Free CompTIA PenTest+ PT0-002: 05 Exploiting Networks + Anki Cards

Ref:📕CompTIA PenTest+ PT0-002 Cert Guide (Certification Guide) 2nd Edition

PenTest+ (PT0-002) Chapter 05. Exploiting Wired and Wireless Networks

1 / 97

What does the term ’exploit chaining’ refer to in the context of cyberattacks?

A. Using the same exploit multiple times on different systems

B. Using multiple exploits in sequence against a single system

C. Using a single exploit to compromise an entire network

D. Using exploits exclusively on chained zero-day vulnerabilities

2 / 97

What is the purpose of the VRFY command in SMTP?

A. It is used to close a connection

B. It is used to authenticate a client to the server

C. It is used to verify whether a user’s email mailbox exists

D. It initiates the transfer of the contents of an email message

3 / 97

Which of the following best describes an RFID cloning process?

A. RFID information is stolen silently using devices like Proxmark3.

B. Creation of an exact copy of an RFID tag to gain unauthorized access.

C. Installation of skimmers behind RFID card readers.

D. Use of amplified antennas to exfiltrate small amounts of data.

4 / 97

What is a known vulnerability of WPA and WPA2 that has been addressed in WPA3?

A. Susceptibility to the IV attacks

B. Inability to support different authentication methods

C. Allowing the WPA four-way handshake to be captured and brute-forced

D. Lack of support for PSK authentication

5 / 97

Which TCP port is used for NetBIOS Session Service?

A. 135

B. 448

C. 443

D. 139

6 / 97

Which of the following ports is appropriate for the Secure SMTP (SSMTP) protocol in encrypted communications using STARTTLS?

A. TCP port 25

B. TCP port 110

C. TCP port 587

D. TCP port 143

7 / 97

What is the main goal of an attacker performing a DNS cache poisoning attack in the context of an Evil Twin attack?

A. To intercept the packets between the user and legitimate AP

B. To get the DNS cache to accept a spoofed record

C. To promote a rogue AP to the user

D. To decrypt the encrypted packets

8 / 97

Which SMTP command is used to initiate the transfer of the contents of an email message?

A. AUTH

B. RCPT

C. DATA

D. STARTTLS

9 / 97

Which of the following is NOT a basic element in a Kerberos implementation?

A. Client

B. Server behavior

C. Key distribution center (KDC)

D. TGT

10 / 97

Which TCP port is registered by the Internet Assigned Numbers Authority (IANA) for SMTP over SSL (SMTPS)?

A. TCP port 587

B. TCP port 25

C. TCP port 465

D. TCP port 110

11 / 97

What differentiates Bluejacking from Bluesnarfing in Bluetooth-based attacks?

A. Bluejacking uses the OBEX protocol while Bluesnarfing doesn’t

B. Bluejacking allows the attacker to divert calls and messages, while Bluesnarfing doesn’t

C. Bluejacking involves sending unsolicited messages, while Bluesnarfing involves unauthorized access to information

D. Bluejacking is used to obtain a device’s IMEI number, while Bluesnarfing is not

12 / 97

What are the steps an attacker may take to exploit the WPA or WPA2 vulnerabilities using the Aircrack-ng suite of tools?

A. Use Airmon-ng to start the wireless interface in monitoring mode, locate the network, capture traffic using the airodump-ng command, perform a deauthentication attack using the aireplay-ng command, then crack the WPA PSK using the aircrack-ng command

B. Use Airodump-ng to crack the wireless interface, perform a deauthentication attack, then capture the WPA handshake using Airmon-ng

C. Use Airmon-ng to start the wireless interface, perform a deauthentication attack, then crack the WPA PSK using Aircrack-ng

D. Use Aireplay-ng to capture traffic, perform a deauthentication attack, then crack the WPA PSK using Aircrack-ng

13 / 97

Which TCP port is used by the IMAP protocol for encrypted (SSL/TLS) communications?

A. TCP port 25

B. TCP port 110

C. TCP port 587

D. TCP port 993

14 / 97

In a DNS Cache Poisoning attack, what does the attacker do to manipulate the victim’s communications?

