ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam PT0-002 All Questions

View all questions & answers for the PT0-002 exam
Go to Exam

Exam PT0-002 topic 1 question 49 discussion

Actual exam question from CompTIA's PT0-002
Question #: 49
Topic #: 1
[All PT0-002 Questions]

In an unprotected network file repository, a penetration tester discovers a text file containing usernames and passwords in cleartext and a spreadsheet containing data for 50 employees, including full names, roles, and serial numbers. The tester realizes some of the passwords in the text file follow the format: <name- serial_number>.
Which of the following would be the best action for the tester to take NEXT with this information?

  • A. Create a custom password dictionary as preparation for password spray testing.
  • B. Recommend using a password manager/vault instead of text files to store passwords securely.
  • C. Recommend configuring password complexity rules in all the systems and applications.
  • D. Document the unprotected file repository as a finding in the penetration-testing report.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by RRabbit_111 at Jan. 19, 2023, 3:14 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Rob69420
Highly Voted 2 years, 3 months ago
This is the SAME QUESTION from #207 and we have different answers....
upvoted 8 times
...
RRabbit_111
Highly Voted 2 years, 5 months ago
Selected Answer: D
D. Document the unprotected file repository as a finding in the penetration-testing report. The best action for the tester to take with this information would be to document the unprotected file repository as a finding in the penetration testing report. The tester should advise the client about the sensitive data that is exposed in the text file and the spreadsheet, including the usernames and passwords in cleartext, full names, roles, and serial numbers. By highlighting this vulnerability, the client will be able to take appropriate measures to secure their sensitive data, such as by protecting the file repository with proper access controls, implementing encryption, and putting in place a data governance policy. Creating a custom password dictionary as preparation for password spray testing is not a good action, as the passwords format has been revealed and they should be changed. Recommend using a password manager/vault instead of text files to store passwords securely, is a good action but is not the first step. Recommend configuring password complexity rules in all the systems and applications is a good action but is not the first step.
upvoted 5 times
shakevia463
2 years, 4 months ago
Your a penetration tester i believe you go through with testing and do A
upvoted 3 times
[Removed]
2 years, 4 months ago
D answer is correct
upvoted 2 times
...
...
...
vorozco
Most Recent 1 month, 1 week ago
Selected Answer: A
Yes, this should be documented, but not before leveraging it. The answer is A
upvoted 1 times
...
manognavenkat
1 month, 4 weeks ago
Selected Answer: A
D. Document the unprotected repo → You definitely will document it, but you haven't finished exploiting it yet — move forward with the test first! so it's A
upvoted 2 times
...
Nikamy
7 months, 1 week ago
Selected Answer: A
BRO WHAT
upvoted 1 times
...
solutionz
1 year, 10 months ago
Selected Answer: D
While all the given options may be relevant at different stages of the penetration testing process, the best action to take NEXT after discovering sensitive information in an unprotected network file repository is to document the finding. Documenting the findings as they are discovered ensures that all relevant information is captured and that the client is provided with accurate and comprehensive details about the security issues identified during the test. Recommendations for improving security, such as using a password manager/vault or configuring password complexity rules, would typically be included in the final report or discussed with the client after the testing is completed. So, the correct answer is: D. Document the unprotected file repository as a finding in the penetration-testing report.
upvoted 2 times
...
NBE
2 years, 1 month ago
Selected Answer: A
A is surely the correct answer. The question asks what is the Next action to take, therefore the test proceeds. A is correct.
upvoted 1 times
stinger00541
1 year ago
Why are you spraying? You have employee names, serials, and passwords. Why spray "John Doe's" password across all accounts if you know its John's password?
upvoted 5 times
yeahnodontthinkso
1 month, 4 weeks ago
This right here is what points me towards D. The information you gathered isn't really useful for creating a dictionary. You have names and system-specific IDs. How would that help with their passwords?
upvoted 1 times
...
stinger00541
1 year ago
Also it says what would be the best action to take "NEXT" the caps are very important. Document then spray if you want.
upvoted 2 times
...
...
Meep123
1 year, 8 months ago
Document, document, document. Document every finding.
upvoted 3 times
...
...
KingIT_ENG
2 years, 3 months ago
D is correct
upvoted 1 times
...
kenechi
2 years, 3 months ago
Selected Answer: D
D - Document the unprotected file repository as a finding should be what the tester should do next. B - Is incorrect as the next thing the tester should do. Answer B - should form part of the remediation recommended by the tester after the penetration testing.
upvoted 3 times
[Removed]
2 years, 3 months ago
Yes D is correct answer
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel