PT0-001 Exam Details

  • Exam Code
    :PT0-001
  • Exam Name
    :CompTIA PenTest+
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :306 Q&As
  • Last Updated
    :Apr 01, 2024

CompTIA PT0-001 Online Questions & Answers

  • Question 131:

    When considering threat actor scoping prior to an engagement, which of the following characteristics makes an APT challenging to emulate?

    A. Development of custom zero-day exploits and tools
    B. Leveraging the dark net for non-attribution
    C. Tenacity and efficacy of social engineering attacks
    D. Amount of bandwidth available for DoS attacks

  • Question 132:

    A penetration tester is performing a black box assessment on a web-based banking application. The tester was only provided with a URL to the login page. Given the below code and output:

    Which of the following is the tester intending to do?

    A. Horizontally escalate privileges
    B. Scrape the page for hidden fields
    C. Analyze HTTP respond code
    D. Search for HTTP headers

  • Question 133:

    When negotiating a penetration testing contract with a prospective client, which of the following disclaimers should be included in order to mitigate liability in case of a future breach of the client's systems?

    A. The proposed mitigations and remediations in the final report do not include a cost-benefit analysis.
    B. The NDA protects the consulting firm from future liabilities in the event of a breach.
    C. The assessment reviewed the cyber key terrain and most critical assets of the client's network.
    D. The penetration test is based on the state of the system and its configuration at the time of assessment.

  • Question 134:

    A company hires a penetration tester to determine if there are any vulnerabilities in its new VPN concentrator installation with an external IP of 100.170.60.5. Which of the following commands will test if the VPN is available?

    A. fpipe.exe -1 8080 -r 80 100.170.60.5
    B. ike-scan -A -t 1 --sourceip=apoof_ip 100.170.60.5
    C. nmap -sS -A -f 100.170.60.5
    D. nc 100.170.60.5 8080 /bin/sh

  • Question 135:

    A penetration tester has been assigned to perform an external penetration assessment of a company. Which of the following steps would BEST help with the passive-information-gathering process? (Choose two.)

    A. Wait outside of the company's building and attempt to tailgate behind an employee.
    B. Perform a vulnerability scan against the company's external netblock, identify exploitable vulnerabilities, and attempt to gain access.
    C. Use domain and IP registry websites to identify the company's external netblocks and external facing applications.
    D. Search social media for information technology employees who post information about the technologies they work with.
    E. Identify the company's external facing webmail application, enumerate user accounts and attempt password guessing to gain access.

  • Question 136:

    A penetration tester is performing a remote internal penetration test by connecting to the testing system from the Internet via a reverse SSH tunnel. The testing system has been placed on a general user subnet with an IP address of

    192.168.1.13 and a gateway of 192.168.1.1. Immediately after running the command below, the penetration tester's SSH connection to the testing platform drops:

    Which of the following ettercap commands should the penetration tester use in the future to perform ARP spoofing while maintaining a reliable connection?

    A. # sudo ettercap –Tq –w output.cap –M ARP /192.168.1.0/ /192.168.1.255/
    B. # proxychains ettercap –Tq –w output.cap –M ARP /192.168.1.13/ /192.168.1.1/
    C. # ettercap –Tq –w output.cap –M ARP 00:00:00:00:00:00//80 FF:FF:FF:FF:FF:FF//80
    D. # ettercap ––safe-mode –Tq –w output.cap –M ARP /192.168.1.2–255/ /192.168.1.13/
    E. # ettercap –Tq –w output.cap –M ARP /192.168.1.2–12;192.168.1.14–255/ /192.168.1.1/

  • Question 137:

    Which of the following commands will allow a tester to enumerate potential unquoted service paths on a host?

    A. wmic environment get name, variablevalue, username | findstr /i "Path" | findstr /i "Service"
    B. wmic service get /format:hform > c:\temp\services.html
    C. wmic startup get caption, location, command |findstr /i "service" |findstr /v /i "%"
    D. wmic service get name, displayname, pathname, startmode |findstr /i "auto" |findstr /i /v "c:\windows\\" |findstr /i /v """

  • Question 138:

    A penetration tester executed a vulnerability scan against a publicly accessible host and found a web server that is vulnerable to the DROWN attack. Assuming this web server is using the IP address 127.212.31.17, which of the following should the tester use to verify a false positive?

    A. Openssl s_client -tls1_2 -connect 127.212.31.17:443
    B. Openssl s_client -ss12 -connect 127.212.31.17:443
    C. Openssl s_client -ss13 -connect 127.212.31.17:443
    D. Openssl s_server -tls1_2 -connect 127.212.31.17:443

  • Question 139:

    A penetration tester is testing a banking application and uncovers a vulnerability. The tester is logged in as a non-privileged user who should have no access to any data. Given the data below from the web interception proxy:

    Which of the following types of vulnerabilities is being exploited?

    A. Forced browsing vulnerability
    B. Parameter pollution vulnerability
    C. File upload vulnerability
    D. Cookie enumeration

  • Question 140:

    A penetration tester is performing a black-box test of a client web application, and the scan host is unable to access it. The client has sent screenshots showing the system is functioning correctly. Which of the following is MOST likely the issue?

    A. The penetration tester was not provided with a WSDL file.
    B. The penetration tester needs an OAuth bearer token.
    C. The tester has provided an incorrect password for the application.
    D. An IPS/WAF whitelist is in place to protect the environment.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PT0-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.