A. The attacker physically interferes with the victim’s network communications

B. The attacker impersonates a different website entirely to the victim

C. The attacker corrupts the DNS server cache data to redirect the victim to the attacker’s system

D. The attacker changes the IP address of the DNS server to redirect all its traffic

15 / 97

Which of the following is NOT a category of DoS attacks described in the text?

A. Direct

B. Amplification

C. Reflected

D. Fragmented

16 / 97

What is the purpose of a disassociation or deauthentication attack?

A. To create a DoS condition on the wireless network

B. To help clients connect to a more secure wireless network

C. To improve the response rate of network packets

D. To test the performance of wireless APs

17 / 97

Which of the following best describes the VLAN hopping method called double tagging?

A. Imitates a trunking switch by sending the respective VLAN tag and specific trunking protocols

B. Assigns switch ports to a VLAN and any device connected to that specific port is considered a member of that VLAN

C. Uses two VLAN tags; an outer tag with the attacker’s VLAN, and an inner tag of the victim’s VLAN

D. Changes the device’s IP network address so that they can communicate with other devices in the same VLAN

18 / 97

Which of the following NetBIOS-related operations uses UDP port 137?

A. Microsoft Remote Procedure Call (MS-RPC)

B. NetBIOS Datagram Service

C. NetBIOS Session Service

D. NetBIOS Name Service

19 / 97

In the Aircrack-ng suite of tools, which command line tool is used to begin the process of cracking Wi-Fi networks?

A. airodump-ng

B. Airmon-ng

C. aireplay-ng

D. Aircrack-ng

20 / 97

How does an attacker implement an Evil Twin Attack?

A. By installing rogue AP in a network and changing the DNS cache.

B. By creating a rogue access point and configuring it like the existing corporate network.

C. By intercepting the wireless communication between access point and clients.

D. By using a cloned captive portal or a website to redirect victims.

21 / 97

Which of the following statements correctly describes a common attack that can be launched against RFID devices?

A. Attackers can use RFID information to track the location of an individual in real-time

B. Attackers can use amplified antennas to perform NFC amplification attacks and exfiltrate large amounts of data over long distances

C. Attackers can silently steal RFID information with an RFID reader such as the Proxmark3 just by being in the vicinity of an individual or a tag

D. Attackers can enhance the functionality of an RFID tag by adding additional power sources

22 / 97

Which of the following SMTP commands is used to initiate a Transport Layer Security (TLS) connection to an email server during a security evaluation?

A. EXPN

B. STARTTLS

C. MAIL

D. QUIT

23 / 97

In the process of exploiting a system with the EternalBlue exploit in Metasploit, which commands are used to set the remote host and the host for post-exploitation communication?

A. set RHOS + set LHOS

B. set RHOST + set LHOST

C. set REMHOST + set LOCHOST

D. set RH + set LH

24 / 97

What is Kerberoasting?

A. A pre-exploitation activity that is used by an attacker to extract user account credential hashes from Active Directory for offline cracking

B. A post-exploitation activity that is used by an attacker to extract service account credential hashes from Active Directory for offline cracking

C. A pre-exploitation activity that allows an attacker to gain domain admin credentials without sending any IP packets

D. A type of attack that utilizes strong encryption implementations to extract user passwords

25 / 97

What is the function of the STARTTLS command in SMTP?

A. It is used to start a Transport Layer Security (TLS) connection to an email server.

B. It is used to denote the email address of the sender.

C. It is used to verify whether a user’s email mailbox exists.

D. It is used to reset (cancel) an email transaction.

26 / 97

Which of the following vulnerabilities can be found in the NetBIOS, LLMNR, and SMB protocols in relation to name resolution?

A. Implementing weak encryption methods

B. LLMNR traffic over UDP port 5355 and NBT-NS traffic over UDP port 137 can be manipulated by unauthorized attackers

C. The protocols do not support large network environments

D. The protocols are accessible through HTTP and might be affected by cross-site scripting (XSS)

27 / 97

What is the function of the ’airmon-ng check kill’ command in the context of exploiting wireless networks?

A. It checks the wireless network for potential vulnerabilities

B. It halts any interfering processes while the wireless network interface is in monitoring mode

C. It deauthenticates a wireless client from a legitimate AP to perform a DoS condition

D. It captures and listens for SSIDs and wireless network traffic

28 / 97

What is a critical step in executing a DNS cache poisoning attack?

