Labour Day Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtreat

Note! Following PT0-001 Exam is Retired now. Please select the alternative replacement for your Exam Certification. The new exam code is PT0-002

PT0-001 CompTIA PenTest+ Exam Questions and Answers

Questions 4

A static code analysis report of a web application can be leveraged to identify:

Options:

A.

business logic flaws.

B.

insufficient input sanitization.

C.

session fixation issues.

D.

client-side data storage.

E.

clickjacking.

Buy Now
Questions 5

Which of the following BEST describes the difference between a red team engagement and a penetration test?

Options:

A.

A penetration test has a broad scope and emulates advanced persistent threats while a red team engagement has a limited scope and focuses more on vulnerability identification

B.

A red team engagement has a broad scope and emulates advanced persistent threats, while a penetration test has a limited scope and focuses more on vulnerability identification

C.

A red team engagement has a broad scope and focuses more on vulnerability identification, while a penetration test has a limited scope and emulates advanced persistent threats

D.

A penetration test has a broad scope and focuses more on vulnerability identification while a red team engagement has a limited scope and emulates advanced persistent threats

Buy Now
Questions 6

A penetration tester is required to exploit a WPS implementation weakness. Which of the following tools will perform the attack?

Options:

A.

Karma

B.

Kismet

C.

Pixie

D.

NetStumbler

Buy Now
Questions 7

A penetration testing company was hired to conduct a penetration test against Company A's network of 20.10.10.0/24 and mail.companyA.com. While the penetration testing company was in the information gathering phase, it was discovered that the mail.companyA.com IP address resolved to 20.15.1.2 and belonged to Company B. Which of the following would be the BEST solution to conduct penetration testing against mail.companyA.com?

Options:

A.

The penetration tester should conduct penetration testing against mail.companyA.com because the domain name is in scope.

B.

The penetration tester should ask Company A for a signed statement giving permission to conduct a test against mail.companyA.com.

C.

The penetration tester should ignore mail.companyA.com testing and complete only the network range 20.10.10.0/24.

D.

The penetration tester should only use passive open source intelligence gathering methods leveraging publicly available information to analyze mail.companyA.com.

Buy Now
Questions 8

Which of the following types of intrusion techniques is the use of an “under-the-door tool” during a physical

security assessment an example of?

Options:

A.

Lockpicking

B.

Egress sensor triggering

C.

Lock bumping

D.

Lock bypass

Buy Now
Questions 9

A penetration tester is attempting to scan a legacy web application using the scanner's default scan settings. The scans continually result in the application becoming unresponsive. Which of the following can help to alleviate this issue?

Options:

A.

Packet shaping

B.

Flow control

C.

Bandwidth limits

D.

Query throttling

Buy Now
Questions 10

An internal network penetration test is conducted against a network that is protected by an unknown NAC system In an effort to bypass the NAC restrictions the penetration tester spoofs the MAC address and hostname of an authorized system Which of the following devices if impersonated would be MOST likely to provide the tester with network access?

Options:

A.

Network-attached printer

B.

Power-over-Ethernet injector

C.

User workstation

D.

Wireless router

Buy Now
Questions 11

A penetration tester discovers Heartbleed vulnerabilities in a target network Which of the following impacts would be a result of exploiting this vulnerability?

Options:

A.

Code execution can be achieved on the affected systems

B.

Man-in-the-middle attacks can be used to eavesdrop cookie contents.

C.

The attacker can steal session IDs to impersonate other users

D.

Public certificate contents can be used lo decrypt traffic

Buy Now
Questions 12

A penetration tester reports an application is only utilizing basic authentication on an Internet-facing

application. Which of the following would be the BEST remediation strategy?

Options:

A.

Enable HTTP Strict Transport Security.

B.

Enable a secure cookie flag.

C.

Encrypt the communication channel.

D.

Sanitize invalid user input.

Buy Now
Questions 13

During post-exploitation, a tester identifies that only system binaries will pass an egress filter and store a file with the following command:

c: \creditcards.db>c:\winit\system32\calc.exe:creditcards.db

Which of the following file system vulnerabilities does this command take advantage of?

Options:

A.

Hierarchical file system

B.

