PT0-001 Exam Details

  • Exam Code
    :PT0-001
  • Exam Name
    :CompTIA PenTest+
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :306 Q&As
  • Last Updated
    :Apr 01, 2024

CompTIA PT0-001 Online Questions & Answers

  • Question 61:

    Which of the following commands will allow a tester to enumerate potential unquoted services paths on a host?

    A. wmic environment get name, variablevalue, username / findstr /i "Path" | findstr /i "service"
    B. wmic service get /format:hform > c:\temp\services.html
    C. wmic startup get caption, location, command | findstr /i "service" | findstr /v /i "%"
    D. wmic service get name, displayname, patchname, startmode | findstr /i "auto" | findstr /i /v "c:\windows\\" | findstr /i /v """

  • Question 62:

    A penetration tester runs the following from a compromised box 'python -c -import pty;Pty.sPawn( "/bin/bash").' Which of the following actions is the tester taking?

    A. Removing the Bash history
    B. Upgrading the shell
    C. Creating a sandbox
    D. Capturing credentials

  • Question 63:

    A penetration tester ran the following Nmap scan on a computer:

    nmap -aV 192.168.1.5

    The organization said it had disabled Telnet from its environment. However, the results of the Nmap scan show port 22 as closed and port 23 as open to SSH. Which of the following is the BEST explanation for what happened?

    A. The organization failed to disable Telnet.
    B. Nmap results contain a false positive for port 23.
    C. Port 22 was filtered.
    D. The service is running on a non-standard port.

  • Question 64:

    Which of the following is the MOST comprehensive type of penetration test on a network?

    A. Black box
    B. White box
    C. Gray box
    D. Red team
    E. Architecture review

  • Question 65:

    A security guard observes an individual entering the building after scanning a badge. The facility has a strict badge-in and badge-out requirement with a turnstile. The security guard then audits the badge system and finds two log entries for the badge.

    A. The badge was cloned.
    B. The physical access control server is malfunctioning
    C. The system reached the crossover error rate.
    D. The employee lost the badge.

  • Question 66:

    A penetration tester is reviewing a Zigbee Implementation for security issues. Which of the following device types is the tester MOST likely testing?

    A. Router
    B. loT
    C. WAF
    D. PoS

  • Question 67:

    Which of the following BEST describes the difference between a red team engagement and a penetration test?

    A. A penetration test has a broad scope and emulates advanced persistent threats while a red team engagement has a limited scope and focuses more on vulnerability identification
    B. A red team engagement has a broad scope and emulates advanced persistent threats, while a penetration test has a limited scope and focuses more on vulnerability identification
    C. A red team engagement has a broad scope and focuses more on vulnerability identification, while a penetration test has a limited scope and emulates advanced persistent threats
    D. A penetration test has a broad scope and focuses more on vulnerability identification while a red team engagement has a limited scope and emulates advanced persistent threats

  • Question 68:

    A penetration tester is exploiting the use of default public and private community strings Which of the following protocols is being exploited?

    A. SMTP
    B. DNS
    C. SNMP
    D. HTTP

  • Question 69:

    A penetration tester reported the following vulnerabilities:

    Which of the following is the correct order to rate the vulnerabilities from critical to low considering the MOST immediate impact?

    A. Unrestricted file upload, stored XSS, SQL injection, verbose server headers
    B. SQL injection, unrestricted file upload, stored XSS, verbose server headers
    C. Verbose server headers, unrestricted file upload, stored XSS, SQL injection
    D. Stored XSS, SQL injection, unrestricted file upload, verbose server headers

  • Question 70:

    While reviewing logs, a web developer notices the following user input string in a field:

    Which of the following types of attacks was done to the website?

    A. XSS injection
    B. Blind XSS
    C. Reflected XSS
    D. Persistent XSS

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PT0-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.