A. The victim accidentally provides the attacker with administrative credentials

B. The attacker corrupts the data of the DNS server cache to impersonate a particular website

C. The attacker physically accesses the victim’s computer to change the DNS settings

D. The DNS server rejects the victim’s request for the IP address of a certain domain

29 / 97

Which command is required to configure IP address of the remote host that is going to be exploited by the EternalBlue exploit in Metasploit?

A. set LHOST

B. set RHOST

C. set IPHOST

D. set REMOTEHOST

30 / 97

Which of the following SMTP commands is used to initiate a Transport Layer Security (TLS) connection to an email server?

A. HELP

B. STARTTLS

C. EXPN

D. AUTH

31 / 97

What command is used in Kali Linux to find known SMTP exploits?

A. searchvuln smtp

B. vulnsearch smtp

C. searchsmtp vuln

D. searchsploit smtp

32 / 97

What is a potential vulnerability of Network Access Control (NAC) as discussed in the passage?

A. It cannot detect ARP requests and DHCP requests generated by endpoints.

B. It is not compatible with 802.1X for identity management.

C. It does not support client-based agents for endpoint security posture assessments.

D. Attackers can spoof authorized MAC addresses to bypass a NAC configuration.

33 / 97

What tool, part of the Aircrack-ng suite, is used to launch a deauthentication attack as described in the provided text?

A. aireplay-ng

B. airodump-ng

C. airmon-ng

D. kismet

34 / 97

What is a SYN flood attack in the context of Direct DoS Attacks?

A. It is when a DoS condition is typically caused by exploiting vulnerabilities such as buffer overflows to cause a server or even a network infrastructure device to crash.

B. It is when cybercriminals use DoS and DDoS attacks to incur added costs for the victim utilizing cloud services by creating increased usage and resource expenditure.

C. It is when attackers send numerous TCP SYN packets to the victim’s web server with the goal of oversaturating its connection bandwidth or depleting system resources.

D. It is when a botnet is used to launch a DDoS attack against the victim server.

35 / 97

What is a Downgrade Attack in the context of network security?

A. An attack where an intruder gains physical access to lower layers of network infrastructure.

B. An attack where an intruder forces a system to use a weak encryption protocol or hashing algorithm.

C. An attack where an intruder deliberately reduces the bandwidth of the targeted network.

D. An attack where an intruder plants a lower version of software with known vulnerabilities.

36 / 97

Which command is used to initiate a Transport Layer Security (TLS) connection to an email server?

A. STARTTLS

B. AUTH

C. MAIL

D. RCPT

37 / 97

What is SMTP open relay often used for?

A. To send emails only from the domain server

B. Accept and send emails from any user

C. Block SMTP requests

D. Encrypt emails

38 / 97

What does the ’EternalBlue’ exploit allow a successful attacker to do?

A. Inject malicious code into a system.

B. Launch a DDoS attack.

C. Steal user credentials.

D. Collect information about all systems on the network.

39 / 97

What is the main difference between a Password Spraying attack and a Credential Stuffing attack?

A. Password Spraying attacks use a list of usernames with default passwords and Credential Stuffing uses usernames and passwords exposed in previous breaches

B. Password Spraying attacks are done manually and Credential Stuffing attacks are automated

C. Password Spraying attacks are legal and Credential Stuffing attacks are not

D. Password Spraying attacks can only attack applications while Credential Stuffing attacks can only attack systems

40 / 97

What is one way an attacker can conduct a BGP hijacking attack?

A. By launching a robust denial of service attack on the router

B. By flooding the network with spurious packets

C. By configuring an edge router to announce unassigned prefixes

D. By installing a rootkit malware in the router

41 / 97

What is the purpose of jamming wireless signals or causing wireless network interference?

A. To create a slow network condition

B. To create a full or partial DoS condition

C. To bypass network security measures

D. To steal sensitive data

42 / 97

Which TCP port is defined for use with Secure SMTP (SSMTP) protocol for encrypted communications, in accordance with RFC 2487?

A. TCP port 25

B. TCP port 465

C. TCP port 587

D. TCP port 993

43 / 97

What is the function of the RHOST in the context of the EternalBlue SMB exploit in Metasploit?

