CompTIA PT0-001 Dumps - The Sure Way To Pass Exam [Q47-Q68]

Share

CompTIA PT0-001 Dumps - The Sure Way To Pass Exam

PT0-001 Exam Questions (Updated 2021) 100% Real Question Answers


Registration Process

A candidate willing to register for the PenTest+ certification should follow these simple steps:

  • First-time users should make sure their account is created not less than 24 hours before registration.
  • Once done, a payment window launches, and one has to pay the fee to finalize the registration process.
  • Visit the Pearson VUE website and log in.
  • Choose the exam, testing center, and the preferred appointment time.

 

NEW QUESTION 47
Which of the following reasons does penetration tester needs to have a customer's point-of
-contact information available at all time? (Select THREE).

  • A. To update payment information
  • B. To update the statement o( work
  • C. To report the latest published exploits
  • D. To report critical findings
  • E. To report indicators of compromise
  • F. To report a server that becomes unresponsive
  • G. To report a cracked password
  • H. To report findings that cannot be exploited

Answer: A,C,F

 

NEW QUESTION 48
A penetration tester is performing a validation scan after an organization remediated a vulnerability on port
443 The penetration tester observes the following output:

Which of the following has MOST likely occurred?

  • A. The scan results were a false positive.
  • B. The organization moved services to port 8443
  • C. A mismatched firewall rule is blocking 443.
  • D. The IPS is blocking traffic to port 443

Answer: B

 

NEW QUESTION 49
A penetration tester has been hired to perform a penetration test for an organization. Which of the following is indicative of an error-based SQL injection attack?

  • A. 1=1 or b--
  • B. 1=1 or a--
  • C. 1=1 or 2--
  • D. a=1 or 1--

Answer: D

 

NEW QUESTION 50
Performance based
You are a penetration Inter reviewing a client's website through a web browser.
Instructions:
Review all components of the website through the browser to determine if vulnerabilities are present.
Remediate ONLY the highest vulnerability from either the certificate source or cookies.







Answer:

Explanation:

 

NEW QUESTION 51
A penetration tester wants to target NETBIOS name service. Which of the following is the most likely command to exploit the NETBIOS name service?

  • A. burpsuite
  • B. responder
  • C. nmap
  • D. arPspoof

Answer: D

 

NEW QUESTION 52
A penetration tester is performing a validation scan after an organization remediated a vulnerability on port
443 The penetration tester observes the following output:

Which of the following has MOST likely occurred?

  • A. The scan results were a false positive.
  • B. The organization moved services to port 8443
  • C. A mismatched firewall rule is blocking 443.
  • D. The IPS is blocking traffic to port 443

Answer: B

 

NEW QUESTION 53
A penetration tester wants to target NETBIOS name service. Which of the following is the MOST likely command to exploit the NETBIOS name service?

  • A. burpsuite
  • B. responder
  • C. nmap
  • D. arpspoof

Answer: C

Explanation:
Explanation/Reference: http://www.hackingarticles.in/netbios-and-smb-penetration-testing-on-windows/

 

NEW QUESTION 54
A company requested a penetration tester review the security of an in-house-developed Android application. The penetration tester received an APK file to support the assessment. The penetration tester wants to run SAST on the APK file. Which of the following preparatory steps must the penetration tester do FIRST? (Select TWO)

  • A. Re-sign the APK
  • B. Attach to ADB
  • C. Cross-compile the application
  • D. Decompile
  • E. Convert JAR files to DEX
  • F. Convert to JAR

Answer: D

 

NEW QUESTION 55
Which of the following wordlists is BEST for cracking MD5 password hashes of an application's users from a compromised database?

  • A. ./dirb/wordlists/big.txt
  • B. ./wordlists/raeta3ploit/roet_uaerpass.txt
  • C. ./wfuzz/wordlist''vulns/sq1_inj -txt
  • D. . /wordlists/rockyou.txt

Answer: D

 

NEW QUESTION 56
A penetration tester executed a vulnerability scan against a publicly accessible host and found a web server that is vulnerable to the DROWN attack. Assuming this web server is using the IP address 127.212.31.17, which of the following should the tester use to verify a false positive?

