최신 PT0-002 무료덤프 - CompTIA PenTest+ Certification
A penetration tester fuzzes an internal server looking for hidden services and applications and obtains the following output:
Which of the following is the most likely explanation for the output?
Which of the following is the most likely explanation for the output?
정답: B
설명: (DumpTOP 회원만 볼 수 있음)
A penetration tester wants to scan a target network without being detected by the client's IDS. Which of the following scans is MOST likely to avoid detection?
정답: A
설명: (DumpTOP 회원만 볼 수 있음)
During an engagement, a penetration tester found the following list of strings inside a file:
Which of the following is the BEST technique to determine the known plaintext of the strings?
Which of the following is the BEST technique to determine the known plaintext of the strings?
정답: A
An external consulting firm is hired to perform a penetration test and must keep the confidentiality of the security vulnerabilities and the private data found in a customer's systems. Which of the following documents addresses this requirement?
정답: B
A penetration-testing team needs to test the security of electronic records in a company's office. Per the terms of engagement, the penetration test is to be conducted after hours and should not include circumventing the alarm or performing destructive entry. During outside reconnaissance, the team sees an open door from an adjoining building. Which of the following would be allowed under the terms of the engagement?
정답: D
설명: (DumpTOP 회원만 볼 수 있음)
Which of the following would a company's hunt team be MOST interested in seeing in a final report?
정답: D
A penetration tester received a 16-bit network block that was scoped for an assessment. During the assessment, the tester realized no hosts were active in the provided block of IPs and reported this to the company. The company then provided an updated block of IPs to the tester. Which of the following would be the most appropriate NEXT step?
정답: A
A penetration tester gains access to a web server and notices a large number of devices in the system ARP table. Upon scanning the web server, the tester determines that many of the devices are user ...ch of the following should be included in the recommendations for remediation?
정답: B
설명: (DumpTOP 회원만 볼 수 있음)
A Chief Information Security Officer wants a penetration tester to evaluate the security awareness level of the company's employees.
Which of the following tools can help the tester achieve this goal?
Which of the following tools can help the tester achieve this goal?
정답: A
Which of the following tools would be the best to use to intercept an HTTP response of an API, change its content, and forward it back to the origin mobile device?
정답: D
설명: (DumpTOP 회원만 볼 수 있음)
A penetration tester received a .pcap file to look for credentials to use in an engagement.
Which of the following tools should the tester utilize to open and read the .pcap file?
Which of the following tools should the tester utilize to open and read the .pcap file?
정답: A
A penetration tester is conducting an assessment on 192.168.1.112. Given the following output:
[ATTEMPT] target 192.168.1.112 - login "root" - pass "abcde"
[ATTEMPT] target 192.168.1.112 - login "root" - pass "edcfg"
[ATTEMPT] target 192.168.1.112 - login "root" - pass "qazsw"
[ATTEMPT] target 192.168.1.112 - login "root" - pass "tyuio"
Which of the following is the penetration tester conducting?
[ATTEMPT] target 192.168.1.112 - login "root" - pass "abcde"
[ATTEMPT] target 192.168.1.112 - login "root" - pass "edcfg"
[ATTEMPT] target 192.168.1.112 - login "root" - pass "qazsw"
[ATTEMPT] target 192.168.1.112 - login "root" - pass "tyuio"
Which of the following is the penetration tester conducting?
정답: D
A penetration tester needs to access a building that is guarded by locked gates, a security team, and cameras.
Which of the following is a technique the tester can use to gain access to the IT framework without being detected?
Which of the following is a technique the tester can use to gain access to the IT framework without being detected?
정답: D
A penetration tester ran the following command on a staging server:
python -m SimpleHTTPServer 9891
Which of the following commands could be used to download a file named exploit to a target machine for execution?
python -m SimpleHTTPServer 9891
Which of the following commands could be used to download a file named exploit to a target machine for execution?
정답: D
설명: (DumpTOP 회원만 볼 수 있음)
Which of the following best explains why communication is a vital phase of a penetration test?
정답: B
설명: (DumpTOP 회원만 볼 수 있음)
A company hired a penetration tester to do a social-engineering test against its employees. Although the tester did not find any employees' phone numbers on the company's website, the tester has learned the complete phone catalog was published there a few months ago.
In which of the following places should the penetration tester look FIRST for the employees' numbers?
In which of the following places should the penetration tester look FIRST for the employees' numbers?
정답: C
Which of the following concepts defines the specific set of steps and approaches that are conducted during a penetration test?
정답: D