DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Master CompTIA PT0-001 Certification Questions & Study Resources, CompTIA PenTest+ Certification | SPOTO

Prepare to master the CompTIA PenTest+ (PT0-001) certification with our comprehensive study resources. The best way to ensure success on the exam is by practicing with the latest exam questions. Our study materials cover a wide range of topics and scenarios, including hands-on testing in diverse environments such as the cloud and mobile platforms, alongside traditional desktops and servers. With access to practice tests, sample questions, exam dumps, and exam questions and answers, you'll build the knowledge and skills needed to excel. Our mock exams and exam simulator provide a realistic exam experience to further enhance your preparation. Utilize our exam materials and exam answers to reinforce your understanding and readiness for the PT0-001 exam. With our study resources, you'll be well-prepared to demonstrate your hands-on ability and knowledge and achieve success in earning your CompTIA PenTest+ certification.
Take other online exams

Question #1
Which of the following BEST describes some significant security weaknesses with an ICS, such as those used in electrical utility facilities, natural gas facilities, dams, and nuclear facilities?
A. ICS vendors are slow to implement adequate security controls
B. ICS staff are not adequately trained to perform basic duties
C. There is a scarcity of replacement equipment for critical devices
D. There is a lack of compliance for ICS facilities
View answer
Correct Answer: AC
Question #2
DRAG DROP A manager calls upon a tester to assist with diagnosing an issue within the following Python script: #!/usr/bin/python s = "Administrator" The tester suspects it is an issue with string slicing and manipulation Analyze the following code segment and drag and drop the correct output for each string manipulation to its corresponding code segment Options may be used once or not at all
A. Mastered
B. Not Mastered
View answer
Correct Answer: A
Question #3
A client asks a penetration tester to add more addresses to a test currently in progress. Which of the following would defined the target list?
A. Rules of engagement
B. Master services agreement
C. Statement of work
D. End-user license agreement
View answer
Correct Answer: B
Question #4
After a recent penetration test, a company has a finding regarding the use of dictionary and seasonal passwords by its employees. Which of the following is the BEST control to remediate the use of common dictionary terms?
A. Expand the password length from seven to 14 characters
B. Implement password history restrictions
C. Configure password filters
D. Disable the accounts after five incorrect attempts
E. Decrease the password expiration window
View answer
Correct Answer: D
Question #5
A tester has determined that null sessions are enabled on a domain controller. Which of the following attacks can be performed to leverage this vulnerability?
A. RID cycling to enumerate users and groups
B. Pass the hash to relay credentials
C. Password brute forcing to log into the host
D. Session hijacking to impersonate a system account
View answer
Correct Answer: B
Question #6
DRAG DROP Place each of the following passwords in order of complexity from least complex (1) to most complex (4), based on the character sets represented Each password may be used only once
A. Mastered
B. Not Mastered
View answer
Correct Answer: A
Question #7
A penetration tester has compromised a Windows server and is attempting to achieve persistence. Which of the following would achieve that goal?
A. schtasks
B. net session server | dsquery -user | net use c$
C. powershell && set-executionpolicy unrestricted
D. reg save HKLM\System\CurrentControlSet\Services\Sv
View answer
Correct Answer: B
Question #8
A penetration tester runs the following from a compromised box 'python -c -import pty;Pty.sPawn( "/bin/bash").' Which of the following actions is the tester taking?
A. Removing the Bash history
B. Upgrading the shell
C. Creating a sandbox
D. Capturing credentials
View answer
Correct Answer: A
Question #9
Which of Ihe following commands would allow a penetration tester to access a private network from the Internet in Metasplogt?
A. set rhost 192
B. run autoroute -a 192
C. db_nm?p -iL /tmp/privatehoots
D. use auxiliary/servet/aocka^a
View answer
Correct Answer: D
Question #10
A client requests that a penetration tester emulate a help desk technician who was recently laid off. Which of the following BEST describes the abilities of the threat actor?
A. Advanced persistent threat
B. Script kiddie
C. Hacktivist
D. Organized crime
View answer
Correct Answer: A
Question #11
A recently concluded penetration test revealed that a legacy web application is vulnerable lo SQL injection Research indicates that completely remediating the vulnerability would require an architectural change, and the stakeholders are not m a position to risk the availability of the application Under such circumstances, which of the following controls are low-effort, short-term solutions to minimize the SQL injection risk? (Select TWO).
A. Identify and eliminate inline SQL statements from the code
B. Identify and eliminate dynamic SQL from stored procedures
C. Identify and sanitize all user inputs
D. Use a whitelist approach for SQL statements
E. Use a blacklist approach for SQL statements
F. Identify the source of malicious input and block the IP addres
View answer
Correct Answer: C
Question #12
A penetration tester successfully explogts a DM2 server that appears to be listening on an outbound port The penetration tester wishes to forward that traffic back to a device Which of the following are the BEST tools to use few this purpose? (Select TWO)
