PT0-001 Exam Details

  • Exam Code
    :PT0-001
  • Exam Name
    :CompTIA PenTest+
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :306 Q&As
  • Last Updated
    :Apr 01, 2024

CompTIA PT0-001 Online Questions & Answers

  • Question 11:

    A penetration tester must assess a web service. Which of the following should the tester request during the scoping phase?

    A. XSD
    B. After-hours contact escalation
    C. WSDLfile
    D. SOAP project file

  • Question 12:

    A penetration tester observes that several high numbered ports are listening on a public web server. However, the system owner says the application only uses port 443. Which of the following would be BEST to recommend?

    A. Transition the application to another port
    B. Filter port 443 to specific IP addresses
    C. Implement a web application firewall
    D. Disable unneeded services.

  • Question 13:

    A penetration tester is utilizing social media to gather information about employees at a company. The tester has created a list of popular words used in employee profile s. For which of the following types of attack would this information be used?

    A. Exploit chaining
    B. Session hijacking
    C. Dictionary
    D. Karma

  • Question 14:

    During a penetration test, a tester identifies traditional antivirus running on the exploited server. Which of the following techniques would BEST ensure persistence in a post-exploitation phase?

    A. Shell binary placed in C:\windows\temp
    B. Modified daemons
    C. New user creation
    D. Backdoored executables

  • Question 15:

    Which of the following CPU registers does the penetration tester need to overwrite in order to exploit a simple buffer overflow?

    A. Stack pointer register
    B. Index pointer register
    C. Stack base pointer
    D. Destination index register

  • Question 16:

    During a physical security review, a detailed penetration testing report was obtained, which was issued to a security analyst and then discarded in the trash. The report contains validated critical risk exposures. Which of the following processes would BEST protect this information from being disclosed in the future?

    A. Restrict access to physical copies to authorized personnel only.
    B. Ensure corporate policies include guidance on the proper handling of sensitive information.
    C. Require only electronic copies of all documents to be maintained.
    D. Install surveillance cameras near all garbage disposal areas.

  • Question 17:

    A penetration tester wants to target NETBIOS name service. Which of the following is the most likely command to exploit the NETBIOS name service?

    A. arPspoof
    B. nmap
    C. responder
    D. burpsuite

  • Question 18:

    A penetration tester has discovered through automated scanning that a Tomcat server allows for the use of default credentials. Using default credentials, the tester is able to upload WAR files to the server. Which of the following is the MOST likely post-exploitation step?

    A. Upload a customized /etc/shadow file.
    B. Monitor network traffic
    C. Connect via SSH using default credentials.
    D. Install web shell on the server.

  • Question 19:

    A penetration tester notices that the X-Frame-Optjons header on a web application is not set. Which of the following would a malicious actor do to exploit this configuration setting?

    A. Use path modification to escape the application's framework.
    B. Create a frame that overlays the application.
    C. Inject a malicious iframe containing JavaScript.
    D. Pass an iframe attribute that is malicious.

  • Question 20:

    Joe, a penetration tester, has received basic account credentials and logged into a Windows system. To escalate his privilege, from which of the following places is he using Mimikatz to pull credentials?

    A. LSASS
    B. SAM database
    C. Active Directory
    D. Registry

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PT0-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.