PT0-001 Training & Certification Get Latest CompTIA PenTest+ Updated on Jan 15, 2024
Certification Training for PT0-001 Exam Dumps Test Engine
CompTIA PT0-001 exam is perfect for those who want to specialize in ethical hacking and penetration testing. CompTIA PenTest+ Certification Exam certification exam is designed to test practical, hands-on experience in the area of penetration testing. PT0-001 exam covers the various phases of a penetration testing project, from planning and scoping to exploitation and reporting. CompTIA PenTest+ Certification Exam certification exam also evaluates the candidate's knowledge of tools and techniques used in penetration testing and vulnerability management.
NEW QUESTION # 28
A penetration tester successfully exploits a Windows host and dumps the hashes Which of the following hashes can the penetration tester use to perform a pass-the-hash attack?
A)
B)
C)
D)
- A. Option B
- B. Option C
- C. Option D
- D. Option A
Answer: C
NEW QUESTION # 29
A security consultant is trying to attack a device with a previously identified user account.
Which of the following types of attacks is being executed?
- A. Credential dump attack
- B. Pass the hash attack
- C. DLL injection attack
- D. Reverse shell attack
Answer: B
NEW QUESTION # 30
A penetration tester has compromised a host. Which of the following would be the correct syntax to create a Netcat listener on the device?
- A. nc -lvp 4444 /bin/bash
- B. nc -lp 4444 -e /bin/bash
- C. nc -p 4444 /bin/bash
- D. nc -vp 4444 /bin/bash
Answer: A
Explanation:
Reference:
https://netsec.ws/?p=292
NEW QUESTION # 31
A penetration tester has compromised a host. Which of the following would be the correct syntax to create a Netcat listener on the device?
- A. nc -lp 4444 -e /bin/bash
- B. nc -p 4444 /bin/bash
- C. nc -lvp 4444 /bin/bash
- D. nc -vp 4444 /bin/bash
Answer: A
NEW QUESTION # 32
A healthcare organization must abide by local regulations to protect and attest to the protection of personal health information of covered individuals.
Which of the following conditions should a penetration tester specifically test for when performing an assessment? (Select TWO).
- A. Health information communicated over HTTP
- B. S/MIME certificate templates defined by the CA
- C. Software bugs resident in the IT ticketing system
- D. Cleartext exposure of SNMP trap data
- E. DAR encryption on records servers
Answer: A,E
NEW QUESTION # 33
A security analyst has uncovered a suspicious request in the logs for a web application. Given the following URL:
http:www.company-site.com/about.php?i=_V_V_V_V_VetcVpasswd
Which of the following attack types is MOST likely to be the vulnerability?
- A. User enumeration
- B. Directory traversal
- C. Cross-site scripting
- D. Remote file inclusion
Answer: C
NEW QUESTION # 34
While performing privilege escalation on a Windows 7 workstation, a penetration tester identifies a service that imports a DLL by name rather than an absolute path. To exploit this vulnerability, which of the following criteria must be met?
- A. Write permissions in the C:\Windows\System32\imports directory
- B. Permissions not disabled in the DLL
- C. DLL not cryptographically signed by the vendor
- D. Weak folder permissions of a directory in the DLL search path
Answer: D
NEW QUESTION # 35
A consultant wants to scan all the TCP ports on an identified device. Which of the following Nmap switches will complete this task?
- A. -p-
- B. -p ALL
- C. -port 1-65534
- D. -p 1-65534
Answer: A
NEW QUESTION # 36
A constant wants to scan all the TCP Pots on an identified device. Which of the following Nmap switches will complete this task?
- A. -p-
- B. -p ALX,
- C. -port 1-65534
- D. -p 1-65534
Answer: A
NEW QUESTION # 37
A senior employee received a suspicious email from another executive requesting an urgent wire transfer.
Which of the following types of attacks is likely occurring?
- A. Business email compromise
- B. Whaling
- C. Spear phishing
- D. Vishing
Answer: C
NEW QUESTION # 38
A penetration tester is able to move laterally throughout a domain with minimal roadblocks after compromising a single workstation. Which of the following mitigation strategies would be BEST to recommend in the report? (Select THREE).
- A. Disable remote logons for local administrators.
- B. Randomize local administrator credentials for each machine.
- C. Require multifactor authentication for all logins.
- D. Apply additional network access control.
- E. Increase minimum password complexity requirements.
- F. Segment each host into its own VLAN.
- G. Enable full-disk encryption on every workstation.
Answer: C,D,E
NEW QUESTION # 39
A penetration tester executes the following commands:
Which of the following is a local host vulnerability that the attacker is exploiting?
- A. Insecure file permissions
- B. Application whitelisting
- C. Shell escape
- D. Writable service
Answer: A
Explanation:
Explanation/Reference:
Reference: https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/#john-the-ripper---jtr
NEW QUESTION # 40
A security consultant is trying to attack a device with a previously identified user account.
Which of the following types of attacks is being executed?
- A. DLL injection attack
- B. Pass the hash attack
- C. Reverse shell attack
- D. Credential dump attack
Answer: D
NEW QUESTION # 41
A consultant is performing a social engineering attack against a client. The consultant was able to collect a number of usernames and passwords using a phishing campaign. The consultant is given credentials to log on to various employees email accounts. Given the findings, which of the following should the consultant recommend be implemented?
- A. Two-factor authentication
- B. Password encryption
- C. Strong password policy
- D. Email system hardening
Answer: A
NEW QUESTION # 42
Instructions:
Analyze the code segments to determine which sections are needed to complete a port scanning script.
Drag the appropriate elements into the correct locations to complete the script.
If at any time you would like to bring back the initial state of the simulation, please click the reset all button.
During a penetration test, you gain access to a system with a limited user interface. This machine appears to have access to an isolated network that you would like to port scan.
Answer:
Explanation:
NEW QUESTION # 43
A penetration tester has identified a directory traversal vulnerability.
Which of the following payloads could have helped the penetration tester identify this vulnerability?
- A. && dir C:/
- B. "><script>document.location=/root/</script>
- C. 'or 'folder' like 'file'; --
- D. || is /tmp/
- E. ../../../../../../../../
Answer: E
NEW QUESTION # 44
Which of Ihe following commands would allow a penetration tester to access a private network from the Internet in Metasploit?
- A. set rhost 192.168.1.10
- B. db_nmp -iL /tmp/privatehoots . txt
- C. run autoroute -a 192.168.1.0/24
- D. use auxiliary/servet/aocka^a
Answer: A
NEW QUESTION # 45
A penetration tester is designing a phishing campaign and wants to build list of users (or the target organization. Which of the following techniques would be the MOST appropriate? (Select TWO)
- A. Socially engineer the corporate call center.
- B. Search posted job listings.
- C. Harvest users from social networking sites.
- D. Query an Internet WHOIS database.
- E. Scrape the company website.
Answer: C,E
NEW QUESTION # 46
......
Step by Step Guide to Prepare for PT0-001 Exam: https://examcollection.realvce.com/PT0-001-original-questions.html