PT0-001 Exam Details

  • Exam Code
    :PT0-001
  • Exam Name
    :CompTIA PenTest+
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :306 Q&As
  • Last Updated
    :Apr 01, 2024

CompTIA PT0-001 Online Questions & Answers

  • Question 151:

    A security assessor is attempting to craft specialized XML files to test the security of the parsing functions during ingest into a Windows application. Before beginning to test the application, which of the following should the assessor request from the organization?

    A. Sample SOAP messages
    B. The REST API documentation
    C. A protocol fuzzing utility
    D. An applicable XSD file

  • Question 152:

    While prioritizing findings and recommendations for an executive summary, which of the following considerations would De MOST valuable to the client?

    A. Levels of difficulty to exploit identified vulnerabilities
    B. Time taken to accomplish each step
    C. Risk tolerance of the organization
    D. Availability of patches and remediations

  • Question 153:

    After successfully enumerating users on an Active Directory domain controller using enum4linux a penetration tester wants to conduct a password-guessing attack Given the below output:

    Which of the following can be used to extract usernames from the above output prior to conducting the attack?

    A. cat enum41inux_output.txt > grep -v user I sed `s/\[//' I sed `s/\]//' 2> usernames.txt
    B. grep user enuza41inux_output.txt I awk '{print $1}' | cut -d[ -? I cut -d] -f1>; username.txt
    C. grep -i rid v< enura.41inux_output. txt' | cut -d: -? i cut -d] -f1>; usernames. txt
    D. cut -d: -f2 enum41inux_output.txt | awk '{print S2}' I cut -d: -f1 > usernaraes.txt

  • Question 154:

    A penetration testing company was hired to conduct a penetration test against Company A's network of 20.10.10.0/24 and mail.companyA.com. While the penetration testing company was in the information gathering phase, it was discovered that the mail.companyA.com IP address resolved to 20.15.1.2 and belonged to Company B. Which of the following would be the BEST solution to conduct penetration testing against mail.companyA.com?

    A. The penetration tester should conduct penetration testing against mail.companyA.com because the domain name is in scope.
    B. The penetration tester should ask Company A for a signed statement giving permission to conduct a test against mail.companyA.com.
    C. The penetration tester should ignore mail.companyA.com testing and complete only the network range 20.10.10.0/24.
    D. The penetration tester should only use passive open source intelligence gathering methods leveraging publicly available information to analyze mail.companyA.com.

  • Question 155:

    Which of the following would be BEST for performing passive reconnaissance on a target's external domain?

    A. Peach
    B. CeWL
    C. OpenVAS
    D. Shodan

  • Question 156:

    A penetration tester is scoping an engagement with a company that provided a list of firewall rules and a digital network diagram. Which of the following tests would require this data?

    A. Network segmentation test
    B. Network penetration test
    C. Network vulnerability scan
    D. Network baseline test

  • Question 157:

    A client has voiced concern about the number of companies being breached by remote attackers, who are looking for trade secrets. Which of the following BEST describes the type of adversaries this would identify?

    A. Script kiddies
    B. APT actors
    C. Insider threats
    D. Hacktrvist groups

  • Question 158:

    A penetration tester has run multiple vulnerability scans against a target system. Which of the following would be unique to a credentialed scan?

    A. Exploits for vulnerabilities found
    B. Detailed service configurations
    C. Unpatched third-party software
    D. Weak access control configurations

  • Question 159:

    Which of the following is the purpose of an NDA?

    A. Outlines the terms of confidentiality between both parties
    B. Outlines the boundaries of which systems are authorized for testing
    C. Outlines the requirements of technical testing that are allowed
    D. Outlines the detailed configuration of the network

  • Question 160:

    A penetration tester discovers SNMP on some targets. Which of the following should the penetration tester try FIRST?

    A. Sniff SNMP traffic.
    B. Use default credentials.
    C. Upload a new config file.
    D. Conduct a MITM.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PT0-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.