Best October Special Limited Time 50% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: c4s50disc

PT0-001 PDF

$47.5

$94.99

3 Months Free Update

  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions

PT0-001 PDF + Testing Engine

$70

$139.99

3 Months Free Update

  • Exam Name: CompTIA PenTest+ Exam
  • Last Update: Oct 19, 2021
  • Questions and Answers: 248
  • Free Real Questions Demo
  • Recommended by Industry Experts
  • Best Economical Package
  • Immediate Access

PT0-001 Engine

$55

$109.99

3 Months Free Update

  • Best Testing Engine
  • One Click installation
  • Recommended by Teachers
  • Easy to use
  • 3 Modes of Learning
  • State of Art Technology
  • 100% Real Questions included

PT0-001 CompTIA PenTest+ Exam Questions and Answers

Question # 4

Which of the following types of intrusion techniques is the use of an “under-the-door tool” during a physical

security assessment an example of?

A.

Lockpicking

B.

Egress sensor triggering

C.

Lock bumping

D.

Lock bypass

Full Access
Question # 5

Instructions:

Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

You are a security analyst tasked with hardening a web server.

You have been given a list of HTTP payloads that were flagged as malicious.

Full Access
Question # 6

A penetration tester notices that the X-Frame-Optjons header on a web application is not set. Which of the following would a malicious actor do to exploit this configuration setting?

A.

Use path modification to escape the application's framework.

B.

Create a frame that overlays the application.

C.

Inject a malicious iframe containing JavaScript.

D.

Pass an iframe attribute that is malicious.

Full Access
Question # 7

Which of the following attacks is commonly combined with cross-site scripting for session hijacking?

A.

CSRF

B.

Clickjacking

C.

SQLI

D.

RFI

Full Access
Question # 8

A penetration tester has successfully deployed an evil twin and is starting to see some victim traffic. The next

step the penetration tester wants to take is to capture all the victim web traffic unencrypted. Which of the

following would BEST meet this goal?

A.

Perform an HTTP downgrade attack.

B.

Harvest the user credentials to decrypt traffic.

C.

Perform an MITM attack.

D.

Implement a CA attack by impersonating trusted CAs.

Full Access
Question # 9

When communicating the findings of a network vulnerability scan to a client's IT department which of the following metrics BEST prioritize the severity of the findings? (Select TWO)

A.

Threat map statistics

B.

CVSS scores

C.

Versions of affected software

D.

Media coverage prevalence

E.

Impact criticality

F.

Ease of remediation

Full Access
Question # 10

A constant wants to scan all the TCP Pots on an identified device. Which of the following Nmap switches will complete this task?

A.

-p-

B.

-p ALX,

C.

-p 1-65534

D.

-port 1-65534

Full Access
Question # 11

A penetration tester delivers a web application vulnerability scan report to a client. The penetration tester rates a vulnerability as medium severity. The same vulnerability was reported as a critical severity finding on the previous report. Which of the following is the MOST likely reason for the reduced severity?

A.

The client has applied a hot fix without updating the version.

B.

The threat landscape has significantly changed.

C.

The client has updated their codebase with new features.

D.

Thera are currently no known exploits for this vulnerability.

Full Access
Question # 12

Which of the following can be used to perform online password attacks against RDP?

A.

Hashcat

B.

John the Rippef

C.

Aircrack-ng

D.

Ncrack

Full Access
Question # 13

An attacker is attempting to gain unauthorized access to a WiR network that uses WPA2-PSK Which of the following attack vectors would the attacker MOST likely use?

A.

Capture a three-way handshake and crack it

B.

Capture a mobile device and crack its encryption

C.

Create a rogue wireless access point

D.

Capture a four-way handshake and crack it

Full Access
Question # 14

A recently concluded penetration test revealed that a legacy web application is vulnerable lo SQL injection Research indicates that completely remediating the vulnerability would require an architectural change, and the stakeholders are not m a position to risk the availability of the application Under such circumstances, which of the following controls are low-effort, short-term solutions to minimize the SQL injection risk? (Select TWO).

A.

Identity and eliminate inline SQL statements from the code.

B.

Identify and eliminate dynamic SQL from stored procedures.

C.

Identify and sanitize all user inputs.

D.

Use a whitelist approach for SQL statements.

E.

Use a blacklist approach for SQL statements.

F.

Identify the source of malicious input and block the IP address.

Full Access
Question # 15

A security assessor completed a comprehensive penetration test of a company and its networks and systems.

During the assessment, the tester identified a vulnerability in the crypto library used for TLS on the company's

intranet-wide payroll web application. However, the vulnerability has not yet been patched by the vendor,

although a patch is expected within days. Which of the following strategies would BEST mitigate the risk of

impact?

A.

Modify the web server crypto configuration to use a stronger cipher-suite for encryption, hashing, and

digital signing.

B.

Implement new training to be aware of the risks in accessing the application. This training can be

decommissioned after the vulnerability is patched.

C.

Implement an ACL to restrict access to the application exclusively to the finance department. Reopen the

application to company staff after the vulnerability is patched.

D.

Require payroll users to change the passwords used to authenticate to the application. Following the

patching of the vulnerability, implement another required password change.

Full Access
Question # 16

Which of the following documents BEST describes the manner in which a security assessment will be conducted?

A.

BIA

B.

SOW

C.

SLA

D.

MSA

Full Access
Question # 17

Which of the following commands will allow a tester to enumerate potential unquoted services paths on a host?

A.

wmic environment get name, variablevalue, username / findstr /i “Path” | findstr /i “service”

B.

wmic service get /format:hform > c:\temp\services.html

C.

wmic startup get caption, location, command | findstr /i “service” | findstr /v /i “%”

D.

wmic service get name, displayname, patchname, startmode | findstr /i “auto” | findstr /i /v “c:\windows\\” | findstr /i /v “””

Full Access
Question # 18

Joe, a penetration tester, has received basic account credentials and logged into a Windows system. To escalate his privilege, from which of the following places is he using Mimikatz to pull credentials?

A.

LSASS

B.

SAM database

C.

Active Directory

D.

Registry

Full Access
Question # 19

Given the following Python script:

#1/usr/bin/python

import socket as skt

for port in range (1,1024):

try:

sox=skt.socket(skt.AF.INET,skt.SOCK_STREAM)

sox.settimeout(1000)

sox.connect ((‘127.0.0.1’, port))

print ‘%d:OPEN’ % (port)

sox.close

except: continue

Which of the following is where the output will go?

A.

To the screen

B.

To a network server

C.

To a file

D.

To /dev/null

Full Access
Question # 20

Which of the following CPU registers does the penetration tester need to overwrite in order to exploit a simple

buffer overflow?

A.

Stack pointer register

B.

Index pointer register

C.

Stack base pointer

D.

Destination index register

Full Access
Question # 21

If a security consultant comes across a password hash that resembles the following

b117 525b3454 7Oc29ca3dBaeOb556ba8

Which of the following formats is the correct hash type?

A.

Kerberos

B.

NetNTLMvl

C.

NTLM

D.

SHA-1

Full Access
Question # 22

A penetration tester has performed a security assessment for a startup firm. The report lists a total of ten

vulnerabilities, with five identified as critical. The client does not have the resources to immediately remediate

all vulnerabilities. Under such circumstances, which of the following would be the BEST suggestion for the client?

A.

Apply easy compensating controls for critical vulnerabilities to minimize the risk, and then reprioritize

remediation.

B.

Identify the issues that can be remediated most quickly and address them first.

C.

Implement the least impactful of the critical vulnerabilities' remediations first, and then address other critical

vulnerabilities

D.

Fix the most critical vulnerability first, even if it means fixing the other vulnerabilities may take a very long

lime.

Full Access
Question # 23

In which of the following scenarios would a tester perform a Kerberoasting attack?

A.

The tester has compromised a Windows device and dumps the LSA secrets.

B.

The tester needs to retrieve the SAM database and crack the password hashes.

C.

The tester has compromised a limited-privilege user and needs to target other accounts for lateral

movement.

D.

The tester has compromised an account and needs to dump hashes and plaintext passwords from the

system.

Full Access
Question # 24

A malicious user wants to perform an MITM attack on a computer. The computer network configuration is given below:

IP: 192.168.1.20

NETMASK: 255.255.255.0

DEFAULT GATEWAY: 192.168.1.254

DHCP: 192.168.1.253

DNS: 192.168.10.10, 192.168.20.10

Which of the following commands should the malicious user execute to perform the MITM attack?

A.

arpspoof -c both -r -t 192.168.1.1 192.168.1.20

B.

B. arpspoof -t 192.168.1.20 192.168.1.254

C.

arpspoof -c both -t 192.168.1.20 192.168.1.253

D.

arpspoof -r -t 192 .168.1.253 192.168.1.20

Full Access
Question # 25

A security assessor is attempting to craft specialized XML files to test the security of the parsing functions

during ingest into a Windows application. Before beginning to test the application, which of the following should

the assessor request from the organization?

A.

Sample SOAP messages

B.

The REST API documentation

C.

A protocol fuzzing utility

D.

An applicable XSD file

Full Access
Question # 26

During an internal network penetration test, a tester recovers the NTLM password hash tor a user known to have full administrator privileges on a number of target systems Efforts to crack the hash and recover the plaintext password have been unsuccessful Which of the following would be the BEST target for continued exploitation efforts?

A.

Operating system Windows 7

Open ports: 23, 161

B.

Operating system Windows Server 2016

Open ports: 53, 5900

C.

Operating system Windows 8 1

Open ports 445, 3389

D.

Operating system Windows 8

Open ports 514, 3389

Full Access
Question # 27

A penetration tester was able to enter an SQL injection command into a text box and gain access to the information store on the database. Which of the following is the BEST recommendation that would mitigate the vulnerability?

A.

Randomize the credentials used to log in

B.

Install host-based intrusion detection

C.

Implement input normalization

D.

Perform system hardening

Full Access
Question # 28

Which of the following is the purpose of an NDA?

A.

Outlines the terms of confidentiality between both parties

B.

Outlines the boundaries of which systems are authorized for testing

C.

Outlines the requirements of technical testing that are allowed

D.

Outlines the detailed configuration of the network

Full Access
Question # 29

A company’s corporate policies state that employees are able to scan any global network as long as it is done within working hours. Government laws prohibit unauthorized scanning. Which of the following should an employee abide by?

A.

Company policies must be followed in this situation

B.

Laws supersede corporate policies

C.

Industry standards receding scanning should be followed

D.

The employee must obtain written approval from the company's Chief Information Security Officer (ClSO) prior to scanning

Full Access
Question # 30

Click the exhibit button.

Given the Nikto vulnerability, scan output shown in the exhibit, which of the following exploitation techniques might be used to exploit the target system? (Choose two.)

A.

Arbitrary code execution

B.

Session hijacking

C.

SQL injection

D.

Login credential brute-forcing

E.

Cross-site request forgery

Full Access