Alternate data streams

C.

Backdoor success

D.

Extended file system

Buy Now
Questions 14

A penetration testing company is performing a penetration test against Company A. Company A has provided the IP address range 10.0.0.0/24 as its in-scope network range. During the information gathering phase, the penetration tester is asked to conduct active information-gathering techniques. Which of the following is the BEST tool to use for active information gathering?

Options:

A.

hping3

B.

theHarvester

C.

tcpdump

D.

Nmap

Buy Now
Questions 15

A penetration tester has gained access to a marketing employee's device. The penetration tester wants to

ensure that if the access is discovered, control of the device can be regained. Which of the following actions

should the penetration tester use to maintain persistence to the device? (Select TWO.)

Options:

A.

Place an entry in HKLM\Software\Microsoft\CurrentVersion\Run to call au57d.ps1.

B.

Place an entry in C:\windows\system32\drivers\etc\hosts for 12.17.20.10 badcomptia.com.

C.

Place a script in C:\users\%username\local\appdata\roaming\temp\au57d.ps1.

D.

Create a fake service in Windows called RTAudio to execute manually.

E.

Place an entry for RTAudio in HKLM\CurrentControlSet\Services\RTAudio.

F.

Create a schedule task to call C:\windows\system32\drivers\etc\hosts.

Buy Now
Questions 16

A penetration tester must assess a web service. Which of the following should the tester request during the scoping phase?

Options:

A.

XSD

B.

After-hours contact escalation

C.

WSDLfile

D.

SOAP project file

Buy Now
Questions 17

Given the following Python script:

Which of the following actions will it perform?

Options:

A.

ARP spoofing

B.

Port scanner

C.

Reverse shell

D.

Banner grabbing

Buy Now
Questions 18

An Internet-accessible database server was found with the following ports open: 22, 53, 110, 1433, and 3389. Which of the following would be the BEST hardening technique to secure the server?

Options:

A.

Ensure all protocols are using encryption.

B.

Employ network ACLs.

C.

Disable source routing on the server.

D.

Ensure the IDS rules have been updated.

Buy Now
Questions 19

Which of the following CPU register does the penetration tester need to overwrite in order to exploit a simple butter overflow?

Options:

A.

Stack pointer register

B.

Index pointer register

C.

Stack base pointer

D.

Destination index register

Buy Now
Questions 20

Which of the following BEST explains why it is important to maintain confidentiality of any identified findings when performing a penetration test?

Options:

A.

Penetration test findings often contain company intellectual property

B.

Penetration test findings could lead to consumer dissatisfaction if made pubic

C.

Penetration test findings are legal documents containing privileged information

D.

Penetration test findings can assist an attacker in compromising a system

Buy Now
Questions 21

A penetration tester is asked to scope an external engagement. Which of the following would be a valid target?

Options:

A.

104.45.98.126

B.

169.254. 67.23

C.

172.16.67.145

D.

192.168.47.231

Buy Now
Questions 22

A senior employee received a suspicious email from another executive requesting an urgent wire transfer.

Which of the following types of attacks is likely occurring?

Options:

A.

Spear phishing

B.

Business email compromise

C.

Vishing

D.

Whaling

Buy Now
Questions 23

A penetration tester is performing a code review. Which of the following testing techniques is being performed?

Options:

A.

Dynamic analysis

B.

Fuzzing analysis

C.

Static analysis

D.

Run-time analysis

Buy Now
Questions 24

A penetration tester attempts to perform a UDP port scan against a remote target using an Nmap tool installed onto a non-Kali Linux image. For some reason, the UDP scan falls to start. Which of the following would MOST likely help to resolve the issue?

Options:

A.

Install the latest version of the tool.

B.

Review local iptables for existing drop rules.

C.

Relaunch the tool with elevated privileges.

D.

Enable both IPv4 and IPv6 forwarding.

Buy Now
Questions 25

A company planned for and secured the budget to hire a consultant to perform a web application penetration test. Upon discovering vulnerabilities, the company asked the consultant to perform the following tasks:

  • Code review
  • Updates to firewall settings

Which of the following has occurred in this situation?

Options:

A.

Scope creep

B.

