Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.

Exam PT0-002 topic 1 question 153 discussion

Actual exam question from CompTIA's PT0-002
Question #: 153
Topic #: 1
[All PT0-002 Questions]

A penetration tester is reviewing the following DNS reconnaissance results for comptia.org from dig:
...
;; ANSWER SECTION
comptia.org. 3569 IN MX comptia.org-mail.protection.outlook.com. comptia.org. 3569 IN A 3.219.13.186. comptia.org. 3569 IN NS ns1.comptia.org. comptia.org. 3569 IN SOA haven. administrator.comptia.org. comptia.org. 3569 IN MX new.mx0.comptia.org. comptia.org. 3569 IN MX new.mx1.comptia.org.
Which of the following potential issues can the penetration tester identify based on this output?

  • A. At least one of the records is out of scope.
  • B. There is a duplicate MX record.
  • C. The NS record is not within the appropriate domain.
  • D. The SOA records outside the comptia.org domain.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Anarckii
10 months ago
Selected Answer: B
The question ask " Which of the following potential issues can the penetration tester identify based on this output? " A: is not an issue with the dig. This is relating to the ROA. The purpose is to locate what is the issue with the findings and that would be there is two similar MX records, B
upvoted 2 times
deeden
2 weeks ago
I don't see any duplicate MX record?
upvoted 1 times
...
...
TheSkyMan
11 months, 1 week ago
Selected Answer: A
"MX comptia.org-mail.protection.outlook.com" is a Microsoft email server, not a CompTIA server. It is out of scope and should not be tested. Going with A.
upvoted 4 times
...
[Removed]
11 months, 2 weeks ago
Answer B would be the most correct as the key purpose of the penetration test is to identify vulnerabilities and weaknesses in the target system or network, and report them to the organization so that they can be addressed and fixed. The other options (A, C, D, and E) are also important, but they are not the primary purpose of the penetration test. For example, option A focuses on determining the effectiveness of the organization's security controls, which is important but not the main goal of a penetration test. Option C deals with compliance, which is also important but not the primary objective of a penetration test. Option D is focused on verifying system availability, which is again important but not the main purpose of a penetration test. And finally, option E is about determining the quality of the system design and implementation, which is also important but not the main goal of a penetration test.
upvoted 1 times
...
KingIT_ENG
1 year ago
A is the answer
upvoted 1 times
...
[Removed]
1 year ago
A is the correct answer
upvoted 1 times
...
[Removed]
1 year ago
A is the answer B or D is incorrect
upvoted 1 times
...
cy_analyst
1 year ago
Selected Answer: D
The Start of Authority (SOA) record indicates which DNS server is authoritative for the zone and provides administrative information about the zone. In the given DNS reconnaissance results, the SOA record shows that the zone is administered by "haven.administrator.comptia.org," which is outside the comptia.org domain. This could indicate a configuration error or a security issue. The penetration tester should investigate this further to determine if there is any potential vulnerability or misconfiguration that could be exploited.
upvoted 3 times
KingIT_ENG
1 year ago
A is correct answer
upvoted 2 times
...
cy_analyst
12 months ago
ANSWER SECTION: comptia.org. 2854 IN SOA armando.ns.cloudflare.com. dns.cloudflare.com. 2305692957 10000 2400 604800 3600
upvoted 1 times
...
[Removed]
1 year ago
I think B is the answer
upvoted 1 times
...
[Removed]
1 year ago
What you think about Q 86?
upvoted 1 times
...
...
[Removed]
1 year, 1 month ago
A or B ?
upvoted 1 times
...
kloug
1 year, 1 month ago
bbbbbbbbbb
upvoted 1 times
...
[Removed]
1 year, 1 month ago
I think A is correct
upvoted 1 times
...
shakevia463
1 year, 1 month ago
Having two different mail server mx records is not recommended, now having two mx records for the same provider is okay in my experience. You wouldnt want office 365 mail server and in house mail server records mail will be lost even if you set the pritority. Ive had to fix these issues for years.
upvoted 3 times
...
som3onenooned1
1 year, 4 months ago
Selected Answer: A
A - Based on results you may compare data with RoE and notice that some subdomains or IPs are out of scope. I would say *.outlook.com. is out of scope B - you can have duplicate MX record C - NS record is fine and is within comptia.org domain D - SOA record is inside comptia.org domain, although it lacks refresh, retry, expire and negative cache TTL data.
upvoted 3 times
...
mj944
1 year, 4 months ago
Selected Answer: A
first MX record is out of scope
upvoted 3 times
...
Manzer
1 year, 5 months ago
comptia.org. 3569 IN MX comptia.org-mail.protection.outlook.com. comptia.org. 3569 IN A 3.219.13.186. comptia.org. 3569 IN NS ns1.comptia.org. comptia.org. 3569 IN SOA haven. administrator.comptia.org. comptia.org. 3569 IN MX new.mx0.comptia.org. comptia.org. 3569 IN MX new.mx1.comptia.org. I can't tell. you can have mulitple MX records and they are not dupes. Maybe the SOA record because there is a space.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...