2020 Updated CompTIA PenTest+ Certification PT0-001 Dumps Questions

To help you best prepare for your PT0-001 CompTIA PenTest+ Certification Exam, PassQuestion new updated CompTIA PenTest+ Certification PT0-001 Dumps Questions to help you practice the real questions with correct answers, it can ensure you pass your CompTIA PenTest+ PT0-001 exam successfully in your first time.

2020 Updated CompTIA PenTest+ Certification PT0-001 Dumps Questions

1. A constant wants to scan all the TCP Pots on an identified device.

Which of the following Nmap switches will complete this task?

-p-

-p ALX,

-p 1-65534

-port 1-65534

2. A security consultant is trying to attack a device with a previously identified user account.

Which of the following types of attacks is being executed?

Credential dump attack

DLL injection attack

Reverse shell attack

Pass the hash attack

3. The following command is run on a Linux file system:

Chmod 4111 /usr/bin/sudo

Which of the following issues may be exploited now?

Kernel vulnerabilities

Sticky bits

Unquoted service path

Misconfigured sudo

4. A client is asking a penetration tester to evaluate a new web application for availability.

Which of the following types of attacks should the tester use?

TCP SYN flood

SQL injection

xss

XMAS scan

5. During a penetration test, a tester runs a phishing campaign and receives a shell from an internal PC running Windows 10 OS. The tester wants to perform credential harvesting with Mimikatz.

Which of the following registry changes would allow for credential caching in memory?

reg add HKLM\System\ControlSet002\Control\SecurityProviders\WDigest /v userLogoCredential /t REG_DWORD /d 0

reg add HKCU\System\CurrentControlSet\Control\SecurityProviders\WDigest /v userLogoCredential /t REG_DWORD /d 1

reg add HKLM\Software\CurrentControlSet\Control\SecurityProviders\WDigest /v userLogoCredential /t REG_DWORD /d 1

reg add HKLM\System\CurrentControlSet\Control\SecurityProviders\WDigest /v userLogoCredential /t REG_DWORD /d 1

6. In which of the following components is an exploited vulnerability MOST likely to affect multiple running application containers at once?

Common libraries

Configuration files

Sandbox escape

ASLR bypass

7. Which of the following would be BEST for performing passive reconnaissance on a target’s external domain?

Peach

CeWL

OpenVAS

Shodan

8. If a security consultant comes across a password hash that resembles the following

b117 525b3454 7Oc29ca3dBaeOb556ba8

Which of the following formats is the correct hash type?

Kerberos

NetNTLMvl

NTLM

SHA-1

9. A penetration tester was able to retrieve the initial VPN user domain credentials by phishing a member of the IT department. Afterward, the penetration tester obtained hashes over the VPN and easily cracked them using a dictionary attack.

Which of the following remediation steps should be recommended? (Select THREE)

Mandate all employees take security awareness training

Implement two-factor authentication for remote access

Install an intrusion prevention system

Increase password complexity requirements

Install a security information event monitoring solution.

Prevent members of the IT department from interactively logging in as administrators

Upgrade the cipher suite used for the VPN solution

10. A software development team recently migrated to new application software on the on-premises environment Penetration test findings show that multiple vulnerabilities exist If a penetration tester does not have access to a live or test environment, a test might be better to create the same environment on the VM Which of the following is MOST important for confirmation?

Unsecure service and protocol configuration

Running SMB and SMTP service

Weak password complexity and user account

Misconfiguration

11. A security analyst has uncovered a suspicious request in the logs for a web application. Given the following URL:

http: www.company-site.com/about.php?i=_V_V_V_V_VetcVpasswd

Which of the following attack types is MOST likely to be the vulnerability?

Directory traversal

Cross-site scripting

Remote file inclusion

User enumeration

12. An assessor begins an internal security test of the Windows domain internal.comptia.net. The assessor is given network access via DHCP, but is not given any network maps or target IP addresses.

Which of the following commands can the assessor use to find any likely Windows domain controllers?

dig -q any _kerberos._tcp.internal.comptia.net

dig -q any _lanman._tcp.internal.comptia.net

dig -q any _ntlm._tcp.internal.comptia.net

dig -q any _smtp._tcp.internal.comptia.net

13. While prioritizing findings and recommendations for an executive summary, which of the following considerations would De MOST valuable to the client?

Levels of difficulty to exploit identified vulnerabilities

Time taken to accomplish each step

Risk tolerance of the organization

Availability of patches and remediations

14. After several attempts, an attacker was able to gain unauthorized access through a biometric sensor using the attacker’s actual fingerprint without exploitation.

Which of the following is the MOST likely explanation of what happened?

The biometric device is tuned more toward false positives

The biometric device is configured more toward true negatives

The biometric device is set to fail closed

The biometnc device duplicated a valid user’s fingerpnnt.

15. A penetration tester successfully exploits a DM2 server that appears to be listening on an outbound port. The penetration tester wishes to forward that traffic back to a device.

Which of the following are the BEST tools to use few this purpose? (Select TWO)

Tcpdump

Nmap

Wiresrtark

SSH

Netcat

Cain and Abel

16. The results of a basic compliance scan show a subset of assets on a network. This data differs from what is shown on the network architecture diagram, which was supplied at the beginning of the test.

Which of the following are the MOST likely causes for this difference? (Select TWO)

Storage access

Limited network access

Misconfigured DHCP server

Incorrect credentials

Network access controls

17. A penetration tester has successfully exploited an application vulnerability and wants to remove the command history from the Linux session.

Which of the following will accomplish this successfully?

history –remove

cat history I clear

rm -f ./history

history -c

18. When performing compliance-based assessments, which of the following is the MOST important Key consideration?

Additional rate

Company policy

Impact tolerance

Industry type

19. Which of the following BEST explains why it is important to maintain confidentiality of any identified findings when performing a penetration test?

Penetration test findings often contain company intellectual property

Penetration test findings could lead to consumer dissatisfaction if made pubic

Penetration test findings are legal documents containing privileged information

Penetration test findings can assist an attacker in compromising a system

20. A penetration tester is designing a phishing campaign and wants to build list of users (or the target organization.

Which of the following techniques would be the MOST appropriate? (Select TWO)

Query an Internet WHOIS database.

Search posted job listings.

Scrape the company website.

Harvest users from social networking sites.

Socially engineer the corporate call center.

2020 Updated CompTIA PenTest+ Certification PT0-001 Dumps Questions

2020 Updated CompTIA PenTest+ Certification PT0-001 Dumps Questions

Leave a Reply Cancel reply