PT0-001 Exam Details

  • Exam Code
    :PT0-001
  • Exam Name
    :CompTIA PenTest+
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :306 Q&As
  • Last Updated
    :Apr 01, 2024

CompTIA PT0-001 Online Questions & Answers

  • Question 231:

    An organization has requested that a penetration test be performed to determine if it is possible for an attacker to gain a foothold on the organization's server segment During the assessment, the penetration tester identifies tools that appear to have been left behind by a prior attack Which of the following actions should the penetration tester take?

    A. Attempt to use the remnant tools to achieve persistence
    B. Document the presence of the left-behind tools in the report and proceed with the test
    C. Remove the tools from the affected systems before continuing on with the test
    D. Discontinue further testing and report the situation to management

  • Question 232:

    A penetration tester reports an application is only utilizing basic authentication on an Internet-facing application. Which of the following would be the BEST remediation strategy?

    A. Enable HTTP Strict Transport Security.
    B. Enable a secure cookie flag.
    C. Encrypt the communication channel.
    D. Sanitize invalid user input.

  • Question 233:

    A penetration tester ran an Nmap scan against a target and received the following output:

    Which of the following commands would be best for the penetration tester to execute NEXT to discover any weaknesses or vulnerabilities?

    A. onesixtyone 璬 192.168.121.1
    B. enum4linux 瓀 192.168.121.1
    C. snmpwalk 璫 public 192.168.121.1
    D. medusa 環 192.168.121.1 璘 users.txt 璓 passwords.txt 璏 ssh

  • Question 234:

    A penetration tester has compromised a Windows server and is attempting to achieve persistence. Which of the following would achieve that goal?

    A. schtasks.exe /create/tr "powershell.exe" Sv.ps1 /run
    B. net session server | dsquery -user | net use c$
    C. powershell andand set-executionpolicy unrestricted
    D. reg save HKLM\System\CurrentControlSet\Services\Sv.reg

  • Question 235:

    Which of the following CPU register does the penetration tester need to overwrite in order to exploit a simple butter overflow?

    A. Stack pointer register
    B. Index pointer register
    C. Stack base pointer
    D. Destination index register

  • Question 236:

    A recent vulnerability scan of all web servers in an environment offers the following results:

    Taking a risk-based approach, which of the following is the BEST order to approach remediation based on exposure?

    A. Unrestricted file upload, clickjacking, verbose server banner, SQL injection
    B. Unrestricted file upload, SQL injection, clickjacking, verbose server banner
    C. Clickjacking, unrestricted file upload, verbose server banner, SQL injection
    D. SQL injection, unrestricted file upload, clickjacking, verbose server banner
    E. SQL injection, clickjacking, unrestricted file upload, verbose server banner

  • Question 237:

    A penetration tester runs the following on a machine:

    Which of the following will be returned?

    A. 1
    B. 3
    C. 5
    D. 6

  • Question 238:

    During the exploitation phase of a penetration test, a vulnerability is discovered that allows command execution on a Linux web server. A cursory review confirms the system access is only in a low-privilege user context: www-data. After reviewing, the following output from /etc/sudoers:

    Which of the following users should be targeted for privilege escalation?

    A. Only members of the Linux admin group, OPERATORS, ADMINS, jedwards, and operator can execute privileged commands useful for privilege escalation.
    B. All users on the machine can execute privileged commands useful for privilege escalation.
    C. Bfranks, emann, members of the Linux admin group, OPERATORS, and ADMINS can execute commands useful for privilege escalation.
    D. Jedwards, operator, bfranks, emann, OPERATOR, and ADMINS can execute commands useful for privilege escalation.

  • Question 239:

    A penetration tester is asked to scope an external engagement. Which of the following would be a valid target?

    A. 104.45.98.126
    B. 169.254. 67.23
    C. 172.16.67.145
    D. 192.168.47.231

  • Question 240:

    The results of a basic compliance scan show a subset of assets on a network. This data differs from what is shown on the network architecture diagram, which was supplied at the beginning of the test. Which of the following are the MOST likely causes for this difference? (Select TWO)

    A. Storage access
    B. Limited network access
    C. Misconfigured DHCP server
    D. Incorrect credentials
    E. Network access controls

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PT0-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.