최신 PT0-002 무료덤프 - CompTIA PenTest+ Certification
A penetration tester is assessing a wireless network. Although monitoring the correct channel and SSID, the tester is unable to capture a handshake between the clients and the AP. Which of the following attacks is the MOST effective to allow the penetration tester to capture a handshake?
정답: D
설명: (DumpTOP 회원만 볼 수 있음)
A client asks a penetration tester to retest its network a week after the scheduled maintenance window. Which of the following is the client attempting to do?
정답: A
설명: (DumpTOP 회원만 볼 수 있음)
A penetration tester wants to find hidden information in documents available on the web at a particular domain. Which of the following should the penetration tester use?
정답: D
설명: (DumpTOP 회원만 볼 수 있음)
A penetration tester conducted an assessment on a web server. The logs from this session show the following:
http://www.thecompanydomain.com/servicestatus.php?serviceID=892&serviceID=892 ' ; DROP TABLE SERVICES; --
Which of the following attacks is being attempted?
http://www.thecompanydomain.com/servicestatus.php?serviceID=892&serviceID=892 ' ; DROP TABLE SERVICES; --
Which of the following attacks is being attempted?
정답: E
A penetration tester wrote the following script to be used in one engagement:
Which of the following actions will this script perform?
Which of the following actions will this script perform?
정답: A
설명: (DumpTOP 회원만 볼 수 있음)
A penetration tester finds a PHP script used by a web application in an unprotected internal source code repository. After reviewing the code, the tester identifies the following:
Which of the following tools will help the tester prepare an attack for this scenario?
Which of the following tools will help the tester prepare an attack for this scenario?
정답: C
설명: (DumpTOP 회원만 볼 수 있음)
A penetration tester is working on a scoping document with a new client. The methodology the client uses includes the following:
Pre-engagement interaction (scoping and ROE)
Intelligence gathering (reconnaissance)
Threat modeling
Vulnerability analysis
Exploitation and post exploitation
Reporting
Which of the following methodologies does the client use?
Pre-engagement interaction (scoping and ROE)
Intelligence gathering (reconnaissance)
Threat modeling
Vulnerability analysis
Exploitation and post exploitation
Reporting
Which of the following methodologies does the client use?
정답: B
A CentOS computer was exploited during a penetration test. During initial reconnaissance, the penetration tester discovered that port 25 was open on an internal
Sendmail server. To remain stealthy, the tester ran the following command from the attack machine:
Which of the following would be the BEST command to use for further progress into the targeted network?
Sendmail server. To remain stealthy, the tester ran the following command from the attack machine:
Which of the following would be the BEST command to use for further progress into the targeted network?
정답: C
Which of the following is the BEST resource for obtaining payloads against specific network infrastructure products?
정답: C
설명: (DumpTOP 회원만 볼 수 있음)
A penetration tester is testing a new version of a mobile application in a sandbox environment. To intercept and decrypt the traffic between the application and the external API, the tester has created a private root CA and issued a certificate from it. Even though the tester installed the root CA into the trusted stone of the smartphone used for the tests, the application shows an error indicating a certificate mismatch and does not connect to the server. Which of the following is the
MOST likely reason for the error?
MOST likely reason for the error?
정답: C
During an assessment, a penetration tester obtains a list of password digests using Responder. Which of the following tools would the penetration tester most likely use next?
정답: C
설명: (DumpTOP 회원만 볼 수 있음)
A penetration tester is performing a vulnerability scan on a large ATM network. One of the organization's requirements is that the scan does not affect legitimate clients' usage of the ATMs. Which of the following should the tester do to best meet the company's vulnerability scan requirements?
정답: D
A consulting company is completing the ROE during scoping.
Which of the following should be included in the ROE?
Which of the following should be included in the ROE?
정답: A
A security company has been contracted to perform a scoped insider-threat assessment to try to gain access to the human resources server that houses PII and salary data. The penetration testers have been given an internal network starting position.
Which of the following actions, if performed, would be ethical within the scope of the assessment?
Which of the following actions, if performed, would be ethical within the scope of the assessment?
정답: C
A penetration tester is conducting an assessment against a group of publicly available web servers and notices a number of TCP resets returning from one of the web servers. Which of the following is MOST likely causing the TCP resets to occur during the assessment?
정답: B
설명: (DumpTOP 회원만 볼 수 있음)
Which of the following documents describes specific activities, deliverables, and schedules for a penetration tester?
정답: B
설명: (DumpTOP 회원만 볼 수 있음)
The following output is from reconnaissance on a public-facing banking website:
Based on these results, which of the following attacks is MOST likely to succeed?
Based on these results, which of the following attacks is MOST likely to succeed?
정답: A
설명: (DumpTOP 회원만 볼 수 있음)
Which of the following documents should be consulted if a client has an issue accepting a penetration test report that was provided?
정답: D
설명: (DumpTOP 회원만 볼 수 있음)