Which of the following exploits a vulnerability associated with IoT devices?
A. Blue snarfing
B. Simple certificate enrollment
C. Heartbleed
D. Mirai botnet
A web application scanner reports that a website is susceptible to clickjacking. Which of the following techniques would BEST prove exploitability?
A. Redirect the user with a CSRF.
B. Launch the website in an iFRAME.
C. Pull server headers.
D. Capture and replay a session ID.
A penetration testing company is performing a penetration test against Company A. Company A has provided the IP address range 10.0.0.0/24 as its in-scope network range. During the information gathering phase, the penetration tester is asked to conduct active information-gathering techniques. Which of the following is the BEST tool to use for active information gathering?
A. hping3
B. theHarvester
C. tcpdump
D. Nmap
Given the following Python code:
a = 'abcdefghijklmnop'a[::2]
Which of the following will result?
A. adgjmp
B. pnlhfdb
C. acegikmo
D. ab
Which of the following describe a susceptibility present in Android-based commercial mobile devices when organizations are not employing MDM services? (Choose two.)
A. Configurations are user-customizable.
B. End users have root access to devices by default.
C. Push notification services require Internet access.
D. Unsigned apps can be installed.
E. The default device log facility does not record system actions.
F. IPSec VPNs are not configurable.
When calculating the sales price of a penetration test to a client, which of the following is the MOST important aspect to understand?
A. The operating cost
B. The client's budget
C. The required scope of work
D. The non-disclosure agreement
Which of the following would BEST prevent fence jumping at a facility?
A. Install proper lighting around the perimeter of the facility.
B. Decrease the distance between the links in the fence.
C. Add a top guard on the fence that faces away from the facility.
D. Place video cameras that are angled toward the fence.
Which of the following tools can be used to perform a basic remote vulnerability scan of a website's configuration?
A. Mimikatz
B. BeEF
C. Nikto
D. Patator
When considering threat actor scoping prior to an engagement, which of the following characteristics makes an APT challenging to emulate?
A. Development of custom zero-day exploits and tools
B. Leveraging the dark net for non-attribution
C. Tenacity and efficacy of social engineering attacks
D. Amount of bandwidth available for DoS attacks
During a penetration test, a host is discovered that appears to have been previously compromised and has an active outbound connection. After verifying the network activity is malicious, which of the following should the tester do?
A. Inform the client to shut it down and investigate.
B. Take action and shut it down immediately.
C. Inform the client and allow them to respond.
D. Note the finding and continue the assessment.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PT0-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.