Post-mortem review

C.

Risk acceptance

D.

Threat prevention

Buy Now
Questions 26

Instructions:

Analyze the code segments to determine which sections are needed to complete a port scanning script.

Drag the appropriate elements into the correct locations to complete the script.

If at any time you would like to bring back the initial state of the simulation, please click the reset all button.

During a penetration test, you gain access to a system with a limited user interface. This machine appears to have access to an isolated network that you would like to port scan.

Options:

Buy Now
Questions 27

A penetration tester is scoping an engagement with a company that provided a list of firewall rules and a digital network diagram. Which of the following tests would require this data?

Options:

A.

Network segmentation test

B.

Network penetration test

C.

Network vulnerability scan

D.

Network baseline test

Buy Now
Questions 28

A penetration tester is able to move laterally throughout a domain with minimal roadblocks after compromising

a single workstation. Which of the following mitigation strategies would be BEST to recommend in the report?

(Select THREE).

Options:

A.

Randomize local administrator credentials for each machine.

B.

Disable remote logons for local administrators.

C.

Require multifactor authentication for all logins.

D.

Increase minimum password complexity requirements.

E.

Apply additional network access control.

F.

Enable full-disk encryption on every workstation.

G.

Segment each host into its own VLAN.

Buy Now
Questions 29

During a penetration test a tester Identifies traditional antivirus running on the exploited server. Which of the following techniques would BEST ensure persistence in a post-exploitation phase?

Options:

A.

Shell binary placed in C \windowsttemp

B.

Modified daemons

C.

New user creation

D.

Backdoored executaWes

Buy Now
Questions 30

A penetration tester is testing a banking application and uncovers a vulnerability. The tester is logged in as a non-privileged user who should have no access to any data. Given the data below from the web interception proxy

Request

POST /Bank/Tax/RTSdocuments/ HTTP 1.1

Host: test.com

Accept: text/html; application/xhtml+xml

Referrer: https://www.test.com/Bank/Tax/RTSdocuments/

Cookie: PHPSESSIONID: ;

Content-Type: application/form-data;

Response

403 Forbidden

Error:

Insufficient Privileges to view the data.

Displaying 1-10 of 105 records

Which of the following types of vulnerabilities is being exploited?

Options:

A.

Forced browsing vulnerability

B.

Parameter pollution vulnerability

C.

File upload vulnerability

D.

Cookie enumeration

Buy Now
Questions 31

After successfully capturing administrator credentials to a remote Windows machine, a penetration tester attempts to access the system using PSExec but is denied permission. Which of the following shares must be accessible for a successful PSExec connection?

Options:

A.

IPCS and C$

B.

C$ and ADMINS

C.

SERVICES and ADMINS

D.

ADMINS and IPCS

Buy Now
Questions 32

Which of the following describe a susceptibility present in Android-based commercial mobile devices when organizations are not employing MDM services? (Choose two.)

Options:

A.

Configurations are user-customizable.

B.

End users have root access to devices by default.

C.

Push notification services require Internet access.

D.

Unsigned apps can be installed.

E.

The default device log facility does not record system actions.

F.

IPSec VPNs are not configurable.

Buy Now
Questions 33

If a security consultant comes across a password hash that resembles the following

b117 525b3454 7Oc29ca3dBaeOb556ba8

Which of the following formats is the correct hash type?

Options:

A.

Kerberos

B.

NetNTLMvl

C.

NTLM

D.

SHA-1

Buy Now
Questions 34

When conducting reconnaissance against a target, which of the following should be used to avoid directory communicating with the target?

Options:

A.

Nmap tool

B.

Maltego community edition

C.

Nessus vulnerability scanner

D.

OpenVAS

E.

Melasploit

Buy Now
Questions 35

During the information gathering phase, a penetration tester discovers a spreadsheet that contains a domain administrator's credentials. In addition, port scanning reveals that TCP port 445 was open on multiple hosts. Which of the following methods would BEST leverage this information?

Options:

A.

telnet [target IP] 445

B.

ncat [target IP] 445

C.

nbtstat -a [targetIP] 445

D.

psexec [target IP]

Buy Now
Questions 36

When calculating the sales price of a penetration test to a client, which of the following is the MOST important aspect to understand?

