CompTIA CompTIA PenTest+ PT1-002 Questions & Answers

• Question 21:

  A penetration tester conducted an assessment on a web server. The logs from this session show the following:

  http://www.thecompanydomain.com/servicestatus.php?serviceID=892andserviceID=892 ` ; DROP TABLE SERVICES; -

  Which of the following attacks is being attempted?

  A. Clickjacking

  B. Session hijacking

  C. Parameter pollution

  D. Cookie hijacking

  E. Cross-site scripting

  Correct Answer: C

• Question 22:

  An assessment has been completed, and all reports and evidence have been turned over to the client. Which of the following should be done NEXT to ensure the confidentiality of the client's information?

  A. Follow the established data retention and destruction process

  B. Report any findings to regulatory oversight groups

  C. Publish the findings after the client reviews the report

  D. Encrypt and store any client information for future analysis

  Correct Answer: D

• Question 23:

  Which of the following BEST describes why a client would hold a lessons-learned meeting with the penetration-testing team?

  A. To provide feedback on the report structure and recommend improvements

  B. To discuss the findings and dispute any false positives

  C. To determine any processes that failed to meet expectations during the assessment

  D. To ensure the penetration-testing team destroys all company data that was gathered during the test

  Correct Answer: C

• Question 24:

  A penetration tester who is performing a physical assessment of a company's security practices notices the company does not have any shredders inside the office building. Which of the following techniques would be BEST to use to gain confidential information?

  A. Badge cloning

  B. Dumpster diving

  C. Tailgating

  D. Shoulder surfing

  Correct Answer: B

• Question 25:

  The results of an Nmap scan are as follows:

  Starting Nmap 7.80 ( https://nmap.org ) at 2021-01-24 01:10 EST

  Nmap scan report for ( 10.2.1.22 )

  Host is up (0.0102s latency).

  Not shown: 998 filtered ports

  Port State Service

  80/tcp open http

  |_http-title: 80F 22% RH 1009.1MB (text/html)

  |_http-slowloris-check:

  | VULNERABLE:

  | Slowloris DoS Attack

  | <..>

  Device type: bridge|general purpose

  Running (JUST GUESSING) : QEMU (95%)

  OS CPE: cpe:/a:qemu:qemu

  No exact OS matches found for host (test conditions non-ideal).

  OS detection performed. Please report any incorrect results at https://nmap.org/submit/.

  Nmap done: 1 IP address (1 host up) scanned in 107.45 seconds

  Which of the following device types will MOST likely have a similar response? (Choose two.)

  A. Network device

  B. Public-facing web server

  C. Active Directory domain controller

  D. IoT/embedded device

  E. Exposed RDP

  F. Print queue

  Correct Answer: AB

• Question 26:

  The results of an Nmap scan are as follows:

  

  Which of the following would be the BEST conclusion about this device?

  A. This device may be vulnerable to the Heartbleed bug due to the way transactions over TCP/22 handle heartbeat extension packets, allowing attackers to obtain sensitive information from process memory.

  B. This device is most likely a gateway with in-band management services.

  C. This device is most likely a proxy server forwarding requests over TCP/443.

  D. This device may be vulnerable to remote code execution because of a butter overflow vulnerability in the method used to extract DNS names from packets prior to DNSSEC validation.

  Correct Answer: A

• Question 27:

  A penetration tester has been given eight business hours to gain access to a client's financial system. Which of the following techniques will have the highest likelihood of success?

  A. Attempting to tailgate an employee going into the client's workplace

  B. Dropping a malicious USB key with the company's logo in the parking lot

  C. Using a brute-force attack against the external perimeter to gain a foothold

  D. Performing spear phishing against employees by posing as senior management

  Correct Answer: C

• Question 28:

  A company that developers embedded software for the automobile industry has hired a penetration-testing team to evaluate the security of its products prior to delivery. The penetration-testing team has stated its intent to subcontract to a reverse-engineering team capable of analyzing binaries to develop proof-of-concept exploits. The software company has requested additional background investigations on the reverse-engineering team prior to approval of the subcontract. Which of the following concerns would BEST support the software company's request?

  A. The reverse-engineering team may have a history of selling exploits to third parties.

  B. The reverse-engineering team may use closed-source or other non-public information feeds for its analysis.

  C. The reverse-engineering team may not instill safety protocols sufficient for the automobile industry.

  D. The reverse-engineering team will be given access to source code for analysis.

  Correct Answer: D

• Question 29:

  A penetration tester conducted a vulnerability scan against a client's critical servers and found the following:

  

  Which of the following would be a recommendation for remediation?

  A. Deploy a user training program

  B. Implement a patch management plan

  C. Utilize the secure software development life cycle

  D. Configure access controls on each of the servers

  Correct Answer: B

• Question 30:

  A tester who is performing a penetration test on a website receives the following output:

  Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /var/www/search.php on line 62

  Which of the following commands can be used to further attack the website?

  A.

  B. ../../../../../../../../../../etc/passwd

  C. /var/www/html/index.php;whoami

  D. 1 UNION SELECT 1, DATABASE(),3-

  Correct Answer: C