A. It specifies the IP address of the victim system.

B. It sets up the port to which the payload will be delivered.

C. It is the entity that leaked the EternalBlue exploit.

D. It defines the password necessary for the exploit.

44 / 97

Which one of the following is a common mitigation technique for ARP cache poisoning attacks?

A. Deploying access control lists (ACLs)

B. Using Spanning Tree Protocol (STP) manipulation

C. Configuring switch ports as access ports

D. Utilizing Dynamic ARP Inspection (DAI) on switches

45 / 97

What is a valid vulnerability WPA and WPA2 are susceptible to that can be exploited by an attacker?

A. Outdated SSL certificates on the wireless devices

B. Inherent vulnerabilities of the IPv6 addressing scheme

C. Capturing the WPA four-way handshake and brute-forcing the WPA PSK

D. Manipulation of encrypted data without needing the decryption key

46 / 97

What is the purpose of the ’searchsploit’ command used in Kali Linux?

A. To find known vulnerabilities in a system

B. To establish an SMTP connection

C. To launch a denial of service attack

D. To install new exploits on the system

47 / 97

What is the purpose of the ’set RHOST’ and ’set LHOST’ commands in the context of the EternalBlue exploit in Metasploit?

A. To specify the IP address of the target machine and the IP address the victim should communicate with after exploitation

B. To specify the victim’s username and password

C. To set up a meterpreter session

D. To display all configurable options for the EternalBlue exploit

48 / 97

What is a consequence of successful exploitation of the KRACK vulnerabilities in WPA and WPA2?

A. Attackers can increase the speed of their network connection

B. Attackers can cause the access point to crash

C. Attackers can reinstall a previously used encryption or integrity key

D. Attackers can install malicious software on the access point

49 / 97

Which of the following TCP ports is used by the non-encrypted SMTP protocol for server-to-server communication?

A. TCP port 465

B. TCP port 587

C. TCP port 25

D. TCP port 110

50 / 97

Which of the following attacks involves an attacker spoofing MAC addresses to trick a victim into thinking the attacker’s Layer 2 address is the address of its default gateway?

A. SSLStrip attack

B. MAC spoofing

C. Packet storm attack

D. STP root switch manipulation

51 / 97

Which SMTP command is used to verify whether a user’s email mailbox exists?

A. RCPT

B. DATA

C. VRFY

D. MAIL

52 / 97

Which wireless attack configuration involves an attacker installing a rogue Access Point (AP) to fool users and create a backdoor into a network?

A. Evil Twin Attacks

B. Packet Filtering

C. Rogue Access Points

D. Cryptographic Protocols

53 / 97

Which step of a WPA password attack as illustrated in the example involves capturing all the traffic to a capture file?

A. Step 1

B. Step 2

C. Step 3

D. Step 4

54 / 97

Which of the following is NOT an example of network-based attacks and exploits?

A. Distributed Denial-of-Service (DDoS) attacks

B. File Transfer Protocol (FTP) vulnerabilities and exploits

C. Buffer Overflow attacks

D. On-path attacks (previously known as man-in-the-middle [MITM] attacks)

55 / 97

In the context of wireless fragmentation attacks, what is the function of the PRGA?

A. To recover the WEP key

B. To generate packets with specific tools

C. To forge an ARP packet

D. To disable WEP encryption

56 / 97

Which of the following wireless security protocols is particularly susceptible to Initialization Vector (IV) attacks?

A. WPA3

B. WEP

C. WPA2

D. AES

57 / 97

What is the use of the VRFY SMTP command during a penetrative test?

A. It is used to start a Transport Layer Security (TLS) connection to an email server.

B. It is used to authenticate a client to the server.

C. It is used to verify whether a user’s email mailbox exists.

D. It is used to initiate a conversation with an Extended SMTP (ESMTP) server.

58 / 97

What is ARP cache poisoning sometimes also referred to as?

A. ARP inappropriate

B. ARP meddling

C. ARP spoofing

D. ARP cloaking

59 / 97

Which of the following attacks can impact Bluetooth Low Energy (BLE) communications?

A. DNS spoofing

B. ARP poisoning

C. Phishing

D. On-path attacks and DoS attacks

60 / 97

What is the function of TCP port 995?

A. It is used by POP3 protocol for non-encrypted communications

B. It is used by the POP3 protocol for encrypted communications.

C. It is the default port for SMTP over SSL.

D. It is the port used by the IMAP.

61 / 97

Which one of the following tools from Aircrack-ng suite, can be used to sniff and analyze wireless network traffic?

