(April-2021)Braindump2go PT0-001 PDF and PT0-001 VCE Dumps(Q29-Q49)

QUESTION 230

At the information gathering stage, a penetration tester is trying to passively identify the technology running on a client's website.

Which of the following approached should the penetration tester take?


A.Run a spider scan in Burp Suite.

B.Use web aggregators such as BuiltWith and Netcraft

C.Run a web scraper and pull the website's content.

D.Use Nmap to fingerprint the website's technology.


Answer: A


QUESTION 231

Which of the following BEST protects against a rainbow table attack?


A.Increased password complexity

B.Symmetric encryption

C.Cryptographic salting

D.Hardened OS configurations


Answer: A


QUESTION 232

A penetration tester is assessing the security of a web form for a client and enters ";id" in one of the fields.

The penetration tester observes the following response:

Based on the response, which of the following vulnerabilities exists?


A.SQL injection

B.Session hijacking

C.Command injection

D.XSS/XSRF


Answer: C


QUESTION 233

A penetration tester is connected to a client's local network and wants to passively identify cleartext protocols and potentially sensitive data being communicated across the network.

Which of the following is the BEST approach to take?


A.Run a network vulnerability scan.

B.Run a stress test.

C.Run an MITM attack.

D.Run a port scan.


Answer: C


QUESTION 234

A penetration tester directly connects to an internal network. Which of the following exploits would work BEST for quick lateral movement within an internal network?


A.Crack password hashes in /etc/shadow for network authentication.

B.Launch dictionary attacks on RDP.

C.Conduct a whaling campaign.

D.Poison LLMNR and NBNS requests.


Answer: A


QUESTION 235

A penetration tester runs the following on a machine:

Which of the following will be returned?


A.1

B.3

C.5

D.6


Answer: B


QUESTION 236

A penetration tester discovers an anonymous FTP server that is sharing the C:\drive. Which of the following is the BEST exploit?


A.Place a batch script in the startup folder for all users.

B.Change a service binary location path to point to the tester's own payload.

C.Escalate the tester's privileges to SYSTEM using the at.exe command.

D.Download, modify, and reupload a compromised registry to obtain code execution.


Answer: B


QUESTION 237

Which of the following is the MOST comprehensive type of penetration test on a network?


A.Black box

B.White box

C.Gray box

D.Red team

E.Architecture review


Answer: A


QUESTION 238

An attacker performed a MITM attack against a mobile application. The attacker is attempting to manipulate the application's network traffic via a proxy tool. The attacker only sees limited traffic as cleartext. The application log files indicate secure SSL/TLS connections are failing. Which of the following is MOST likely preventing proxying of all traffic?


A.Misconfigured routes

B.Certificate pinning

C.Strong cipher suites

D.Closed ports


Answer: B


QUESTION 239

A company decides to remediate issues identified from a third-party penetration test done to its infrastructure.

Management should instruct the IT team to:


A.execute the hot fixes immediately to all vulnerabilities found.

B.execute the hot fixes immediately to some vulnerabilities.

C.execute the hot fixes during the routine quarterly patching.

D.evaluate the vulnerabilities found and execute the hot fixes.


Answer: D


QUESTION 240

A penetration tester successfully exploits a system, receiving a reverse shell. Which of the following is a Meterpreter command that is used to harvest locally stored credentials?


A.background

B.hashdump

C.session

D.getuid

E.psexec


Answer: B


QUESTION 241

A penetration tester is testing a web application and is logged in as a lower-privileged user. The tester runs arbitrary JavaScript within an application, which sends an XMLHttpRequest, resulting in exploiting features to which only an administrator should have access. Which of the following controls would BEST mitigate the vulnerability?


A.Implement authorization checks.

B.Sanitize all the user input.

C.Prevent directory traversal.

D.Add client-side security controls


Answer: A


QUESTION 242

During the exploitation phase of a penetration test, a vulnerability is discovered that allows command execution on a Linux web server. A cursory review confirms the system access is only in a low-privilege user context: www-data. After reviewing, the following output from /etc/sudoers:

Which of the following users should be targeted for privilege escalation?


A.Only members of the Linux admin group, OPERATORS, ADMINS, jedwards, and operator can execute privileged commands useful for privilege escalation.

B.All users on the machine can execute privileged commands useful for privilege escalation.

C.Bfranks, emann, members of the Linux admin group, OPERATORS, and ADMINS can execute commands useful for privilege escalation.

D.Jedwards, operator, bfranks, emann, OPERATOR, and ADMINS can execute commands useful for privilege escalation.


Answer: A


QUESTION 243

During an engagement, a consultant identifies a number of areas that need further investigation and require an extension of the engagement.

Which of the following is the MOST likely reason why the engagement may not be able to continue?


A.The consultant did not sign an NDA.

B.The consultant was not provided with the appropriate testing tools.

C.The company did not properly scope the project.

D.The initial findings were not communicated to senior leadership.


Answer: C


QUESTION 244

A penetration tester has been hired to perform a penetration test for an organization. Which of the following is indicative of an error-based SQL injection attack?


A.a=1 or 1––

B.1=1 or b––

C.1=1 or 2––

D.1=1 or a––


Answer: A


QUESTION 245

When negotiating a penetration testing contract with a prospective client, which of the following disclaimers should be included in order to mitigate liability in case of a future breach of the client's systems?


A.The proposed mitigations and remediations in the final report do not include a cost-benefit analysis.

B.The NDA protects the consulting firm from future liabilities in the event of a breach.

C.The assessment reviewed the cyber key terrain and most critical assets of the client's network.

D.The penetration test is based on the state of the system and its configuration at the time of assessment.


Answer: D


QUESTION 246

A tester was able to retrieve domain users' hashes. Which of the following tools can be used to uncover the users' passwords? (Choose two.)


A.Hydra

B.Mimikatz

C.Hashcat

D.John the Ripper

E.PSExec

F.Nessus


Answer: BE


QUESTION 247

A penetration tester is attempting to open a socket in a bash script but receives errors when running it. The current state of the relevant line in the script is as follows:

Which of the following lines of code would correct the issue upon substitution?


A.open 0<>/dev/tcp/${HOST}:${PORT}

B.exec 0</dev/tcp/${HOST}/${PORT}

C.exec 0</dev/tcp/$[HOST]:$[PORT]

D.exec 3<>/dev/tcp/${HOST}/${PORT}

E.open 3</dev/tcp/${HOST}/${PORT}

F.open 3</dev/tcp/$[HOST]/$[PORT]


Answer: C


QUESTION 248

A vulnerability scan report shows what appears to be evidence of a memory disclosure vulnerability on one of the target hosts. The administrator claims the system is patched and the evidence is a false positive.

Which of the following is the BEST method for a tester to confirm the vulnerability exists?


A.Manually run publicly available exploit code.

B.Confirm via evidence of the updated version number.

C.Run the vulnerability scanner again.

D.Perform dynamic analysis on the vulnerable service.


Answer: C


QUESTION 249

A penetration tester has gained physical access to a facility and connected directly into the internal network.

The penetration tester now wants to pivot into the server VLAN. Which of the following would accomplish this?


A.Spoofing a printer's MAC address

B.Abusing DTP negotiation

C.Performing LLMNR poisoning

D.Conducting an STP attack


Answer: D


QUESTION 250

During an engagement an unsecure direct object reference vulnerability was discovered that allows the extraction of highly sensitive PII. The tester is required to extract and then exfil the information from a web application with identifiers 1 through 1000 inclusive. When running the following script, an error is encountered:

Which of the following lines of code is causing the problem?


A.url = "https://www.comptia.org?id="

B.req = requests.get(url)

C.if req.status ==200:

D.url += i


Answer: D


QUESTION 251

A security team is switching firewall vendors. The director of security wants to scope a penetration test to satisfy requirements to perform the test after major architectural changes. Which of the following is the BEST way to approach the project?


A.Design a penetration test approach, focusing on publicly released firewall DoS vulnerabilities.

B.Review the firewall configuration, followed by a targeted attack by a read team.

C.Perform a discovery scan to identify changes in the network.

D.Focus on an objective-based approach to assess network assets with a red team.


Answer: D


QUESTION 252

A penetration tester has identified a directory traversal vulnerability. Which of the following payloads could have helped the penetration tester identify this vulnerability?


A.‘or ‘folder’ like ‘file’; ––

B.|| is /tmp/

C.“><script>document.location=/root/</script>

D.&& dir C:/

E.../../../../../../../.


Answer: E


QUESTION 253

An individual has been hired by an organization after passing a background check. The individual has been passing information to a competitor over a period of time. Which of the following classifications BEST describes the individual?


A.APT

B.Insider threat

C.Script kiddie

D.Hacktivist


Answer: B


QUESTION 254

A senior employee received a suspicious email from another executive requesting an urgent wire transfer.

Which of the following types of attacks is likely occurring?


A.Spear phishing

B.Business email compromise

C.Vishing

D.Whaling


Answer: A



2021 Latest Braindump2go PT0-001 PDF and PT0-001 VCE Dumps Free Share:

https://drive.google.com/drive/folders/1upxI-JhgoyePRzSCJXgkSKrKo53vlXSw?usp=sharing

Follow
4.7 Star App Store Review!
Cpl.dev***uke
The Communities are great you rarely see anyone get in to an argument :)
king***ing
Love Love LOVE
Download

Select Collections