PT0-001 Exam Details

  • Exam Code
    :PT0-001
  • Exam Name
    :CompTIA PenTest+
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :306 Q&As
  • Last Updated
    :Apr 01, 2024

CompTIA PT0-001 Online Questions & Answers

  • Question 221:

    A systems security engineer is preparing to conduct a security assessment of some new applications. The applications were provided to the engineer as a set that contains only JAR files. Which of the following would be the MOST detailed method to gather information on the inner workings of these applications?

    A. Launch the applications and use dynamic software analysis tools, including fuzz testing.
    B. Use a static code analyzer on the JAR files to look for code quality deficiencies.
    C. Decompile the applications to approximate source code and then conduct a manual review.
    D. Review the details and extensions of the certificate used to digitally sign the code and the application.

  • Question 222:

    Black box penetration testing strategy provides the tester with:

    A. a target list
    B. a network diagram
    C. source code
    D. privileged credentials

  • Question 223:

    A penetration tester has obtained access to an IP network subnet that contains ICS equipment intercommunication. Which of the following attacks is MOST likely to succeed in creating a physical effect?

    A. DNS cache poisoning
    B. Record and replay
    C. Supervisory server SMB
    D. Blind SQL injection

  • Question 224:

    Given the following Python code:

    a = 'abcdefghijklmnop'a[::2]

    Which of the following will result?

    A. adgjmp
    B. pnlhfdb
    C. acegikmo
    D. ab

  • Question 225:

    Joe, a penetration tester, is asked to assess a company's physical security by gaining access to its corporate office. Joe ism looking for a method that will enable him to enter the building during business hours or when there are no employee on-site. Which of the following would be MOST effective in accomplishing this?

    A. Badge cloning
    B. Lock picking
    C. Tailgating
    D. Piggybacking

  • Question 226:

    A company decides to remediate issues identified from a third-party penetration test done to its infrastructure. Management should instruct the IT team to:

    A. execute the hot fixes immediately to all vulnerabilities found.
    B. execute the hot fixes immediately to some vulnerabilities.
    C. execute the hot fixes during the routine quarterly patching.
    D. evaluate the vulnerabilities found and execute the hot fixes.

  • Question 227:

    A penetration tester is reviewing a Zigbee implementation for security issues. Which of the following device types is the tester MOST likely testing?

    A. Router
    B. IoT
    C. WAF
    D. PoS

  • Question 228:

    Which of the following would BEST prevent fence jumping at a facility?

    A. Install proper lighting around the perimeter of the facility.
    B. Decrease the distance between the links in the fence.
    C. Add a top guard on the fence that faces away from the facility.
    D. Place video cameras that are angled toward the fence.

  • Question 229:

    A penetration tester wants to check manually if a "ghost" vulnerability exists in a system. Which of the following methods is the correct way to validate the vulnerability?

    A. Download the GHOST file to a Linux system and compile gcc –o GHOST test i: ./GHOST
    B. Download the GHOST file to a Windows system and compile gcc –o GHOST GHOST.c test i: ./GHOST
    C. Download the GHOST file to a Linux system and compile gcc –o GHOST GHOST.c test i: ./GHOST
    D. Download the GHOST file to a Windows system and compile gcc –o GHOST test i: ./GHOST

  • Question 230:

    Which of the following actions BEST matches a script kiddie's threat actor?

    A. Exfiltrate network diagrams to perform lateral movement.
    B. Steal credit cards from the database and sell them in the deep web.
    C. Install a rootkit to maintain access to the corporate network.
    D. Deface the website of a company in search of retribution.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PT0-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.