Labour Day - Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpm65

Hot Vendors
  1. Home
  2. CompTIA
  3. PenTest+
  4. PT0-001
  5. CompTIA PenTest+ Exam Questions and Answers
Note! The PT0-001 Exam is no longer available. Get in touch with our Live Chat or email us for more information about the PT0-002 Exam.

PT0-001 CompTIA PenTest+ Exam Questions and Answers

Questions 4

After a recent penetration test, a company has a finding regarding the use of dictionary and seasonal passwords by its employees. Which of the following is the BEST control to remediate the use of common dictionary terms?

Options:

A.

Expand the password length from seven to 14 characters

B.

Implement password history restrictions

C.

Configure password filters

D.

Disable the accounts after five incorrect attempts

E.

Decrease the password expiration window

Buy Now
Questions 5

A penetration tester has performed a vulnerability scan of a specific host that contains a valuable database and has identified the following vulnerabilities:

  • XSS
  • HTTP DELETE method allowed
  • SQL injection
  • Vulnerable to CSRF

To which of the following should the tester give the HIGHEST priority?

Options:

A.

SQL injection

B.

HTTP DELETE method allowed

C.

Vulnerable to CSRF

D.

XSS

Buy Now
Questions 6

During an engagement, a consultant identifies a number of areas that need further investigation and require an

extension of the engagement. Which of the following is the MOST likely reason why the engagement may not

be able to continue?

Options:

A.

The consultant did not sign an NDA.

B.

The consultant was not provided with the appropriate testing tools.

C.

The company did not properly scope the project.

D.

The initial findings were not communicated to senior leadership.

Buy Now
Questions 7

During a full-scope security assessment, which of the following is a prerequisite to social engineer a target by

physically engaging them?

Options:

A.

Locating emergency exits

B.

Preparing a pretext

C.

Shoulder surfing the victim

D.

Tailgating the victim

Buy Now
Questions 8

When performing active information reconnaissance, which of the following should be tested FIRST before starting the exploitation process?

Options:

A.

SQLmap

B.

TLS configuration

C.

HTTP verbs

D.

Input fields

Buy Now
Questions 9

A penetration tester is required to report installed shells on compromised systems. Which of the following is the reason?

Options:

A.

To allow another security consultant access to the shell

B.

To allow the developer to troubleshoot the vulnerability

C.

To allow the systems administrator to perform the cleanup

D.

To allow the systems administrator to write a rule on the WAF

Buy Now
Questions 10

A penetration tester has successfully exploited an application vulnerability and wants to remove the command history from the Linux session. Which of the following will accomplish this successfully?

Options:

A.

history --remove

B.

cat history I clear

C.

rm -f ./history

D.

history -c

Buy Now
Questions 11

An email sent from the Chief Executive Officer (CEO) to the Chief Financial Officer (CFO) states a wire transfer is needed to pay a new vendor. Neither is aware of the vendor, and the CEO denies ever sending the email. Which of the following types of motivation was used m this attack?

Options:

A.

Principle of fear

B.

Principle of authority

C.

Principle of scarcity

D.

Principle of likeness

E.

Principle of social proof

Buy Now
Questions 12

Which of the following tools would a penetration tester leverage to conduct OSINT? (Select TWO).

Options:

A.

Shodan

B.

SET

C.

BeEF

D.

Wireshark

E.

Maltego

F.

Dynamo

Buy Now
Questions 13

A penetration tester executed a vulnerability scan against a publicly accessible host and found a web server that is vulnerable to the DROWN attack. Assuming this web server is using the IP address 127.212.31.17, which of the following should the tester use to verify a false positive?

Options:

A.

Openssl s_client -tls1_2 -connect 127.212.31.17:443

B.

Openssl s_client -ss12 -connect 127.212.31.17:443

C.

Openssl s_client -ss13 -connect 127.212.31.17:443

D.

Openssl s_server -tls1_2 -connect 127.212.31.17:443

Buy Now
Questions 14

A penetration tester is performing a validation scan after an organization remediated a vulnerability on port 443 The penetration tester observes the following output:

PT0-001 Question 14

Which of the following has MOST likely occurred?

Options:

A.

The scan results were a false positive.

B.

The IPS is blocking traffic to port 443

C.

A mismatched firewall rule is blocking 443.

D.

The organization moved services to port 8443

Buy Now
Questions 15

A client has scheduled a wireless penetration test. Which of the following describes the scoping target

information MOST likely needed before testing can begin?

Options:

A.

The physical location and network ESSIDs to be tested

B.

The number of wireless devices owned by the client

C.

The client's preferred wireless access point vendor

D.

The bands and frequencies used by the client's devices

Buy Now
Questions 16

A penetration tester has compromised a Windows server and is attempting to achieve persistence. Which of the following would achieve that goal?

Options:

A.

schtasks.exe /create/tr “powershell.exe” Sv.ps1 /run

B.

net session server | dsquery -user | net use c$

C.

powershell && set-executionpolicy unrestricted

D.

reg save HKLM\System\CurrentControlSet\Services\Sv.reg

Buy Now
Questions 17

While conducting information gathering, a penetration tester is trying to identify Windows hosts. Which of the following characteristics would be BEST to use for fingerprinting?

Options:

A.

The system responds with a MAC address that begins with 00:0A:3B.

B.

The system responds with port 22 open.

C.

The system responds with a TTL of 128.

D.

The system responds with a TCP window size of 5840.

Buy Now
Questions 18

A penetration tester has performed a security assessment for a startup firm. The report lists a total of ten

vulnerabilities, with five identified as critical. The client does not have the resources to immediately remediate

all vulnerabilities. Under such circumstances, which of the following would be the BEST suggestion for the client?

Options:

A.

Apply easy compensating controls for critical vulnerabilities to minimize the risk, and then reprioritize

remediation.

B.

Identify the issues that can be remediated most quickly and address them first.

C.

Implement the least impactful of the critical vulnerabilities' remediations first, and then address other critical

vulnerabilities

D.

Fix the most critical vulnerability first, even if it means fixing the other vulnerabilities may take a very long

lime.

Buy Now
Questions 19

A security consultant receives a document outlining the scope of an upcoming penetration test. This document

contains IP addresses and times that each can be scanned. Which of the following would contain this information?

Options:

A.

Rules of engagement

B.

Request for proposal

C.

Master service agreement

D.

Business impact analysis

Buy Now
Questions 20

A penetration tester has run multiple vulnerability scans against a target system. Which of the following would be unique to a credentialed scan?

Options:

A.

Exploits for vulnerabilities found

B.

Detailed service configurations

C.

Unpatched third-party software

D.

Weak access control configurations

Buy Now
Questions 21

A security guard observes an individual entering the building after scanning a badge. The facility has a strict badge-in and badge-out requirement with a turnstile. The security guard then audits the badge system and finds two log entries for the badge in QUESTION NO: within the last 30 minutes. Which of the following has MOST likely occurred?

Options:

A.

The badge was cloned.

B.

The physical access control server is malfunctioning.

C.

The system reached the crossover error rate.

D.

The employee lost the badge.

Buy Now
Questions 22

Given the following script:

PT0-001 Question 22

Which of the following BEST describes the purpose of this script?

Options:

A.

Log collection

B.

Event collection

C.

Keystroke monitoring

D.

Debug message collection

Buy Now
Questions 23

When calculating the sales price of a penetration test to a client, which of the following is the MOST important aspect to understand?

Options:

A.

The operating cost

B.

The client's budget

C.

The required scope of work

D.

The non-disclosure agreement

Buy Now
Questions 24

When communicating the findings of a network vulnerability scan to a client's IT department which of the following metrics BEST prioritize the severity of the findings? (Select TWO)

Options:

A.

Threat map statistics

B.

CVSS scores

C.

Versions of affected software

D.

Media coverage prevalence

E.

Impact criticality

F.

