PT0-001 Exam Details

  • Exam Code
    :PT0-001
  • Exam Name
    :CompTIA PenTest+
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :306 Q&As
  • Last Updated
    :Apr 01, 2024

CompTIA PT0-001 Online Questions & Answers

  • Question 111:

    A security team is switching firewall vendors. The director of security wants to scope a penetration test to satisfy requirements to perform the test after major architectural changes. Which of the following is the BEST way to approach the project?

    A. Design a penetration test approach, focusing on publicly released firewall DoS vulnerabilities.
    B. Review the firewall configuration, followed by a targeted attack by a read team.
    C. Perform a discovery scan to identify changes in the network.
    D. Focus on an objective-based approach to assess network assets with a red team.

  • Question 112:

    After successfully exploiting a local file inclusion vulnerability within a web application a limited reverse shell is spawned back to the penetration tester's workstation Which of the following can be used to escape the limited shell and create a fully functioning TTY?

    A. per1 -e ' : set shall=/bin/bash:shell'
    B. php -r ,Sshell=f3hellopen("/bin/bash-);exec($9he:i)'
    C. bash -i >fi /dev/localhosc Oil
    D. python -c 'import pty;pcy.3pawn("/bin/bash")'

  • Question 113:

    During a vulnerability assessment, the security consultant finds an XP legacy system that is running a critical business function. Which of the following mitigations is BEST for the consultant to conduct?

    A. Update to the latest Microsoft Windows OS.
    B. Put the machine behind the WAF.
    C. Segment the machine from the main network.
    D. Disconnect the machine.

  • Question 114:

    A penetration tester has compromised a host. Which of the following would be the correct syntax to create a Netcat listener on the device?

    A. nc -lvp 4444 /bin/bash
    B. nc -vp 4444 /bin/bash
    C. nc -p 4444 /bin/bash
    D. nc -lp 4444 -e /bin/bash

  • Question 115:

    During an engagement an unsecure direct object reference vulnerability was discovered that allows the extraction of highly sensitive PII. The tester is required to extract and then exfil the information from a web application with identifiers 1 through 1000 inclusive. When running the following script, an error is encountered:

    Which of the following lines of code is causing the problem?

    A. url = "https://www.comptia.org?id="
    B. req = requests.get(url)
    C. if req.status ==200:
    D. url += i

  • Question 116:

    Which of the following wordlists is BEST for cracking MD5 password hashes of an application's users from a compromised database?

    A. . /wordlists/rockyou.txt
    B. ./dirb/wordlists/big.txt
    C. ./wfuzz/wordlist''vulns/sq1_inj -txt
    D. ./wordlists/raeta3ploit/roet_uaerpass.txt

  • Question 117:

    A penetration tester has been asked to conduct a penetration test on a REST-based web service. Which of the following items is required?

    A. The latest vulnerability scan results
    B. A list of sample application requests
    C. An up-to-date list of possible exploits
    D. A list of sample test accounts

  • Question 118:

    A penetration tester has successfully exploited an application vulnerability and wants to remove the command history from the Linux session. Which of the following will accomplish this successfully?

    A. history --remove
    B. cat history I clear
    C. rm -f ./history
    D. history -c

  • Question 119:

    A financial institution is asking a penetration tester to determine if collusion capabilities to produce wire fraud are present. Which of the following threat actors should the penetration tester portray during the assessment?

    A. Insider threat
    B. Nation state
    C. Script kiddie
    D. Cybercrime organization.

  • Question 120:

    A penetration tester has performed a security assessment for a startup firm. The report lists a total of ten vulnerabilities, with five identified as critical. The client does not have the resources to immediately remediate all vulnerabilities. Under such circumstances, which of the following would be the BEST suggestion for the client?

    A. Apply easy compensating controls for critical vulnerabilities to minimize the risk, and then reprioritize remediation.
    B. Identify the issues that can be remediated most quickly and address them first.
    C. Implement the least impactful of the critical vulnerabilities' remediations first, and then address other critical vulnerabilities
    D. Fix the most critical vulnerability first, even if it means fixing the other vulnerabilities may take a very long lime.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PT0-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.