Download CompTIA PenTest+ Certification Exam.PT0-001.PracticeTest.2018-12-20.28q.vcex

Vendor: CompTIA
Exam Code: PT0-001
Exam Name: CompTIA PenTest+ Certification Exam
Date: Dec 20, 2018
File Size: 93 KB
Download Exam

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase
Coupon: EXAMFILESCOM

Discount: 20%

ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator
ProfExam Discount

Demo Questions

Question 1
Which of the following tools is used to perform a credential brute force attack? 
  1. Hydra
  2. John the Ripper
  3. Hashcat
  4. Peach
Correct answer: A
Explanation:
Reference https://www.greycampus.com/blog/information-security/brute-force-attacks-prominent-tools-to-tackle-such-attacks
Reference https://www.greycampus.com/blog/information-security/brute-force-attacks-prominent-tools-to-tackle-such-attacks
Question 2
Which of the following is the reason why a penetration tester would run the chkconfig --del servicename command at the end of an engagement?
  1. To remove the persistence
  2. To enable persistence
  3. To report persistence
  4. To check for persistence
Correct answer: A
Question 3
A penetration tester wants to target NETBIOS name service. Which of the following is the MOST likely command to exploit the NETBIOS name service? 
  1. arpspoof
  2. nmap
  3. responder
  4. burpsuite
Correct answer: B
Explanation:
References http://www.hackingarticles.in/netbios-and-smb-penetration-testing-on-windows/
References http://www.hackingarticles.in/netbios-and-smb-penetration-testing-on-windows/
Question 4
A penetration tester executes the following commands:
  
Which of the following is a local host vulnerability that the attacker is exploiting?
  1. Insecure file permissions
  2. Application whitelisting
  3. Shell escape
  4. Writable service 
Correct answer: A
Explanation:
References https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/#john-the-ripper---jtr
References https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/#john-the-ripper---jtr
Question 5
A penetration tester reviews the scan results of a web application. Which of the following vulnerabilities is MOST critical and should be prioritized for exploitation?
  1. Stored XSS
  2. Fill path disclosure
  3. Expired certificate
  4. Clickjacking
Correct answer: A
Explanation:
References https://www.owasp.org/index.php/Top_10_2010-A2-Cross-Site_Scripting_(XSS)
References https://www.owasp.org/index.php/Top_10_2010-A2-Cross-Site_Scripting_(XSS)
Question 6
A penetration tester observes that several high-numbered ports are listening on a public web server. However, the system owner says the application only uses port 443. Which of the following would be BEST to recommend?
  1. Transition the application to another port.
  2. Filter port 443 to specific IP addresses.
  3. Implement a web application firewall.
  4. Disable unneeded services.
Correct answer: D
Question 7
Black box penetration testing strategy provides the tester with:
  1. a target list
  2. a network diagram
  3. source code
  4. privileged credentials
Correct answer: D
Explanation:
References: https://www.scnsoft.com/blog/fifty-shades-of-penetration-testing
References: https://www.scnsoft.com/blog/fifty-shades-of-penetration-testing
Question 8
Which of the following tools would a penetration tester leverage to conduct OSINT? (Select TWO).
  1. Shodan
  2. SET
  3. BeEF
  4. Wireshark
  5. Maltego
  6. Dynamo
Correct answer: AE
Explanation:
References: https://resources.infosecinstitute.com/top-five-open-source-intelligence-osint-tools/#gref
References: https://resources.infosecinstitute.com/top-five-open-source-intelligence-osint-tools/#gref
Question 9
A penetration tester is performing ARP spoofing against a switch. Which of the following should the penetration tester spoof to get the MOST information? 
  1. MAC address of the client
  2. MAC address of the domain controller
  3. MAC address of the web server
  4. MAC address of the gateway
Correct answer: D
Question 10
An energy company contracted a security firm to perform a penetration test of a power plant, which employs ICS to manage power generation and cooling. Which of the following is a consideration unique to such an environment that must be made by the firm when preparing for the assessment?
  1. Selection of the appropriate set of security testing tools
  2. Current and load ratings of the ICS components
  3. Potential operational and safety hazards
  4. Electrical certification of hardware used in the test
Correct answer: A
CONNECT US
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!