Ease of remediation

Buy Now
Questions 25

The results of a basic compliance scan show a subset of assets on a network. This data differs from what is shown on the network architecture diagram, which was supplied at the beginning of the test. Which of the following are the MOST likely causes for this difference? (Select TWO)

Options:

A.

Storage access

B.

Limited network access

C.

Misconfigured DHCP server

D.

Incorrect credentials

E.

Network access controls

Buy Now
Questions 26

A web application scanner reports that a website is susceptible to clickjacking. Which of the following techniques would BEST prove exploitability?

Options:

A.

Redirect the user with a CSRF.

B.

Launch the website in an iFRAME.

C.

Pull server headers.

D.

Capture and replay a session ID.

Buy Now
Questions 27

A penetration tester successfully exploits a DM2 server that appears to be listening on an outbound port The penetration tester wishes to forward that traffic back to a device Which of the following are the BEST tools to use few this purpose? (Select TWO)

Options:

A.

Tcpdump

B.

Nmap

C.

Wiresrtark

D.

SSH

E.

Netcat

F.

Cain and Abel

Buy Now
Questions 28

A penetration tester is able to move laterally throughout a domain with minimal roadblocks after compromising

a single workstation. Which of the following mitigation strategies would be BEST to recommend in the report?

(Select THREE).

Options:

A.

Randomize local administrator credentials for each machine.

B.

Disable remote logons for local administrators.

C.

Require multifactor authentication for all logins.

D.

Increase minimum password complexity requirements.

E.

Apply additional network access control.

F.

Enable full-disk encryption on every workstation.

G.

Segment each host into its own VLAN.

Buy Now
Questions 29

A penetration tester identifies the following findings during an external vulnerability scan:

PT0-001 Question 29

Which of the following attack strategies should be prioritized from the scan results above?

Options:

A.

Obsolete software may contain exploitable components

B.

Weak password management practices may be employed

C.

Cryptographically weak protocols may be intercepted

D.

Web server configurations may reveal sensitive information

Buy Now
Questions 30

In which of the following components is an exploited vulnerability MOST likely to affect multiple running application containers at once?

Options:

A.

Common libraries

B.

Configuration files

C.

Sandbox escape

D.

ASLR bypass

Buy Now
Questions 31

During a vulnerability assessment, the security consultant finds an XP legacy system that is running a critical

business function. Which of the following mitigations is BEST for the consultant to conduct?

Options:

A.

Update to the latest Microsoft Windows OS.

B.

Put the machine behind the WAF.

C.

Segment the machine from the main network.

D.

Disconnect the machine.

Buy Now
Questions 32

A penetration tester has been asked to conduct OS fingering with Nmap using a company-provided text file that contains a list of IP addresses. Which of the following are needed to conduct this scan? (Choose two.)

Options:

A.

-O

B.

-iL

C.

-sV

D.

-sS

E.

-oN

F.

-oX

Buy Now
Questions 33

A penetration tester has SSH access to a Linux server that is exposed to the internet and has access to a corporate internal network. This server, with IP address 200.111.111.9, only has port TCP 22 externally opened. The penetration tester also discovered the internal IP address 192.168.1.5 from a Windows server. Which of the following steps should the penetration tester follow to open an RDP connection to this Windows server and to try to log on?

Options:

A.

Connect to the Linux server using # ssh 200.111.111.9, establish an RDP connection to the 192.168.1.5 address.

B.

Connect to the Windows server using # ssh -L 3389:200.111.111.9:22 192.168.1.5.

C.

Connect to the Linux server using # ssh -L 3389:192.168.1.5:3389 200 .111.111.9; RDP to localhost address, port 3389.

D.

Connect to the Windows server using # ssh -L 22:200.111.111.9:3389 192.168.1.5.

Buy Now
Questions 34

A penetration tester wants to check manually if a “ghost” vulnerability exists in a system. Which of the following methods is the correct way to validate the vulnerability?

Options:

A.

Download the GHOST file to a Linux system and compilegcc -o GHOSTtest i:./GHOST

B.

Download the GHOST file to a Windows system and compilegcc -o GHOST GHOST.ctest i:./GHOST

C.