  • A. Openssl s_client -tls1_2 -connect 127.212.31.17:443
  • B. Openssl s_server -tls1_2 -connect 127.212.31.17:443
  • C. Openssl s_client -ss13 -connect 127.212.31.17:443
  • D. Openssl s_client -ss12 -connect 127.212.31.17:443

Answer: A

 

NEW QUESTION 57
A penetration tester is reviewing a Zigbee Implementation for security issues. Which of the following device types is the tester MOST likely testing?

  • A. Router
  • B. WAF
  • C. loT
  • D. PoS

Answer: A

 

NEW QUESTION 58
When negotiating a penetration testing contract with a prospective client, which of the following disclaimers should be included in order to mitigate liability in case of a future breach of the client's systems?

  • A. The assessment reviewed the cyber key terrain and most critical assets of the client's network.
  • B. The NDA protects the consulting firm from future liabilities in the event of a breach.
  • C. The penetration test is based on the state of the system and its configuration at the time of assessment.
  • D. The proposed mitigations and remediations in the final report do not include a cost-benefit analysis.

Answer: C

 

NEW QUESTION 59
A client asks a penetration tester to add more addresses to a test currently in progress.
Which of the following would defined the target list?

  • A. Master services agreement
  • B. Statement of work
  • C. End-user license agreement
  • D. Rules of engagement

Answer: C

 

NEW QUESTION 60
A penetration tester wants to check manually if a "ghost" vulnerability exists in a system. Which of the following methods is the correct way to validate the vulnerability?

  • A. Download the GHOST file to a Linux system and compile
    gcc -o GHOST
    test i:
    ./GHOST
  • B. Download the GHOST file to a Windows system and compile
    gcc -o GHOST
    test i:
    ./GHOST
  • C. Download the GHOST file to a Linux system and compile
    gcc -o GHOST.c
    test i:
    ./GHOST
  • D. Download the GHOST file to a Windows system and compile
    gcc -o GHOST GHOST.c
    test i:
    ./GHOST

Answer: C

 

NEW QUESTION 61
A security consultant found a SCADA device in one of the VLANs in scope. Which of the following actions would BEST create a potentially destructive outcome against device?

  • A. Launch a DNS cache poisoning attack against the device.
  • B. Lunch a Nessus vulnerability scan against the device.
  • C. Launch an SMB exploit against the device.
  • D. Launch an SNMP password brute force attack against the device.

Answer: D

 

NEW QUESTION 62
A constant wants to scan all the TCP Pots on an identified device. Which of the following Nmap switches will complete this task?

  • A. -p-
  • B. -port 1-65534
  • C. -p ALX,
  • D. -p 1-65534

Answer: A

 

NEW QUESTION 63
Which of the following types of intrusion techniques is the use of an "under-the-door tool" during a physical security assessment an example of?

  • A. Egress sensor triggering
  • B. Lock bumping
  • C. Lock bypass
  • D. Lockpicking

Answer: C

Explanation:
Explanation/Reference: https://www.triaxiomsecurity.com/2018/08/16/physical-penetration-test-examples/

 

NEW QUESTION 64
During a vulnerability assessment, the security consultant finds an XP legacy system that is running a criticalmbusiness function.
Which of the following mitigations is BEST for the consultant to conduct?

  • A. Segment the machine from the main network.
  • B. Put the machine behind the WAF.
  • C. Update to the latest Microsoft Windows OS.
  • D. Disconnect the machine.

Answer: B

 

NEW QUESTION 65
A penetration tester observes that the content security policy header is missing during a web application penetration test. Which of the following techniques would the penetration tester MOST likely perform?

  • A. Command injection attack
  • B. Remote file inclusion attack
  • C. Directory traversal attack
  • D. Clickjacking attack

Answer: D

Explanation:
Explanation/Reference: https://geekflare.com/http-header-implementation/

 

NEW QUESTION 66
Which of the following properties of the penetration testing engagement agreement will have the largest impact on observing and testing production systems at their highest loads?

  • A. Having management sign-off on intrusive testing
  • B. Setting a schedule of testing access times
  • C. Establishing a white-box testing engagement
  • D. Creating a scope of the critical production systems

Answer: A

 

NEW QUESTION 67
Given the following Python script:

Which of the following is where the output will go?

  • A. To the screen
  • B. To a file
  • C. To a network server
  • D. To /dev/null

Answer: B

 

NEW QUESTION 68
......

Pass CompTIA PT0-001 Exam Quickly With PracticeMaterial: https://www.practicematerial.com/PT0-001-exam-materials.html