PT0-001 Exam Details

  • Exam Code
    :PT0-001
  • Exam Name
    :CompTIA PenTest+
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :306 Q&As
  • Last Updated
    :Apr 01, 2024

CompTIA PT0-001 Online Questions & Answers

  • Question 211:

    While conducting information gathering, a penetration tester is trying to identify Windows hosts. Which of the following characteristics would be BEST to use for fingerprinting?

    A. The system responds with a MAC address that begins with 00:0A:3B.
    B. The system responds with port 22 open.
    C. The system responds with a TTL of 128.
    D. The system responds with a TCP window size of 5840.

  • Question 212:

    After successfully capturing administrator credentials to a remote Windows machine, a penetration tester attempts to access the system using PSExec but is denied permission. Which of the following shares must be accessible for a successful PSExec connection?

    A. IPCS and C$
    B. C$ and ADMINS
    C. SERVICES and ADMINS
    D. ADMINS and IPCS

  • Question 213:

    An engineer, who is conducting a penetration test for a web application, discovers the user login process sends from field data using the HTTP GET method. To mitigate the risk of exposing sensitive information, the form should be sent using an:

    A. HTTP POST method.
    B. HTTP OPTIONS method.
    C. HTTP PUT method.
    D. HTTP TRACE method.

  • Question 214:

    A penetration tester discovers Heartbleed vulnerabilities in a target network Which of the following impacts would be a result of exploiting this vulnerability?

    A. Code execution can be achieved on the affected systems
    B. Man-in-the-middle attacks can be used to eavesdrop cookie contents.
    C. The attacker can steal session IDs to impersonate other users
    D. Public certificate contents can be used lo decrypt traffic

  • Question 215:

    A penetration tester is performing a wireless penetration test. Which of the following are some vulnerabilities that might allow the penetration tester to easily and quickly access a WPA2-protected access point?

    A. Deauthentication attacks against an access point can allow an opportunity to capture the four-way handshake, which can be used to obtain and crack the encrypted password.
    B. Injection of customized ARP packets can generate many initialization vectors quickly, making it faster to crack the password, which can then be used to connect to the WPA2-protected access point.
    C. Weak implementations of the WEP can allow pin numbers to be guessed quickly, which can then be used to retrieve the password, which can then be used to connect to the WEP-protected access point.
    D. Rainbow tables contain all possible password combinations, which can be used to perform a brute-force password attack to retrieve the password, which can then be used to connect to the WPA2-protected access point.

  • Question 216:

    Which of the following tools is used to perform a credential brute force attack?

    A. Hydra
    B. John the Ripper
    C. Hashcat
    D. Peach

  • Question 217:

    A penetration tester needs to use Nmap to scan a host with a very low speed so the WAF or IPS/IDS is not triggered. Which of the following command-line parameters should be added to the Nmap command?

    A. -t 5
    B. -sP 10
    C. -sV
    D. -t 1

  • Question 218:

    A security consultant finds a folder in "C VProgram Files" that has writable permission from an unprivileged user account Which of the following can be used to gam higher privileges?

    A. Retrieving the SAM database
    B. Kerberoasting
    C. Retrieving credentials in LSASS
    D. DLL hijacking
    E. VM sandbox escape

  • Question 219:

    A penetration tester wants to script out a way to discover all the RPTR records for a range of IP addresses. Which of the following is the MOST efficient to utilize?

    A. nmap -p 53 -oG dnslist.txt | cut -d ":" -f 4
    B. nslookup -ns 8.8.8.8
    C. for x in (1...254); do dig -x 192.168. $x. $x; done
    D. dig -r > echo "8.8.8.8" >> /etc/resolv/conf

  • Question 220:

    During an engagement, a consultant identifies a number of areas that need further investigation and require an extension of the engagement. Which of the following is the MOST likely reason why the engagement may not be able to continue?

    A. The consultant did not sign an NDA.
    B. The consultant was not provided with the appropriate testing tools.
    C. The company did not properly scope the project.
    D. The initial findings were not communicated to senior leadership.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PT0-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.