Winter Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: v4s65

  1. Home
  2. CompTIA
  3. PenTest+
  4. PT0-001 - CompTIA PenTest+ Exam
Note! Following PT0-001 Exam is Retired now. Please select the alternative replacement for your Exam Certification. The new exam code is PT0-002

PT0-001 Exam Dumps - CompTIA PenTest+ Exam

Go to page:
Question # 17

A penetration tester locates a few unquoted service paths during an engagement. Which of the following can the tester attempt to do with these?

A.

Attempt to crack the service account passwords.

B.

Attempt DLL hijacking attacks.

C.

Attempt to locate weak file and folder permissions.

D.

Attempt privilege escalation attacks.

Full Access
Question # 18

Which of the following properties of the penetration testing engagement agreement will have the largest impact on observing and testing production systems at their highest loads?

A.

Creating a scope of the critical production systems

B.

Setting a schedule of testing access times

C.

Establishing a white-box testing engagement

D.

Having management sign-off on intrusive testing

Full Access
Question # 19

A client has scheduled a wireless penetration test. Which of the following describes the scoping target

information MOST likely needed before testing can begin?

A.

The physical location and network ESSIDs to be tested

B.

The number of wireless devices owned by the client

C.

The client's preferred wireless access point vendor

D.

The bands and frequencies used by the client's devices

Full Access
Question # 20

A security assessor completed a comprehensive penetration test of a company and its networks and systems.

During the assessment, the tester identified a vulnerability in the crypto library used for TLS on the company's

intranet-wide payroll web application. However, the vulnerability has not yet been patched by the vendor,

although a patch is expected within days. Which of the following strategies would BEST mitigate the risk of

impact?

A.

Modify the web server crypto configuration to use a stronger cipher-suite for encryption, hashing, and

digital signing.

B.

Implement new training to be aware of the risks in accessing the application. This training can be

decommissioned after the vulnerability is patched.

C.

Implement an ACL to restrict access to the application exclusively to the finance department. Reopen the

application to company staff after the vulnerability is patched.

D.

Require payroll users to change the passwords used to authenticate to the application. Following the

patching of the vulnerability, implement another required password change.

Full Access
Question # 21

A penetration tester, who is not on the client’s network. is using Nmap to scan the network for hosts that are in scope. The penetration tester is not receiving any response on the command:

nmap 100.100/1/0-125

Which of the following commands would be BEST to return results?

A.

nmap -Pn -sT 100.100.1.0-125

B.

nmap -sF -p 100.100.1.0-125

C.

nmap -sV -oA output 100.100.10-125

D.

nmap 100.100.1.0-125 -T4

Full Access
Question # 22

Which of the following would BEST prevent fence jumping at a facility?

A.

Install proper lighting around the perimeter of the facility.

B.

Decrease the distance between the links in the fence.

C.

Add a top guard on the fence that faces away from the facility.

D.

Place video cameras that are angled toward the fence.

Full Access
Question # 23

A vulnerability scan identifies that an SSL certificate does not match the hostname; however, the client disputes the finding. Which of the following techniques can the penetration tester perform to adjudicate the validity of the findings?

A.

Ensure the scanner can make outbound DNS requests.

B.

Ensure the scanner is configured to perform ARP resolution.

C.

Ensure the scanner is configured to analyze IP hosts.

D.

Ensure the scanner has the proper plug -ins loaded.

Full Access
Question # 24

An email sent from the Chief Executive Officer (CEO) to the Chief Financial Officer (CFO) states a wire transfer is needed to pay a new vendor. Neither is aware of the vendor, and the CEO denies ever sending the email. Which of the following types of motivation was used m this attack?

A.

Principle of fear

B.

Principle of authority

C.

Principle of scarcity

D.

Principle of likeness

E.

Principle of social proof

Full Access
Go to page:

Hot Exams

ADM-201 Dumps
Platform-App-Builder Dumps
AZ-500 Dumps
350-701 Dumps
SY0-601 Dumps
NCSE-Core Dumps
PDP9 Dumps
DP-203 Dumps
AZ-700 Dumps
NSE7_EFW-7.0 Dumps
Integration-Architect Dumps
CS0-003 Dumps