Download the GHOST file to a Linux system and compilegcc -o GHOST.ctest i:./GHOST

D.

Download the GHOST file to a Windows system and compilegcc -o GHOSTtest i:./GHOST

Buy Now
Questions 35

A consultant is attempting to harvest credentials from unsecure network protocols in use by the organization. Which of the following commands should the consultant use?

Options:

A.

Tcmpump

B.

John

C.

Hashcat

D.

nc

Buy Now
Questions 36

Which of the following BEST explains why it is important to maintain confidentiality of any identified findings when performing a penetration test?

Options:

A.

Penetration test findings often contain company intellectual property

B.

Penetration test findings could lead to consumer dissatisfaction if made pubic

C.

Penetration test findings are legal documents containing privileged information

D.

Penetration test findings can assist an attacker in compromising a system

Buy Now
Questions 37

A security consultant finds a folder in "C VProgram Files" that has writable permission from an unprivileged user account Which of the following can be used to gam higher privileges?

Options:

A.

Retrieving the SAM database

B.

Kerberoasting

C.

Retrieving credentials in LSASS

D.

DLL hijacking

E.

VM sandbox escape

Buy Now
Questions 38

An SMB server was discovered on the network, and the penetration tester wants to see if the server it vulnerable. Which of the following is a relevant approach to test this?

Options:

A.

Null sessions

B.

Xmas scan

C.

ICMP flood

D.

SYN flood

Buy Now
Questions 39

A penetration tester has been asked to conduct a penetration test on a REST-based web service. Which of the following items is required?

Options:

A.

The latest vulnerability scan results

B.

A list of sample application requests

C.

An up-to-date list of possible exploits

D.

A list of sample test accounts

Buy Now
Questions 40

Which of the following BEST describes the difference between a red team engagement and a penetration test?

Options:

A.

A penetration test has a broad scope and emulates advanced persistent threats while a red team engagement has a limited scope and focuses more on vulnerability identification

B.

A red team engagement has a broad scope and emulates advanced persistent threats, while a penetration test has a limited scope and focuses more on vulnerability identification

C.

A red team engagement has a broad scope and focuses more on vulnerability identification, while a penetration test has a limited scope and emulates advanced persistent threats

D.

A penetration test has a broad scope and focuses more on vulnerability identification while a red team engagement has a limited scope and emulates advanced persistent threats

Buy Now
Questions 41

A web server is running PHP, and a penetration tester is using LFI to execute commands by passing parameters through the URL. This is possible because server logs were poisoned to execute the PHP system ( ) function. Which of the following would retrieve the contents of the passwd file?

Options:

A.

''&CMD_cat /etc/passwd--&id-34''

B.

''&CMD=cat / etc/passwd%&id= 34''

C.

''&CMD=cat ../../../../etc/passwd7id=34'

D.

''&system(CMD) ''cat /etc/passed&id=34''

Buy Now
Questions 42

A penetration tester is outside of an organization's network and is attempting to redirect users to a fake password reset website hosted on the penetration tester's box. Which of the following techniques is suitable to attempt this?

Options:

A.

Employ NBNS poisoning.

B.

Perform ARP spoofing.

C.

Conduct a phishing campaign.

D.

Use an SSL downgrade attack.

Buy Now
Questions 43

After performing a security assessment for a firm, the client was found to have been billed for the time the client’s test environment was unavailable. The client claims to have been billed unfairly. Which of the following documents would MOST likely be able to provide guidance in such a situation?

Options:

A.

SOW

B.

NDA

C.

EULA

D.

BPA

Buy Now
Questions 44

A senior employee received a suspicious email from another executive requesting an urgent wire transfer.

Which of the following types of attacks is likely occurring?

Options:

A.

Spear phishing

B.

Business email compromise

C.

Vishing

D.

Whaling

Buy Now
Exam Code: PT0-001
Exam Name: CompTIA PenTest+ Exam
Last Update: Nov 28, 2023
Questions: 294
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 02 May 2024