PT0-001 Exam Details

  • Exam Code
    :PT0-001
  • Exam Name
    :CompTIA PenTest+
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :306 Q&As
  • Last Updated
    :Apr 01, 2024

CompTIA PT0-001 Online Questions & Answers

  • Question 171:

    A consultant is performing a social engineering attack against a client. The consultant was able to collect a number of usernames and passwords using a phishing campaign. The consultant is given credentials to log on to various employees email accounts. Given the findings, which of the following should the consultant recommend be implemented?

    A. Strong password policy
    B. Password encryption
    C. Email system hardening
    D. Two-factor authentication

  • Question 172:

    A recently concluded penetration test revealed that a legacy web application is vulnerable to SQL injection. Research indicates that completely remediating the vulnerability would require an architectural change, and the stakeholders are not in a position to risk the availability on the application. Under such circumstances, which of the following controls are low-effort, short-term solutions to minimize the SQL injection risk? (Choose two.)

    A. Identify and eliminate inline SQL statements from the code.
    B. Identify and eliminate dynamic SQL from stored procedures.
    C. Identify and sanitize all user inputs.
    D. Use a whitelist approach for SQL statements.
    E. Use a blacklist approach for SQL statements.
    F. Identify the source of malicious input and block the IP address.

  • Question 173:

    While presenting the results of a penetration test to a client's executive team, the Chief Information Security Officer (CISO) asks for remediation advice for a shared local administrator finding. The client is geographically dispersed, and centralized management is a key concern. Which of the following is the BEST remediation to suggest?

    A. Have random and unique credentials per system.
    B. Disable the administrator login from the network.
    C. Use a service account for administrative functions.
    D. Implement a single rotating password for systems.

  • Question 174:

    A penetration tester runs a script that queries the domain controller for user service principal names. Which of the following techniques is MOST likely being attempted?

    A. LSASS credential extraction
    B. Cpassword
    C. Cleartext credentials in LDAP
    D. Kerberoasting

  • Question 175:

    You are a penetration tester reviewing a client's website through a web browser.

    INSTRUCTIONS

    Review all components of the website through the browser to determine if vulnerabilities are present.

    Remediate ONLY the highest vulnerability from either the certificate, source, or cookies.

    If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

    Select and Place:

  • Question 176:

    A company contracted a firm specializing in penetration testing to assess the security of a core business application. The company provided the firm with a copy of the Java bytecode. Which of the following steps must the firm take before it can run a static code analyzer?

    A. Run the application through a dynamic code analyzer.
    B. Employ a fuzzing utility.
    C. Decompile the application.
    D. Check memory allocations.

  • Question 177:

    A client requests that a penetration tester emulate a help desk technician who was recently laid off. Which of the following BEST describes the abilities of the threat actor?

    A. Advanced persistent threat
    B. Script kiddie
    C. Hacktivist
    D. Organized crime

  • Question 178:

    A penetration testet is attempting to capture a handshake between a client and an access point by monitoring a WPA2-PSK secured wireless network The (ester is monitoring the correct channel tor the identified network but has been unsuccessful in capturing a handshake Given this scenario, which of the following attacks would BEST assist the tester in obtaining this handshake?

    A. Karma attack
    B. Deauthentication attack
    C. Fragmentation attack
    D. SSID broadcast flood

  • Question 179:

    A penetration tester is required to exploit a WPS implementation weakness. Which of the following tools will perform the attack?

    A. Karma
    B. Kismet
    C. Pixie
    D. NetStumbler

  • Question 180:

    Click the exhibit button.

    A penetration tester is performing an assessment when the network administrator shows the tester a packet sample that is causing trouble on the network. Which of the following types of attacks should the tester stop?

    A. SNMP brute forcing
    B. ARP spoofing
    C. DNS cache poisoning
    D. SMTP relay

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PT0-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.