A. Airmon-ng

B. KisMAC

C. Kismet

D. Airodump-ng

62 / 97

Which of the following is NOT a basic element of the Kerberos implementation?

A. Client

B. Server

C. Key Retriever

D. Key distribution center (KDC)

63 / 97

Which of the following SMTP commands is used to verify whether a user’s email mailbox exists?

A. EXPN

B. AUTH

C. VRFY

D. STARTTLS

64 / 97

What is war driving?

A. An attack using drones to discover wireless networks

B. A method used by attackers to find wireless access points by moving around

C. A popular site for attackers to upload Wi-Fi network information

D. An attack that involves stealing large amounts of data in a short period of time

65 / 97

Which method is used by an attacker to recover the WEP Pre-shared Key (PSK)?

A. Collecting enough wireless data traffic from the air by listening to all communications directed to the BSSID.

B. Using the Aircrack-ng suite to decipher the PSK code.

C. Using wireless network devices that support WEP protocol.

D. Force entering the key into every packet sent to the network.

66 / 97

What does a DHCP starvation attack involve?

A. An attacker broadcasts a large number of DHCP REQUEST messages with spoofed source MAC addresses

B. An attacker broadcasts a large number of DHCP REQUEST messages with genuine source MAC addresses

C. An attacker generates a large number of DHCP REQUEST messages but doesn’t broadcast them

D. An attacker broadcasts a small number of DHCP REQUEST messages with spoofed source MAC addresses

67 / 97

What makes wireless devices vulnerable to brute-force attacks in the context of Wi-Fi Protected Setup (WPS)?

A. The printed PIN is easily visible

B. Most systems allow unlimited incorrect PIN attempts

C. The WPA PSK generation process requires too much user interaction

D. The Reaver tool is publicly available for download

68 / 97

The WPA3 protocol introduced a new handshake that uses Extensible Authentication Protocol (EAP) for authentication. What is it commonly referred to as?

A. Snakewave handshake

B. Dragonfly handshake

C. Quantum handshake

D. Vortex handshake

69 / 97

Which SMTP command is used to initiate a Transport Layer Security (TLS) connection to an email server?

A. AUTH

B. HELO

C. STARTTLS

D. RCPT

70 / 97

Which protocol is considered more secure and modern compared to Simple Network Management Protocol (SNMP)?

A. TCP/IP

B. NETCONF

C. SCP

D. HTTP

71 / 97

What best describes the pass-the-hash attack in context of network exploitation?

A. It is an attack where the attacker figures out the user’s password from a hash.

B. It is an attack where the attacker tries to block the Kerberos communication with a firewall.

C. It is an attack where the attacker uses a password hash from a compromised system to log in elsewhere.

D. It is an attack where the attacker changes the NTLM version from NTLMv2 to NTLMv1.

72 / 97

What is the purpose of the ’set RHOST’ and ’set LHOST’ commands in the context of using the EternalBlue exploit in Metasploit?

A. The ’set RHOST’ is used to set the IP address of the remote system to be exploited, while the ’set LHOST’ is used to set the IP address that the victim will communicate with after exploitation.

B. Both ’set RHOST’ and ’set LHOST’ are used to configure the IP addresses of the local and remote servers, respectively.

C. ’Set RHOST’ is used to determine the rmote port, while ’set LHOST’ is used to set the local port of the Metasploit framework.

D. ’Set RHOST’ and ’set LHOST’ are used to specify the username and password for SMB authentication respectively.

73 / 97

Which SMTP command is used to authenticate a client to the server?

A. HELO

B. EHLO

C. AUTH

D. RCPT

74 / 97

What is the TCP port number used by the default port in SMTP for non-encrypted communications?

A. TCP port 25

B. TCP port 587

C. TCP port 465

D. TCP port 110

75 / 97

What is the purpose of the EternalBlue exploit in the context of penetration testing?

A. To secure the SMB systems

B. To compromise the target system and execute arbitrary code

C. To identify the vulnerabilities in the SMB systems.

D. To patch the vulnerabilities in the SMB systems.

76 / 97

Which of the following tools can be used to launch a credential harvesting attack by spoofing DNS replies and diverting a user to an attacker’s local system?

