a tool that can brute-force directories and filenames on web servers. It can help a penetration tester locate a file that was uploaded to a content management system by trying different combinations of paths and names until it finds a match. DirBuster can also use wordlists to speed up the process and discover hidden files or directories. References: The Official CompTIA PenTest+ Instructor Guide (Exam PT0-002) eBook, page 156

The correct Python script for implementing a simple TCP port scanner that checks for open ports from 1000 to 2000 is option A. This script uses a for loop to iterate through the range of ports, creates a socket object for each port using the socket.AF_INET address family (indicating IPv4) and socket.SOCK_STREAM socket type (indicating TCP), and attempts to connect to each port. If the connection attempt (connect_ex) returns 0, it indicates the port is open, and the script prints a message stating that the port is open before closing the socket. The other options contain syntax errors, use incorrect socket types, or have incorrect ranges that do not fully cover the specified ports.

The -T2 flag in Nmap sets the timing template to “polite”, which means that Nmap will limit the number of parallel probes to 10 and the scan delay to 0.4 seconds. This will reduce the number of connections per minute and avoid triggering the active response tool. The -Pn flag tells Nmap to skip the host discovery phase and scan the target regardless of its ping response. The other options are not suitable for bypassing the active response tool, as they either scan too many ports (-sU, -T5, -F) or use a faster timing template (-T5, -T3) that will generate more connections per minute. References:

•Nmap Cheat Sheet 2024: All the Commands & Flags - StationX

•Nmap Commands - 17 Basic Commands for Linux Network - phoenixNAP

•NMAP Flag Guide: What They Are, When to Use Them - CBT Nuggets