• No results found

CompTIA PenTest+ Certification Exam

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "CompTIA PenTest+ Certification Exam"

Copied!
14
0
0

Loading.... (view fulltext now)

Download now ( 14 Page )

Full text

(1)

CompTIA PenTest+ Certification Exam

CompTIA PT0-001

Version Demo

Total Demo Questions: 10

Total Premium Questions: 196

Buy Premium PDF

(2)

QUESTION NO: 1

When negotiating a penetration testing contract with a prospective client, which of the following disclaimers should be included in order to mitigate liability in case of a future breach of the client’s systems?

A. The proposed mitigations and remediations in the final report do not include a cost-benefit analysis. B. The NDA protects the consulting firm from future liabilities in the event of a breach.

C. The assessment reviewed the cyber key terrain and most critical assets of the client’s network.

D. The penetration test is based on the state of the system and its configuration at the time of assessment.

ANSWER: D

QUESTION NO: 2

A penetration tester successfully exploits a DMZ server that appears to be listening on an outbound port. The penetration tester wishes to forward that traffic back to a device. Which of the following are the BEST tools to use for this purpose? (Choose two.) A. Tcpdump B. Nmap C. Wireshark D. SSH E. Netcat F. Cain and Abel

ANSWER: B D

QUESTION NO: 3 - (DRAG DROP)

DRAG DROP Instructions:

Analyze the code segments to determine which sections are needed to complete a port scanning script. Drag the appropriate elements into the correct locations to complete the script.

(3)

During a penetration test, you gain access to a system with a limited user interface. This machine appears to have access to an isolated network that you would like to port scan.

Select and Place:

(4)

Explanation:

QUESTION NO: 4

Which of the following vulnerabilities are MOST likely to be false positives when reported by an automated scanner on a static HTML web page? (Choose two.)

(5)

B. Reflected cross-site scripting C. Enabled directory listing

D. Insecure HTTP methods allowed E. Unencrypted transfer of sensitive data F. Command injection

G. Disclosure of internal system information H. Support of weak cipher suites

ANSWER: F G

QUESTION NO: 5

A penetration tester reviews the scan results of a web application. Which of the following vulnerabilities is MOST critical and should be prioritized for exploitation?

A. Stored XSS B. Fill path disclosure C. Expired certificate D. Clickjacking ANSWER: A Explanation: Reference: https://www.owasp.org/index.php/Top_10_2010-A2-Cross-Site_Scripting_(XSS) QUESTION NO: 6

A recently concluded penetration test revealed that a legacy web application is vulnerable to SQL injection. Research indicates that completely remediating the vulnerability would require an architectural change, and the stakeholders are not in a position to risk the availability on the application. Under such circumstances, which of the following controls are low-effort, short-term solutions to minimize the SQL injection risk? (Choose two.)

A. Identity and eliminate inline SQL statements from the code. B. Identify and eliminate dynamic SQL from stored procedures. C. Identify and sanitize all user inputs.

(6)

E. Use a blacklist approach for SQL statements.

F. Identify the source of malicious input and block the IP address.

ANSWER: C D

QUESTION NO: 7

A penetration tester is reviewing the following output from a wireless sniffer:

Which of the following can be extrapolated from the above information?

A. Hardware vendor B. Channel interference C. Usernames D. Key strength ANSWER: C QUESTION NO: 8

During an engagement an unsecure direct object reference vulnerability was discovered that allows the extraction of highly sensitive PII. The tester is required to extract and then exfil the information from a web application with identifiers 1 through 1000 inclusive. When running the following script, an error is encountered:

(7)

A. url = “https://www.comptia.org?id=” B. req = requests.get(url)

C. if req.status ==200: D. url += i

ANSWER: D

QUESTION NO: 9 - (SIMULATION)

SIMULATION

You are a penetration tester reviewing a client’s website through a web browser. INSTRUCTIONS

Review all components of the website through the browser to determine if vulnerabilities are present. Remediate ONLY the highest vulnerability from either the certificate, source, or cookies.

(8)
(9)
(10)
(11)
(12)
(13)
(14)

ANSWER: See explanation below.

Explanation:

Step 1 - Generate a Certificate Signing Request Step 2 - Submit CSR to the CA

Step 3 - Install re-issued certificate on the server Step 4 - Remove Certificate from Server

QUESTION NO: 10

Which of the following tools would a penetration tester leverage to conduct OSINT? (Select TWO).

References

Download now ( PDF - 14 Page - 2.62 MB )

Related documents

WOULD YOU LIKE TO OWN A PRESCHOOL?

1 EXECUTIVE SUMMARY: A member’s start-up of a local business in conjunction with the starting of a Church of Christ can be a marriage made for Heaven.. Each can

If you want to read a

•The Maze Runner •The Missing Series •The Power of Six •Slated Series. •The Time Machine •A Wrinkle in Time Award

Competition law and standard essential patents : oscillating between protection of patent rights and access to standards

In sum, Section 5 of the FTCA might allow the FTC to challenge the SEP owner’s use of injunction against infringers of FRAND encumbered patents. The FTC has also shown the

The programme will provide you with a

You will then specialise by choosing two elective / specialisation modules in areas such as International Corporate Finance, Risk Management and Ethics, and Advanced Inter-

Wells and welfare in the Ganga Basin: Public policy and private initiative in Eastern Uttar Pradesh, India

For the poorest farmers in eastern India, then, the benefits of groundwater irrigation have come through three routes: in large part, through purchased pump irrigation and, in a

Explicit and implicit diversity policy in the UK film and television industries

In the following sections we apply the distinction between explicit and implicit diversity policy to two purposively chosen examples that dominate the current diversity discourse

Should Any Workplace be Exempt from Smoke-Free Law: the Irish Experience

Likewise the nicotine levels from the psychiatric hospitals and the nursing homes are extremely high and are consistent, if not higher than those from other published studies from

Tips for Investigators ~eirb Submissions~ Department of Emergency Medicine Research Division. *Edwin D. Boudreaux, PhD; EM Division Director

study, including auditors, data safety monitoring boards etc. {List other agencies as appropriate}. The following people and organizations will have access to the de-identified PHI: