New updated CompTIA PT0-001 exam questions from Lead4Pass CompTIA PT0-001 dumps!
Welcome to download the latest Lead4Pass CompTIA PT0-001 dumps with PDF and VCE: https://www.leads4pass.com/pt0-001.html (258 Q&As)
[CompTIA PT0-001 exam pdf] CompTIA PT0-001 exam PDF uploaded from google drive, online download provided by the latest update of Lead4pass:
https://drive.google.com/file/d/1rfz-nYT6oozCfgfDN_8S0kqw3-3IWNG2/
Latest update CompTIA PT0-001 exam questions and answers online practice test
QUESTION 1
Which of the following can be used to perform online password attacks against RDP?
A. Hashcat
B. John the Rippef
C. Aircrack-ng
D. Ncrack
Correct Answer: D
QUESTION 2
During an engagement, an unsecured direct object reference vulnerability was discovered that allows the extraction of
highly sensitive PII. The tester is required to extract and then exfil the information from a web application with identifiers
1 through 1000 inclusive. When running the following script, an error is encountered:
Which of the following lines of code is causing the problem?
A. url = “https://www.comptia.org?id=”
B. req = requests.get(url)
C. if req.status ==200:
D. url += i
Correct Answer: D
QUESTION 3
A penetration tester wants to launch a graphic console window from a remotely compromised host with IP 10.0.0.20 and
display the terminal on the local computer with IP 192.168.1.10. Which of the following would accomplish this task?
A. From the remote computer, run the following commands: Export IHOST 192.168.1.10:0.0 xhost+ Terminal
B. From the local computer, run the following command ssh -L4444: 127.0.01:6000 -% [email protected] xterm
C. From the local computer, run the following command ssh -r6000: 127.0.01:4444 -p 6000 [email protected]
“xhost+; xterm”
D. From the local computer, run the following command: NC -lp 6000 Then, from the remote computer, run the following command: xterm | NC 192.168.1.10 6000
Correct Answer: D
QUESTION 4
A penetration tester is able to move laterally throughout a domain with minimal roadblocks after compromising a single
workstation. Which of the following mitigation strategies would be BEST to recommend in the report? (Select THREE).
A. Randomize local administrator credentials for each machine.
B. Disable remote logins for local administrators.
C. Require multifactor authentication for all logins.
D. Increase minimum password complexity requirements.
E. Apply additional network access control.
F. Enable full-disk encryption on every workstation.
G. Segment each host into its own VLAN.
Correct Answer: CDE
QUESTION 5
A penetration tester observes that several high numbered ports are listening on a public webserver. However, the
system owner says the application only uses port 443. Which of the following would be BEST to recommend?
A. Transition the application to another port
B. Filter port 443 to specific IP addresses
C. Implement a web application firewall
D. Disable unneeded services.
Correct Answer: D
QUESTION 6
A penetration tester discovers an anonymous FTP server that is sharing the C:\drive. Which of the following is the BEST
exploit?
A. Place a batch script in the startup folder for all users.
B. Change a service binary location path to point to the tester\\’s own payload.
C. Escalate the tester\\’s privileges to SYSTEM using the at.exe command.
D. Download, modify and reupload a compromised registry to obtain code execution.
Correct Answer: B
QUESTION 7
Place each of the following passwords in order of complexity from least complex (1) to most complex (4), based on the
character sets represented Each password may be used only once.
Select and Place:
Correct Answer:
QUESTION 8
A company planned for and secured the budget to hire a consultant to perform a web application penetration test. Upon
discovering vulnerabilities, the company asked the consultant to perform the following tasks:
1.
Code review
2.
Updates to firewall settings
Which of the following has occurred in this situation?
A. Scope creep
B. Post-mortem review
C. Risk acceptance
D. Threat prevention
Correct Answer: A
QUESTION 9
Which of the following commands starts the Metasploit database?
A. msfconsole
B. workspace
C. msfvenom
D. db_init
E. db_connect
Correct Answer: A
References: https://www.offensive-security.com/metasploit-unleashed/msfconsole/
QUESTION 10
A penetration tester is performing a code review against a web application Given the following URL and source code:
Which of the following vulnerabilities is present in the code above?
A. SQL injection
B. Cross-site scripting
C. Command injection
D. LDAP injection
Correct Answer: C
QUESTION 11
A consultant is identifying versions of Windows operating systems on a network Which of the following Nmap
commands should the consultant run?
A. nmap -T4 -v -sU -iL /tmp/list.txt -Pn –script smb-system-info
B. nmap -T4 -v -iL /tmp/list .txt -Pn –script smb-os-disccvery
C. nmap -T4 -v -6 -iL /tmp/liat.txt -Pn –script smb-os-discovery -p 135-139
D. nmap -T4 -v –script smb-system-info 192.163.1.0/24
Correct Answer: B
QUESTION 12
Which of the following situations would cause a penetration tester to communicate with a system owner/client during the
course of a test? (Select TWO)
A. The tester discovers personally identifiable data on the system
B. The system shows evidence of prior unauthorized compromise
C. The system shows a lack of hardening throughout
D. The system becomes unavailable following an attempted exploit
E. The tester discovers a finding on an out-of-scope system
Correct Answer: BD
QUESTION 13
A penetration tester wants to script out a way to discover all the RPTR records for a range of IP addresses. Which of the
following is the MOST efficient to utilize?
A. nmap -p 53 -oG dnslist.txt | cut -d “:” -f 4
B. nslookup -ns 8.8.8.8 echo “8.8.8.8” >> /etc/resolv/conf
Correct Answer: A
The above content: shared PT0-001 exam pdf, PT0-001 Exam Questions And Answers, PT0-001 exam video, and get the complete PT0-001 exam dump path.
For information about PT0-001 Dumps from Lead4pass (including PDF and VCE), please visit: https://www.leads4pass.com/pt0-001.html (258 Q&A)
ps.
Get free CompTIA PT0-001 dumps PDF online: https://drive.google.com/file/d/1rfz-nYT6oozCfgfDN_8S0kqw3-3IWNG2/