Options:

A.

The operating cost

B.

The client's budget

C.

The required scope of work

D.

The non-disclosure agreement

Buy Now
Questions 37

In which of the following scenarios would a tester perform a Kerberoasting attack?

Options:

A.

The tester has compromised a Windows device and dumps the LSA secrets.

B.

The tester needs to retrieve the SAM database and crack the password hashes.

C.

The tester has compromised a limited-privilege user and needs to target other accounts for lateral

movement.

D.

The tester has compromised an account and needs to dump hashes and plaintext passwords from the

system.

Buy Now
Questions 38

A security consultant is trying to attack a device with a previously identified user account.

Which of the following types of attacks is being executed?

Options:

A.

Credential dump attack

B.

DLL injection attack

C.

Reverse shell attack

D.

Pass the hash attack

Buy Now
Questions 39

A system security engineer is preparing to conduct a security assessment of some new applications. The applications were provided to the engineer as a set that contains only JAR files. Which of the following would be the MOST detailed method to gather information on the inner working of these applications?

Options:

A.

Launch the applications and use dynamic software analysis tools, including fuzz testing

B.

Use a static code analyzer on the JAR filet to look for code Quality deficiencies

C.

Decompile the applications to approximate source code and then conduct a manual review

D.

Review the details and extensions of the certificate used to digitally sign the code and the application

Buy Now
Questions 40

Which of the following is the BEST way to deploy vulnerability scanners with many networks segmented by firewalls with active IPS rules?

Options:

A.

Deploy a single scanner inside each network segment.

B.

Deploy many scanners inside one segment and allow any rules.

C.

Deploy one internal scanner and one external scanner.

D.

Deploy one internal scanner with heavy server resources.

Buy Now
Questions 41

Which of the following exploits a vulnerability associated with IoT devices?

Options:

A.

Blue snarfing

B.

Simple certificate enrollment

C.

Heartbleed

D.

Mirai botnet

Buy Now
Questions 42

A security assessor is attempting to craft specialized XML files to test the security of the parsing functions

during ingest into a Windows application. Before beginning to test the application, which of the following should

the assessor request from the organization?

Options:

A.

Sample SOAP messages

B.

The REST API documentation

C.

A protocol fuzzing utility

D.

An applicable XSD file

Buy Now
Questions 43

During a penetration test, a tester runs a phishing campaign and receives a shell from an internal PC running Windows 10 OS. The tester wants to perform credential harvesting with Mimikatz.

Which of the following registry changes would allow for credential caching in memory?

Options:

A.

reg add HKLM\System\ControlSet002\Control\SecurityProviders\WDigest /v userLogoCredential /t REG_DWORD /d 0

B.

reg add HKCU\System\CurrentControlSet\Control\SecurityProviders\WDigest /v userLogoCredential /t REG_DWORD /d 1

C.

reg add HKLM\Software\CurrentControlSet\Control\SecurityProviders\WDigest /v userLogoCredential /t REG_DWORD /d 1

D.

reg add HKLM\System\CurrentControlSet\Control\SecurityProviders\WDigest /v userLogoCredential /t REG_DWORD /d 1

Buy Now
Questions 44

A penetration tester has compromised a system and wishes to connect to a port on it from the attacking machine to control the system Which of the following commands should the tester run on the compromised system?

Options:

A.

nc looalhot 4423

B.

nc -nvlp 4423 -« /bin/bash

C.

nc 10.0.0.1 4423

D.

nc 127.0.0.1 4423 -e /bin/bash

Buy Now

PenTest+ | PT0-001 Questions Answers | PT0-001 Test Prep | CompTIA PenTest+ Exam Questions PDF | PT0-001 Online Exam | PT0-001 Practice Test | PT0-001 PDF | PT0-001 Test Questions | PT0-001 Study Material | PT0-001 Exam Preparation | PT0-001 Valid Dumps | PT0-001 Real Questions | PenTest+ PT0-001 Exam Questions

Exam Code: PT0-001
Exam Name: CompTIA PenTest+ Exam
Last Update: Apr 14, 2023
Questions: 294