PT0-001 Exam Details

  • Exam Code
    :PT0-001
  • Exam Name
    :CompTIA PenTest+
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :306 Q&As
  • Last Updated
    :Apr 01, 2024

CompTIA PT0-001 Online Questions & Answers

  • Question 261:

    A company requested a penetration tester review the security of an in-house-developed Android application. The penetration tester received an APK file to support the assessment. The penetration tester wants to run SAST on the APK file. Which of the following preparatory steps must the penetration tester do FIRST? (Select TWO)

    A. Convert to JAR
    B. Decompile
    C. Cross-compile the application
    D. Convert JAR files to DEX
    E. Re-sign the APK
    F. Attach to ADB

  • Question 262:

    Prior to a security assessment of a company's user population via spear phishing, which of the following is the MOST appropriate method to de-escalate any incidents or consequences?

    A. Determine the appropriate format and content of the spear-phishing emails.
    B. Send follow-up communication to spear-phishing targets to notify of the assessment.
    C. Carefully prioritize the list of targeted users, excluding high value targets.
    D. Provide limited but necessary communication prior to the assessment.

  • Question 263:

    Which of the following is the BEST initial attack against an identified FTP server on the remote network?

    A. Perform fuzzing against a username field.
    B. Use a MITM to sniff transferred credentials in cleartext.
    C. Attempt to log in as anonymous.
    D. Perform a dictionary attack.

  • Question 264:

    Which of the following documents BEST describes the manner in which a security assessment will be conducted?

    A. BIA
    B. SOW
    C. SLA
    D. MSA

  • Question 265:

    Given the following HTTP response:

    http/1.0 200 OKServer: ApacheSet-Cookie: AUTHID=879DHUT74D9A7C; http-onlyContent-type: text/htmlConnection: Close

    Which of the following aspects of an XSS attack would be prevented?

    A. Client-side website defacement
    B. Session hijacking
    C. Cross-site request forgery
    D. JavaScript keylogging

  • Question 266:

    During testing, a critical vulnerability is discovered on a client's core server. Which of the following should be the NEXT action?

    A. Disable the network port of the affected service.
    B. Complete all findings, and then submit them to the client.
    C. Promptly alert the client with details of the finding.
    D. Take the target offline so it cannot be exploited by an attacker.

  • Question 267:

    A penetration test was performed by an on-staff technicians junior technician. During the test, the technician discovered the application could disclose an SQL table with user account and password information. Which of the following is the MOST effective way to notify management of this finding and its importance?

    A. Document Ihe findtngs with an executive summary, recommendations, and screenshots of the web apphcation disclosure.
    B. Connect to the SQL server using this information and change the password to one or two non-critical accounts to demonstrate a proof-of-concept to management.
    C. Notify the development team of the discovery and suggest that input validation be implemented on the web application's SQL query strings.
    D. Request that management create an RFP to begin a formal engagement with a professional penetration testing company.

  • Question 268:

    A company received a report with the following finding While on the internal network the penetration tester was able to successfully capture SMB broadcasted user ID and password information on the network and decode this information This allowed the penetration tester to then join their own computer to the ABC domain

    Which of the following remediation's are appropriate for the reported findings'? (Select TWO)

    A. Set the Schedule Task Service from Automatic to Disabled
    B. Enable network-level authentication
    C. Remove the ability from Domain Users to join domain computers to the network
    D. Set the netlogon service from Automatic to Disabled
    E. Set up a SIEM alert to monitor Domain joined machines
    F. Set "Digitally sign network communications" to Always

  • Question 269:

    After performing a security assessment for a firm, the client was found to have been billed for the time the client's test environment was unavailable The Client claims to have been billed unfairly. Which of the following documents would MOST likely be able to provide guidance in such a situation?

    A. SOW
    B. NDA
    C. EULA
    D. BPA

  • Question 270:

    A security analyst was provided with a detailed penetration report, which was performed against the organization's DMZ environment. It was noted on the report that a finding has a CVSS base score of 10.0. Which of the following levels of difficulty would be required to exploit this vulnerability?

    A. Very difficult; perimeter systems are usually behind a firewall.
    B. Somewhat difficult; would require significant processing power to exploit.
    C. Trivial; little effort is required to exploit this finding.
    D. Impossible; external hosts are hardened to protect against attacks.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PT0-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.