A. Wireshark

B. Nmap

C. Ettercap

D. Nessus

77 / 97

Which SMTP command is used to initiate a Transport Layer Security (TLS) connection to an email server?

A. RSET

B. STARTTLS

C. AUTH

D. DATA

78 / 97

What is a common vulnerability in LLMNR and how can an attacker exploit it?

A. LLMNR allows hosts on the same local link to perform name resolution for other hosts, which can be exploited by an attacker to impersonate a host and gain unauthorized access to sensitive data.

B. LLMNR uses UDP port 5355, which can often be unprotected and exploited by an attacker to inject malicious data packets.

C. LLMNR allows for name resolution on a victim system. An attacker can spoof an authoritative source for name resolution, manipulate the victim’s system and gather sensitive information.

D. LLMNR and NetBIOS can be easily disabled by an attacker causing disruption in network services.

79 / 97

What is the purpose of configuring the RHOST and LHOST when using the EternalBlue exploit in Metasploit?

A. To specify the IP addresses of the email servers for sending exploit notifications

B. To specify the IP addresses of the attacker’s system and the target system

C. To specify the source and destination IP addresses for routing exploit traffic through a network

D. To specify the IP addresses of backup servers in case the exploitation fails

80 / 97

What does the EternalBlue exploit, when used successfully, allow?

A. Allows a remote attacker to view the system’s files without permissions

B. Allows a remote attacker to compromise the system and execute arbitrary code

C. Allows a remote attacker to shut down the system remotely

D. Allows a remote attacker to overwrite the system’s files

81 / 97

Why is UDP often used as the transport mechanism in reflected DoS and DDoS attacks?

A. Because it lacks a three-way handshake

B. Because it includes a three-way handshake

C. Because it includes a two-way handshake

D. Because it lacks a two-way handshake

82 / 97

What is the purpose of the SMTP ’HELO’ command?

A. Used to initiate the transfer of the contents of an email message.

B. Used to authenticate a client to the server.

C. Used to initiate an SMTP conversation with an email server.

D. Used to start a Transport Layer Security (TLS) connection to an email server.

83 / 97

What can an attacker achieve by causing legitimate wireless clients to deauthenticate from an authentic wireless access point?

A. Forcing the client to connect to an evil twin

B. Stealing the wireless access point’s SSID

C. Listening to and capturing the wireless client’s packets

D. Configuring wireless passive tools like Kismet or KisMAC

84 / 97

Which protocol is used primarily by Microsoft Windows for host identification?

A. Network Basic Input/Output System (NetBIOS)

B. Domain Name System (DNS)

C. Link-Local Multicast Name Resolution (LLMNR)

D. UDP port 137

85 / 97

In the context of wireless network attacks, what is the purpose of a Preferred Network List (PNL) attack?

A. To overload the network with traffic

B. To force the client to connect to the attackers’ wireless devices

C. To weaken the SSID encryption

D. To obtain the IP address of the client’s device

86 / 97

What is one major flaw in implementations of Simple Network Management Protocol (SNMP)?

A. SNMP uses UDP port 161, which is insecure.

B. Many users leave weak or default SNMP credentials in networking devices.

C. SNMPv3 is less secure than all previous SNMP versions.

D. SNMP does not support the use of passwords, only community strings.

87 / 97

What is the vulnerability in LLMNR involving an attacker spoofing an authoritative source for name resolution?

A. The attacker can brute-force the native Windows firewall

B. The attacker can create fake accounts on the domain

C. The attacker sends malware to the printer

D. The attacker manipulates the victim’s system by responding to the LLMNR traffic and receives the username and NTLMv2 hash

88 / 97

What method or software is used to determine the type and version of an FTP server during a vulnerability assessment?

A. Metasploit

B. Wireshark

C. AES

D. Nmap

89 / 97

What is an amplification attack in the context of DDoS?

A. It is a type of DDoS attack where the attacker sends small packets and gets larger responses.

B. It is a type of DDoS attack where the victim’s machine sends large packets and gets smaller responses.

C. It is a type of DDoS attack where the attacker sends large packets and gets small responses.

D. It is a type of DDoS attack where the victim’s machine gets flooded by small packets.

90 / 97

What is the main method used in a KARMA attack to intercept wireless traffic?

