ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam PT0-002 All Questions

View all questions & answers for the PT0-002 exam
Go to Exam

Exam PT0-002 topic 1 question 284 discussion

Actual exam question from CompTIA's PT0-002
Question #: 284
Topic #: 1
[All PT0-002 Questions]

A penetration tester executes the following Nmap command and obtains the following output:



Which of the following commands would BEST help the penetration tester discover an exploitable service?

  • A. nmap -v -p 25 --script smtp-enum-users remotehost
  • B. nmap -v --script=mysql-info.nse remotehost
  • C. nmap --script=smb-brute.nse remotehost
  • D. nmap -p 3306 --script "http*vuln*" remotehost
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by DRVision at Nov. 16, 2023, 4:34 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
manognavenkat
2 days, 23 hours ago
Selected Answer: B
Clearly MariaDB is unauthorized
upvoted 1 times
...
DarkReitor
3 months, 3 weeks ago
Selected Answer: A
You have to specify the port, ergo, is 25 with the vulner scan
upvoted 2 times
...
zemijan
4 months, 1 week ago
Selected Answer: B
Why Option B is Correct? The scan indicates that MariaDB is running on port 3306, and it’s marked as "unauthorized," suggesting potential misconfigurations. The mysql-info.nse script gathers valuable information, such as: Database version. Service configuration. Known vulnerabilities (e.g., if the database version is outdated). The database often holds critical data and is a high-value target for penetration testers.
upvoted 3 times
...
Ta2oo
7 months ago
Selected Answer: A
Targeting Port 25 to enumerate a potential list of users would be my choice. None of these commands would identify a vulnerable service, this has already been done by the initial nmap scan. Having a list of valid users would provide the best approach to further an attack.
upvoted 1 times
...
Etc_Shadow28000
9 months, 4 weeks ago
Selected Answer: A
A. nmap -v -p 25 –script smtp-enum-users remotehost: This command specifically targets the SMTP service running on port 25. The smtp-enum-users script is useful for enumerating valid usernames on the SMTP server, which can help identify potential accounts that could be exploited. -------------------------------------- B. nmap -v –script=mysql-info.nse remotehost: This command targets the MySQL service but only gathers general information about the MySQL server. While useful, it is not specifically designed to identify exploitable vulnerabilities. C. nmap –script=smb-brute.nse remotehost: This command targets SMB services, which are not listed in the scan results. Therefore, it would not be applicable to the services found in the scan. D. nmap -p 3306 –script “httpvuln” remotehost: This command attempts to run scripts related to HTTP vulnerabilities against the MySQL port (3306), which is not appropriate since 3306 is not an HTTP service.
upvoted 2 times
...
Aliyan
1 year, 5 months ago
Selected Answer: B
needs to get into SQL. it is also running unauthorizes DB. also DB has more value than Mail server
upvoted 2 times
...
MartinRB
1 year, 5 months ago
Selected Answer: B
to "discover an exploitable service" B. nmap -v --script=mysql-info.nse remotehost -v: Enables verbose mode. --script=mysql-info.nse: Executes the Nmap script "mysql-info.nse," which is designed to gather information about a MySQL server. This command is used to obtain information about the MySQL service running on the target host, including version details and configuration.
upvoted 4 times
...
DRVision
1 year, 5 months ago
Selected Answer: A
targeting the open SMTP port 25
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago