PT0-001 Exam Details

  • Exam Code
    :PT0-001
  • Exam Name
    :CompTIA PenTest+
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :306 Q&As
  • Last Updated
    :Apr 01, 2024

CompTIA PT0-001 Online Questions & Answers

  • Question 291:

    When calculating the sales price of a penetration test to a client, which of the following is the MOST important aspect to understand?

    A. The operating cost
    B. The client's budget
    C. The required scope of work
    D. The non-disclosure agreement

  • Question 292:

    A penetration tester observes that the content security policy header is missing during a web application penetration test. Which of the following techniques would the penetration tester MOST likely perform?

    A. Command injection attack
    B. Clickjacking attack
    C. Directory traversal attack
    D. Remote file inclusion attack

  • Question 293:

    An attacker receives a DHCP address and notices the hostname was populated in the corporate DNS server. Which of the following BEST describes how the attacker can use this information?

    A. VLAN hopping
    B. DCSync operation
    C. Setting custom SRV records
    D. WPAD attack

  • Question 294:

    A security guard observes an individual entering the building after scanning a badge. The facility has a strict badge-in and badge-out requirement with a turnstile. The security guard then audits the badge system and finds two log entries for the badge in question within the last 30 minutes. Which of the following has MOST likely occurred?

    A. The badge was cloned.
    B. The physical access control server is malfunctioning.
    C. The system reached the crossover error rate.
    D. The employee lost the badge.

  • Question 295:

    DRAG DROP

    A manager calls upon a tester to assist with diagnosing an issue within the following:

    Python script: #!/usr/bin/python s = “Administrator”

    The tester suspects it is an issue with string slicing and manipulation Analyze the following code segment and drag and drop the correct output for each string manipulation to its corresponding code segment Options may be used once or not at all.

    Select and Place:

  • Question 296:

    A penetration tester is assessing the security of a web form for a client and enters ";id" in one of the fields. The penetration tester observes the following response:

    Based on the response, which of the following vulnerabilities exists?

    A. SQL injection
    B. Session hijacking
    C. Command injection
    D. XSS/XSRF

  • Question 297:

    A penetration tester has successfully deployed an evil twin and is starting to see some victim traffic. The next step the penetration tester wants to take is to capture all the victim web traffic unencrypted. Which of the following would BEST meet this goal?

    A. Perform an HTTP downgrade attack.
    B. Harvest the user credentials to decrypt traffic.
    C. Perform an MITM attack.
    D. Implement a CA attack by impersonating trusted CAs.

  • Question 298:

    A penetration tester successfully exploits a system, receiving a reverse shell. Which of the following is a Meterpreter command that is used to harvest locally stored credentials?

    A. background
    B. hashdump
    C. session
    D. getuid
    E. psexec

  • Question 299:

    Which of the following is an example of a spear phishing attack?

    A. Targeting an executive with an SMS attack
    B. Targeting a specific team with an email attack
    C. Targeting random users with a USB key drop
    D. Targeting an organization with a watering hole attack

  • Question 300:

    In a physical penetration testing scenario, the penetration tester obtains physical access to a laptop following potential NEXT step to extract credentials from the device?

    A. Brute force the user's password.
    B. Perform an ARP spoofing attack.
    C. Leverage the BeEF framework to capture credentials.
    D. Conduct LLMNR/NETBIOS-ns poisoning.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PT0-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.