A. Using strong passwords to control access to the network.

B. Creating a rogue AP to intercept probe requests from wireless devices.

C. Limiting the number of devices that can connect to a single network.

D. Implementing firewall rules that block malicious devices.

91 / 97

What command is used to start a Transport Layer Security (TLS) connection to an email server during an SMTP conversation?

A. HELO

B. STARTTLS

C. RCPT

D. AUTH

92 / 97

What is a common mitigation method used to prevent ARP cache poisoning attacks?

A. Deploying access control lists (ACLs)

B. Using Dynamic Address Resolution Protocol (ARP) Inspection (DAI)

C. Implementing 802.1X for user authentication

D. Allowing Dynamic Trunking Protocol (DTP)

93 / 97

What type of activity does an on-path attack involve?

A. An attacker isolates himself or herself from two communicating devices or individuals.

B. An attacker places himself or herself between two communicating devices or individuals.

C. An attacker impedes the communication between two devices or individuals.

D. An attacker eliminates the communication pathway between two devices or individuals.

94 / 97

What is a common vulnerability within the LLMNR protocol?

A. The protocol allows for unlimited reconnect attempts

B. The protocol does not support hashed passwords

C. The protocol is susceptible to spoofing by an attacker

D. The protocol has a limitation in the number of hosts it can support

95 / 97

Which TCP port is used by the IMAP protocol for non-encrypted communications?

A. TCP port 25

B. TCP port 587

C. TCP port 143

D. TCP port 465

96 / 97

Which SMTP command is used to authenticate a client to the server?

A. STARTTLS

B. AUTH

C. RCPT

D. MAIL

97 / 97

Which tool does an attacker use to perform a deauthentication attack against a wireless network, specifically in the context of cracking a WPA PSK?

A. Aircrack-ng

B. Airmon-ng

C. Aireplay-ng

D. Wireshark

Your score is

Share the Post:

Download Your FREE CompTIA PenTest+(PT0-002) Anki Deck!

Email issues? [ [email protected] ]

Share the Post:

Advance your knowledge of exploiting wired and wireless networks with our CompTIA PenTest+ Chapter 05 practice questions.

This chapter covers network protocols, security weaknesses, and exploitation techniques for both wired and wireless networks.
Master these concepts to excel in network penetration testing.
Access our Free Anki decks for comprehensive preparation.
For official resources, visit CompTIA’s website.

After mastering this chapter, don’t forget to check out Chapter 06: Exploiting Application-Based Vulnerabilities to further your learning.

WGU Master’s Degree Rankings 2026 | I Asked 3 AIs 300 Times to Find the Best One
Table of Contents Which WGU Master’s Degree Is Actually Worth It? If you’re considering a master’s degree from WGU and can’t figure out which program to choose — cybersecurity, software engineering, AI/ML, data analytics — you’re not alone. The options are overwhelming, and most comparisons online are either outdated or purely opinion-based. So here’s a […]
How I Made $1.3 Million in Cybersecurity (With Exact Revenue Numbers)
Table of Contents If you’re stuck at $50K–$100K and wondering, “How the hell do people make seven figures?” this is for you.I’m Josh Madakor. In 2025, I made $1.3 million in cybersecurity. Not from a corporate job. Not from VC funding. And definitely not from selling a bullshit course.In this article, I’ll break down everything: […]
The Best Laptops for Cyber Security in 2026: Stop Over-Analyzing, Start Building
Table of Contents Let’s be real: most people think that to get into cyber security, you need to be a “super elite hacker” running 10 different virtual machines on a glowing, heavy-duty gaming laptop. Spoiler alert: That’s just not how the industry works. I’ve spent years in roles ranging from Senior Analyst to Security Engineer, […]

Hands-on
Cybersecurity Training
in a LIVE SOC
with Enterprise Security Tools

Internships Available.

Join Now!

Free CompTIA PenTest+ PT0-002: 05 Exploiting Networks + Anki Cards

Download Your FREE CompTIA PenTest+(PT0-002) Anki Deck!

Related Posts

Hands-onCybersecurity Training in a LIVE SOCwith Enterprise Security ToolsInternships Available.

Hands-on
Cybersecurity Training
in a LIVE SOC
with Enterprise Security Tools

Internships Available.