A. Tcpdump
B. Nmap
C. Wiresrtark
D. SSH
E. Netcat
F. Cain and Abel
View answer
Correct Answer: D
Question #13
During an internal penetration test, several multicast and broadcast name resolution requests are observed traversing the network. Which of the following tools could be used to impersonate network resources and collect authentication requests?
A. Ettercap
B. Tcpdump
C. Responder
D. Medusa
View answer
Correct Answer: A
Question #14
A penetration tester has successfully explogted an application vulnerability and wants to remove the command history from the Linux session. Which of the following will accomplish this successfully?
A. history --remove
B. cat history I clear
C. rm -f
D. history -c
View answer
Correct Answer: CD
Question #15
A penetration tester wants to target NETBIOS name service. Which of the following is the most likely command to explogt the NETBIOS name service?
A. arPspoof
B. nmap
C. responder
D. burpsuite
View answer
Correct Answer: A
Question #16
A penetration tester is checking a script to determine why some basic persisting. The expected result was the program outputting "True." Given the output from the console above, which of the following explains how to correct the errors in the script? (Select TWO)
A. Change fi' to 'Endlf
B. Remove the 'let' in front of 'dest=5+5'
C. Change the '=" to '-eq'
D. Change ?source* and 'dest' to "Ssource" and "Sdest"
E. Change 'else' to 'eli
View answer
Correct Answer: A
Question #17
After several attempts, an attacker was able to gain unauthorized access through a biometric sensor using the attacker's actual fingerprint without explogtation. Which of the following is the MOST likely explanation of what happened?
A. The biometric device is tuned more toward false positives
B. The biometric device is configured more toward true negatives
C. The biometric device is set to fail closed
D. The biometnc device duplicated a valid user's fingerpnn
View answer
Correct Answer: BDG
Question #18
Click the exhibit button. Given the Nikto vulnerability scan output shown in the exhibit, which of the following explogtation techniques might be used to explogt the target system? (Select TWO)
A. Arbitrary code execution
B. Session hijacking
C. SQL injection
D. Login credential brute-forcing
E. Cross-site request forgery
View answer
Correct Answer: B
Question #19
If a security consultant comes across a password hash that resembles the following b117 525b3454 7Oc29ca3dBaeOb556ba8 Which of the following formats is the correct hash type?
A. Kerberos
B. NetNTLMvl
C. NTLM
D. SHA-1
View answer
Correct Answer: C
Question #20
Which of the following would be BEST for performing passive reconnaissance on a target's external domain?
A. Peach
B. CeWL
C. OpenVAS
D. Shodan
View answer
Correct Answer: A
Question #21
A penetration tester is perform initial intelligence gathering on some remote hosts prior to conducting a vulnerability < The tester runs the following command nmap -D 192.168.1.1,192.168.1.2,192.168.1.3 -sV -o —max rate 2 192. 168.130 Which ol the following BEST describes why multiple IP addresses are specified?
A. The network is submitted as a /25 or greater and the tester needed to access hosts on two different subnets
B. The tester is trying to perform a more stealthy scan by including several bogus addresses
C. The scanning machine has several interfaces to balance the scan request across at the specified rate
D. A discovery scan is run on the first set of addresses, whereas a deeper, more aggressive scan is run against the latter host
View answer
Correct Answer: A
Question #22
A penetration testet is attempting to capture a handshake between a client and an access point by monitoring a WPA2-PSK secured wireless network The (ester is monitoring the correct channel tor the identified network but has been unsuccessful in capturing a handshake Given this scenario, which of the following attacks would BEST assist the tester in obtaining this handshake?
A. Karma attack
B. Deauthentication attack
C. Fragmentation attack
D. SSID broadcast flood
View answer
Correct Answer: D
Question #23
During a penetration test, a tester runs a phishing campaign and receives a shell from an internal PC running Windows 10 OS. The tester wants to perform credential harvesting with Mimikazt. Which of the following registry changes would allow for credential caching in memory? A) B) C) D)
A. Option A
B. Option B
C. Option C
D. Option D
View answer
Correct Answer: D
Question #24
When performing compliance-based assessments, which of the following is the MOST important Key consideration?
A. Additional rate
B. Company policy
C. Impact tolerance
D. Industry type
View answer
Correct Answer: A
Question #25
After successfully capturing administrator credentials to a remote Windows machine, a penetration tester attempts to access the system using PSExec but is denied permission. Which of the following shares must be accessible for a successful PSExec connection?
A. IPCS and C$
B. C$ and ADMINS
C. SERVICES and ADMINS
D. ADMINS and IPCS
View answer
Correct Answer: EF
Question #26
A client has scheduled a wireless penetration test. Which of the following describes the scoping target information MOST likely needed before testing can begin?
A. The physical location and network ESSIDs to be tested
B. The number of wireless devices owned by the client
C. The client's preferred wireless access point vendor
D. The bands and frequencies used by the client's devices
View answer
Correct Answer: C

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: