At the information gathering stage, a penetration tester is trying to passively identify the technology running on a client's website.
Which of the following approached should the penetration tester take?
A.Run a spider scan in Burp Suite.
B.Use web aggregators such as BuiltWith and Netcraft
C.Run a web scraper and pull the website's content.
D.Use Nmap to fingerprint the website's technology.
Which of the following BEST protects against a rainbow table attack?
A.Increased password complexity
D.Hardened OS configurations
A penetration tester is assessing the security of a web form for a client and enters ";id" in one of the fields.
The penetration tester observes the following response:
Based on the response, which of the following vulnerabilities exists?
A penetration tester is connected to a client's local network and wants to passively identify cleartext protocols and potentially sensitive data being communicated across the network.
Which of the following is the BEST approach to take?
A.Run a network vulnerability scan.
B.Run a stress test.
C.Run an MITM attack.
D.Run a port scan.
A penetration tester directly connects to an internal network. Which of the following exploits would work BEST for quick lateral movement within an internal network?
A.Crack password hashes in /etc/shadow for network authentication.
B.Launch dictionary attacks on RDP.
C.Conduct a whaling campaign.
D.Poison LLMNR and NBNS requests.
A penetration tester runs the following on a machine:
Which of the following will be returned?
A penetration tester discovers an anonymous FTP server that is sharing the C:\drive. Which of the following is the BEST exploit?
A.Place a batch script in the startup folder for all users.
B.Change a service binary location path to point to the tester's own payload.
C.Escalate the tester's privileges to SYSTEM using the at.exe command.
D.Download, modify, and reupload a compromised registry to obtain code execution.
Which of the following is the MOST comprehensive type of penetration test on a network?
An attacker performed a MITM attack against a mobile application. The attacker is attempting to manipulate the application's network traffic via a proxy tool. The attacker only sees limited traffic as cleartext. The application log files indicate secure SSL/TLS connections are failing. Which of the following is MOST likely preventing proxying of all traffic?
C.Strong cipher suites
A company decides to remediate issues identified from a third-party penetration test done to its infrastructure.
Management should instruct the IT team to:
A.execute the hot fixes immediately to all vulnerabilities found.
B.execute the hot fixes immediately to some vulnerabilities.
C.execute the hot fixes during the routine quarterly patching.
D.evaluate the vulnerabilities found and execute the hot fixes.
A penetration tester successfully exploits a system, receiving a reverse shell. Which of the following is a Meterpreter command that is used to harvest locally stored credentials?
A.Implement authorization checks.
B.Sanitize all the user input.
C.Prevent directory traversal.
D.Add client-side security controls
During the exploitation phase of a penetration test, a vulnerability is discovered that allows command execution on a Linux web server. A cursory review confirms the system access is only in a low-privilege user context: www-data. After reviewing, the following output from /etc/sudoers:
Which of the following users should be targeted for privilege escalation?
A.Only members of the Linux admin group, OPERATORS, ADMINS, jedwards, and operator can execute privileged commands useful for privilege escalation.
B.All users on the machine can execute privileged commands useful for privilege escalation.
C.Bfranks, emann, members of the Linux admin group, OPERATORS, and ADMINS can execute commands useful for privilege escalation.
D.Jedwards, operator, bfranks, emann, OPERATOR, and ADMINS can execute commands useful for privilege escalation.
During an engagement, a consultant identifies a number of areas that need further investigation and require an extension of the engagement.
Which of the following is the MOST likely reason why the engagement may not be able to continue?
A.The consultant did not sign an NDA.
B.The consultant was not provided with the appropriate testing tools.
C.The company did not properly scope the project.
D.The initial findings were not communicated to senior leadership.
A penetration tester has been hired to perform a penetration test for an organization. Which of the following is indicative of an error-based SQL injection attack?
A.a=1 or 1––
B.1=1 or b––
C.1=1 or 2––
D.1=1 or a––
When negotiating a penetration testing contract with a prospective client, which of the following disclaimers should be included in order to mitigate liability in case of a future breach of the client's systems?
A.The proposed mitigations and remediations in the final report do not include a cost-benefit analysis.
B.The NDA protects the consulting firm from future liabilities in the event of a breach.
C.The assessment reviewed the cyber key terrain and most critical assets of the client's network.
D.The penetration test is based on the state of the system and its configuration at the time of assessment.
A tester was able to retrieve domain users' hashes. Which of the following tools can be used to uncover the users' passwords? (Choose two.)
D.John the Ripper
A penetration tester is attempting to open a socket in a bash script but receives errors when running it. The current state of the relevant line in the script is as follows:
Which of the following lines of code would correct the issue upon substitution?
A vulnerability scan report shows what appears to be evidence of a memory disclosure vulnerability on one of the target hosts. The administrator claims the system is patched and the evidence is a false positive.
Which of the following is the BEST method for a tester to confirm the vulnerability exists?
A.Manually run publicly available exploit code.
B.Confirm via evidence of the updated version number.
C.Run the vulnerability scanner again.
D.Perform dynamic analysis on the vulnerable service.
A penetration tester has gained physical access to a facility and connected directly into the internal network.
The penetration tester now wants to pivot into the server VLAN. Which of the following would accomplish this?
A.Spoofing a printer's MAC address
B.Abusing DTP negotiation
C.Performing LLMNR poisoning
D.Conducting an STP attack
During an engagement an unsecure direct object reference vulnerability was discovered that allows the extraction of highly sensitive PII. The tester is required to extract and then exfil the information from a web application with identifiers 1 through 1000 inclusive. When running the following script, an error is encountered:
Which of the following lines of code is causing the problem?
A.url = "https://www.comptia.org?id="
B.req = requests.get(url)
C.if req.status ==200:
D.url += i
A security team is switching firewall vendors. The director of security wants to scope a penetration test to satisfy requirements to perform the test after major architectural changes. Which of the following is the BEST way to approach the project?
A.Design a penetration test approach, focusing on publicly released firewall DoS vulnerabilities.
B.Review the firewall configuration, followed by a targeted attack by a read team.
C.Perform a discovery scan to identify changes in the network.
D.Focus on an objective-based approach to assess network assets with a red team.
A penetration tester has identified a directory traversal vulnerability. Which of the following payloads could have helped the penetration tester identify this vulnerability?
A.‘or ‘folder’ like ‘file’; ––
B.|| is /tmp/
D.&& dir C:/
An individual has been hired by an organization after passing a background check. The individual has been passing information to a competitor over a period of time. Which of the following classifications BEST describes the individual?
A senior employee received a suspicious email from another executive requesting an urgent wire transfer.
Which of the following types of attacks is likely occurring?
B.Business email compromise
2021 Latest Braindump2go PT0-001 PDF and PT0-001 VCE Dumps Free Share: