Download CompTIA PenTest+ Certification Exam.PassLeaders.PT0-001.2021-06-06.1e.202q.vcex

Download Exam

File Info

Exam CompTIA PenTest+ Certification Exam
Number PT0-001
File Name CompTIA PenTest+ Certification Exam.PassLeaders.PT0-001.2021-06-06.1e.202q.vcex
Size 7.38 Mb
Posted June 06, 2021
Downloads 11

How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.


With discount: 20%


Demo Questions

Question 1
An organization has requested that a penetration test be performed to determine if it is possible for an attacker to gain a foothold on the organization's server segment During the assessment, the penetration tester identifies tools that appear to have been left behind by a prior attack Which of the following actions should the penetration tester take?

  • A: Attempt to use the remnant tools to achieve persistence
  • B: Document the presence of the left-behind tools in the report and proceed with the test
  • C: Remove the tools from the affected systems before continuing on with the test
  • D: Discontinue further testing and report the situation to management

Question 2
After successfully enumerating users on an Active Directory domain controller using enum4linux a penetration tester wants to conduct a password-guessing attack Given the below output:


Which of the following can be used to extract usernames from the above output prior to conducting the attack?

  • A: cat enum41inux_output.txt > grep -v user I sed ‘s/\[//' I sed ‘s/\]//' 2> usernames.txt
  • B: grep user enuza41inux_output.txt I awk '{print $1}' | cut -d[ -£2 I cut -d] -f1 > username.txt
  • C: grep -i rid v< enura.41inux_output. txt' | cut -d: -£2 i cut -d] -f1 > usernames. txt
  • D: cut -d: -f2 enum41inux_output.txt | awk '{print S2}' I cut -d: -f1 > usernaraes.txt

Question 3
Which of the following attacks is commonly combined with cross-site scripting for session hijacking?

  • A: CSRF
  • B: Clickjacking
  • C: SQLI
  • D: RFI

Question 4
A consultant is performing a social engineering attack against a client. The consultant was able to collect a number of usernames and passwords using a phishing campaign. The consultant is given credentials to log on to various employees email accounts. Given the findings, which of the following should the consultant recommend be implemented?

  • A: Strong password policy
  • B: Password encryption
  • C: Email system hardening
  • D: Two-factor authentication

Question 5
An engineer, who is conducting a penetration test for a web application, discovers the user login process sends from field data using the HTTP GET method. To mitigate the risk of exposing sensitive information, the form should be sent using an:

  • A: HTTP POST method.
  • B: HTTP OPTIONS method.
  • C: HTTP PUT method.
  • D: HTTP TRACE method.

Question 6
A security consultant finds a folder in "C VProgram Files" that has writable permission from an unprivileged user account Which of the following can be used to gam higher privileges?

  • A: Retrieving the SAM database
  • B: Kerberoasting
  • C: Retrieving credentials in LSASS
  • D: DLL hijacking
  • E: VM sandbox escape

Question 7
A penetration tester, who is not on the client’s network. is using Nmap to scan the network for hosts that are in scope. The penetration tester is not receiving any response on the command:
nmap 100.100/1/0-125 
Which of the following commands would be BEST to return results?

  • A: nmap -Pn -sT 
  • B: nmap -sF -p
  • C: nmap -sV -oA output 100.100.10-125
  • D: nmap -T4

Question 8
An assessor begins an internal security test of the Windows domain The assessor is given network access via DHCP, but is not given any network maps or target IP addresses. Which of the following commands can the assessor use to find any likely Windows domain controllers?

  • A: dig -q any
  • B: dig -q any 
  • C: dig -q any
  • D: dig -q any

Question 9
A penetration tester identifies the following findings during an external vulnerability scan:


Which of the following attack strategies should be prioritized from the scan results above?

  • A: Obsolete software may contain exploitable components
  • B: Weak password management practices may be employed
  • C: Cryptographically weak protocols may be intercepted
  • D: Web server configurations may reveal sensitive information

Question 10
Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future. 
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button. 
You are a security analyst tasked with hardening a web server. 
You have been given a list of HTTP payloads that were flagged as malicious. 


You can buy ProfExam with a 20% discount..

Get Now!


Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen


Use VCE Exam Simulator to open VCE files