CompTIA PenTest+ Certification - PT0-001 FREE EXAM DUMPS QUESTIONS & ANSWERS
A client is asking a penetration tester to evaluate a new web application for availability. Which of the following types of attacks should the tester use?
Correct Answer: A
Vote an answer
A software developer wants to test the code of an application for vulnerabilities. Which of the following processes should the software developer perform?
Correct Answer: D
Vote an answer
After delivering a draft of a penetration test report, a development team has raised concerns about an issue categorized as "high." A cloud storage bucket is configured to allow read access to the public, but writing to objects within the bucket is restricted to authorized users. The bucket contains only publicly available images that can already be found on the application homepage. Which of the following severity levels should the penetration tester consider?
Correct Answer: C
Vote an answer
A penetration tester needs to use Nmap to scan a host with a very low speed so the WAF or IPS/IDS is not triggered. Which of the following command-line parameters should be added to the Nmap command?
Correct Answer: C
Vote an answer
Performance based
You are a penetration Inter reviewing a client's website through a web browser.
Instructions:
Review all components of the website through the browser to determine if vulnerabilities are present.
Remediate ONLY the highest vulnerability from either the certificate source or cookies.
You are a penetration Inter reviewing a client's website through a web browser.
Instructions:
Review all components of the website through the browser to determine if vulnerabilities are present.
Remediate ONLY the highest vulnerability from either the certificate source or cookies.
Correct Answer:
An assessor begins an internal security test of the Windows domain internal.comptia.net. The assessor is given network access via DHCP, but is not given any network maps or target IP addresses. Which of the following commands can the assessor use to find any likely Windows domain controllers?
Correct Answer: B
Vote an answer
A security team is switching firewall vendors. The director of security wants to scope a penetration test to satisfy requirements to perform the test after major architectural changes. Which of the following is the BEST way to approach the project?
Correct Answer: A
Vote an answer
A penetration tester has successfully exploited an application vulnerability and wants to remove the command history from the Linux session. Which of the following will accomplish this successfully?
Correct Answer: B
Vote an answer
A security consultant found a SCADA device in one of the VLANs in scope. Which of the following actions would BEST create a potentially destructive outcome against device?
Correct Answer: B
Vote an answer
A penetration tester has compromised a system and wishes to connect to a port on it from the attacking machine to control the system Which of the following commands should the tester run on the compromised system?
Correct Answer: C
Vote an answer
During a web application assessment, a penetration tester discovers that arbitrary commands can be executed on the server. Wanting to take this attack one step further, the penetration tester begins to explore ways to gain a reverse shell back to the attacking machine at 192.168.1.5. Which of the following are possible ways to do so? (Select TWO)
Correct Answer: B,F
Vote an answer