최신 PT0-001 무료덤프 - CompTIA PenTest+ Certification

문제1

A penetration tester runs the following from a compromised box 'python -c -import pty;Pty.sPawn( "/bin/bash").' Which of the following actions is the tester taking?

A. Removing the Bash history

B. Capturing credentials

C. Upgrading the shell

D. Creating a sandbox

정답: C

문제2

A penetration tester is preparing for an assessment of a web server's security, which is used to host several sensitive web applications. The web server is PKI protected, and the penetration tester reviews the certificate presented by the server during the SSL handshake. Which of the following certificate fields or extensions would be of MOST use to the penetration tester during an assessment?

A. Subject alternative name

B. Authority information access

C. Subject key identifier

D. Service principal name

정답: B

문제3

While prioritizing findings and recommendations for an executive summary, which of the following considerations would De MOST valuable to the client?

A. Availability of patches and remediations

B. Risk tolerance of the organization

C. Time taken to accomplish each step

D. Levels of difficulty to exploit identified vulnerabilities

정답: B

문제4

A client has scheduled a wireless penetration test. Which of the following describes the scoping target information MOST likely needed before testing can begin?

A. The number of wireless devices owned by the client

B. The client's preferred wireless access point vendor

C. The physical location and network ESSIDs to be tested

D. The bands and frequencies used by the client's devices

정답: D

문제5

A healthcare organization must abide by local regulations to protect and attest to the protection of personal health information of covered individuals. Which of the following conditions should a penetration tester specifically test for when performing an assessment? (Select TWO).

A. Health information communicated over HTTP

B. S/MIME certificate templates defined by the CA

C. Cleartext exposure of SNMP trap data

D. DAR encryption on records servers

E. Software bugs resident in the IT ticketing system

정답: A,D

문제6

Which of the following can be used to perform online password attacks against RDP?

A. Hashcat

B. Aircrack-ng

C. Ncrack

D. John the Rippef

정답: C

문제7

A penetration tester is performing a validation scan after an organization remediated a vulnerability on port 443 The penetration tester observes the following output:

Which of the following has MOST likely occurred?

A. A mismatched firewall rule is blocking 443.

B. The organization moved services to port 8443

C. The IPS is blocking traffic to port 443

D. The scan results were a false positive.

정답: B

문제8

A client requests that a penetration tester emulate a help desk technician who was recently laid off. Which of the following BEST describes the abilities of the threat actor?

A. Organized crime

B. Advanced persistent threat

C. Script kiddie

D. Hacktivist

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제9

A penetration tester observes that several high numbered ports are listening on a public web server. However, the system owner says the application only uses port 443. Which of the following would be BEST to recommend?

A. Filter port 443 to specific IP addresses

B. Implement a web application firewall

C. Disable unneeded services.

D. Transition the application to another port

정답: C

문제10

A technician is reviewing the following report. Given this information, identify which vulnerability can be definitively confirmed to be a false positive by dragging the "false positive" token to the "Confirmed" column for each vulnerability that is a false positive.

정답:

문제11

A penetration tester reported the following vulnerabilities:

Which of the following is the correct order to rate the vulnerabilities from critical to low considering the MOST immediate impact?

A. Verbose server headers, unrestricted file upload, stored XSS, SQL injection

B. Stored XSS, SQL injection, unrestricted file upload, verbose server headers

C. SQL injection, unrestricted file upload, stored XSS, verbose server headers

D. Unrestricted file upload, stored XSS, SQL injection, verbose server headers

정답: C

문제12

A penetration tester is performing a black-box test of a client web application, and the scan host is unable to access it. The client has sent screenshots showing the system is functioning correctly. Which of the following is MOST likely the issue?

A. The penetration tester was not provided with a WSDL file.

B. The tester has provided an incorrect password for the application.

C. An IPS/WAF whitelist is in place to protect the environment.

D. The penetration tester needs an OAuth bearer token.

정답: D

문제13

Which of the following wordlists is BEST for cracking MD5 password hashes of an application's users from a compromised database?

A. ./wfuzz/wordlist''vulns/sq1_inj -txt

B. ./wordlists/raeta3ploit/roet_uaerpass.txt

C. . /wordlists/rockyou.txt

D. ./dirb/wordlists/big.txt

정답: C

문제14

A penetration tester is reviewing the following output from a wireless sniffer:

Which of the following can be extrapolated from the above information?

A. Usernames

B. Channel interference

C. Key strength

D. Hardware vendor

정답: A

최신 PT0-001 무료덤프 - CompTIA PenTest+ Certification

우리와 연락하기

유용한 링크

최신 업데이트