Exam Details
Exam Code
:PT0-001Exam Name
:CompTIA PenTest+ ExamCertification
:CompTIA PenTest+Vendor
:CompTIATotal Questions
:306 Q&AsLast Updated
:Apr 01, 2024
CompTIA CompTIA PenTest+ PT0-001 Questions & Answers
-
Question 41:
While conducting information gathering, a penetration tester is trying to identify Windows hosts. Which of the following characteristics would be BEST to use for fingerprinting?
A. The system responds with a MAC address that begins with 00:0A:3B.
B. The system responds with port 22 open.
C. The system responds with a TTL of 128.
D. The system responds with a TCP window size of 5840.
-
Question 42:
A penetration tester has gained a root shell on a target Linux server and wants to have the server "check in" over HTTP using a GET request to the penetration tester's laptop once every hour, even after system reboots. The penetration tester wrote a bash script to perform this. Which of the following represents the BEST method to persist the script?
A. Execute the script to run in a screen session.
B. Use the nohup command to launch the script immune to logouts.
C. Configure a systemd service at default run level to launch the script.
D. Modify .bash_profile to launch the script in the background.
-
Question 43:
A penetration testing company was hired to conduct a penetration test against Company A's network of 20.10.10.0/24 and mail.companyA.com. While the penetration testing company was in the information gathering phase, it was discovered that the mail.companyA.com IP address resolved to 20.15.1.2 and belonged to Company B. Which of the following would be the BEST solution to conduct penetration testing against mail.companyA.com?
A. The penetration tester should conduct penetration testing against mail.companyA.com because the domain name is in scope.
B. The penetration tester should ask Company A for a signed statement giving permission to conduct a test against mail.companyA.com.
C. The penetration tester should ignore mail.companyA.com testing and complete only the network range 20.10.10.0/24.
D. The penetration tester should only use passive open source intelligence gathering methods leveraging publicly available information to analyze mail.companyA.com.
-
Question 44:
The results of a basic compliance scan show a subset of assets on a network. This data differs from what is shown on the network architecture diagram, which was supplied at the beginning of the test. Which of the following are the MOST likely causes for this difference? (Choose two.)
A. Storage access
B. Limited network access
C. Misconfigured DHCP server
D. Incorrect VLAN scanned
E. Network access controls
-
Question 45:
Which of the following BEST describes why an MSA is helpful?
A. It contractually binds both parties to not disclose vulnerabilities.
B. It reduces potential for scope creep.
C. It clarifies the business arrangement by agreeing to specific terms.
D. It defines the timelines for the penetration test.
-
Question 46:
A recent vulnerability scan of all web servers in an environment offers the following results:
Taking a risk-based approach, which of the following is the BEST order to approach remediation based on exposure?
A. Unrestricted file upload, clickjacking, verbose server banner, SQL injection
B. Unrestricted file upload, SQL injection, clickjacking, verbose server banner
C. Clickjacking, unrestricted file upload, verbose server banner, SQL injection
D. SQL injection, unrestricted file upload, clickjacking, verbose server banner
E. SQL injection, clickjacking, unrestricted file upload, verbose server banner
-
Question 47:
An Internet-accessible database server was found with the following ports open: 22, 53, 110, 1433, and 3389. Which of the following would be the BEST hardening technique to secure the server?
A. Ensure all protocols are using encryption.
B. Employ network ACLs.
C. Disable source routing on the server.
D. Ensure the IDS rules have been updated.
-
Question 48:
Which of the following is the BEST initial attack against an identified FTP server on the remote network?
A. Perform fuzzing against a username field.
B. Use a MITM to sniff transferred credentials in cleartext.
C. Attempt to log in as anonymous.
D. Perform a dictionary attack.
-
Question 49:
While performing privilege escalation on a Windows 7 workstation, a penetration tester identifies a service that imports a DLL by name rather than an absolute path. To exploit this vulnerability, which of the following criteria must be met?
A. Permissions not disabled in the DLL
B. Weak folder permissions of a directory in the DLL search path
C. Write permissions in the C:\Windows\System32\imports directory
D. DLL not cryptographically signed by the vendor
-
Question 50:
A penetration tester is performing a remote internal penetration test by connecting to the testing system from the Internet via a reverse SSH tunnel. The testing system has been placed on a general user subnet with an IP address of
192.168.1.13 and a gateway of 192.168.1.1. Immediately after running the command below, the penetration tester's SSH connection to the testing platform drops:
Which of the following ettercap commands should the penetration tester use in the future to perform ARP spoofing while maintaining a reliable connection?
A. # sudo ettercap –Tq –w output.cap –M ARP /192.168.1.0/ /192.168.1.255/
B. # proxychains ettercap –Tq –w output.cap –M ARP /192.168.1.13/ /192.168.1.1/
C. # ettercap –Tq –w output.cap –M ARP 00:00:00:00:00:00//80 FF:FF:FF:FF:FF:FF//80
D. # ettercap ––safe-mode –Tq –w output.cap –M ARP /192.168.1.2–255/ /192.168.1.13/
E. # ettercap –Tq –w output.cap –M ARP /192.168.1.2–12;192.168.1.14–255/ /192.168.1.1/
Tips on How to Prepare for the Exams
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PT0-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.