CompTIA PT0-001 Free Practice Questions

NEW QUESTION 1
During an internal penetration test, several multicast and broadcast name resolution requests are observed traversing the network. Which of the following tools could be used to impersonate network resources and collect authentication requests?

• A. Ettercap
• B. Tcpdump
• C. Responder
• D. Medusa

Answer: D

NEW QUESTION 2
Joe, a penetration tester, is asked to assess a company's physical security by gaining access to its corporate office. Joe ism looking for a method that will enable him to enter the building during business hours or when there are no employee on-site. Which of the following would be MOST effective in accomplishing this?

• A. Badge cloning
• B. Lock picking
• C. Tailgating
• D. Piggybacking

Answer: A

NEW QUESTION 3
The results of a basic compliance scan show a subset of assets on a network. This data differs from what is shown on the network architecture diagram, which was supplied at the beginning of the test. Which of the following are the MOST likely causes for this difference? (Select TWO)

• A. Storage access
• B. Limited network access
• C. Misconfigured DHCP server
• D. Incorrect credentials
• E. Network access controls

Answer: A

NEW QUESTION 4
After a recent penetration test, a company has a finding regarding the use of dictionary and seasonal passwords by its employees. Which of the following is the BEST control to remediate the use of common dictionary terms?

• A. Expand the password length from seven to 14 characters
• B. Implement password history restrictions
• C. Configure password filters
• D. Disable the accounts after five incorrect attempts
• E. Decrease the password expiration window

Answer: A

NEW QUESTION 5
Which of the following is the reason why a penetration tester would run the chkconfig --del servicename command at the end of an engagement?

• A. To remove the persistence
• B. To enable penitence
• C. To report persistence
• D. To check for persistence

Answer: A

NEW QUESTION 6
A penetration tester runs the following from a compromised box 'python -c -import pty;Pty.sPawn( "/bin/bash").' Which of the following actions is the tester taking?

• A. Removing the Bash history
• B. Upgrading the shell
• C. Creating a sandbox
• D. Capturing credentials

Answer: A

NEW QUESTION 7
A penetration tester is required to perform OSINT on staff at a target company after completing the infrastructure aspect. Which of the following would be the BEST step for the penetration tester to take?

• A. Obtain staff information by calling the company and using social engineering techniques.
• B. Visit the client and use impersonation to obtain information from staff.
• C. Send spoofed emails to staff to see if staff will respond with sensitive information.
• D. Search the Internet for information on staff such as social networking site

Answer: C

NEW QUESTION 8
A security consultant found a SCADA device in one of the VLANs in scope. Which of the following actions would BEST create a potentially destructive outcome against device?

• A. Launch an SNMP password brute force attack against the device.
• B. Lunch a Nessus vulnerability scan against the device.
• C. Launch a DNS cache poisoning attack against the device.
• D. Launch an SMB explogt against the devic

Answer: A

NEW QUESTION 9
A penetration tester is performing a remote scan to determine if the server farm is compliant with the company's software baseline . Which of the following should the penetration tester perform to verify compliance with the baseline?

• A. Discovery scan
• B. Stealth scan
• C. Full scan
• D. Credentialed scan

Answer: A

NEW QUESTION 10
While engaging clients for a penetration test from highly regulated industries, which of the following is usually the MOST important to the clients from a business perspective?

• A. Letter of engagement and attestation of findings
• B. NDA and MSA
• C. SOW and final report
• D. Risk summary and executive summary

Answer: D

NEW QUESTION 11
A tester has captured a NetNTLMv2 hash using Responder Which of the following commands will allow the tester to crack the hash using a mask attack?

• A. hashcat -m 5600 -r rulea/beat64.rule hash.txt wordliat.txt
• B. hashcax -m 5€00 hash.txt
• C. hashc&t -m 5600 -a 3 haah.txt ?a?a?a?a?a?a?a?a
• D. hashcat -m 5600 -o reaulta.txt hash.txt wordliat.txt

Answer: A

NEW QUESTION 12
A penetration tester has compromised a host. Which of the following would be the correct syntax to create a Netcat listener on the device?

• A. nc -lvp 4444 /bin/bash
• B. nc -vp 4444 /bin/bash
• C. nc -p 4444 /bin/bash
• D. nc -lp 4444 -e /bin/bash

Answer: D

NEW QUESTION 13
A constant wants to scan all the TCP Pots on an identified device. Which of the following Nmap switches will complete this task?

• A. -p-
• B. -p ALX,
• C. -p 1-65534
• D. -port 1-65534

Answer: A

NEW QUESTION 14
Which of the following has a direct and significant impact on the budget of the security assessment?

• A. Scoping
• B. Scheduling
• C. Compliance requirement
• D. Target risk

Answer: A

NEW QUESTION 15
A. penetration tester wants to check manually if a "ghost" vulnerability exists in a system. Which of the following methods is the correct way to validate the vulnerability?

• A. Option A
• B. Option B
• C. Option C
• D. Option D

Answer: D

NEW QUESTION 16
Which of Ihe following commands would allow a penetration tester to access a private network from the Internet in Metasplogt?

• A. set rhost 192.168.1.10
• B. run autoroute -a 192.168.1.0/24
• C. db_nm«p -iL /tmp/privatehoots . txt
• D. use auxiliary/servet/aocka^a

Answer: D

NEW QUESTION 17
A penetration test was performed by an on-staff technicians junior technician. During the test, the technician discovered the application could disclose an SQL table with user account and password information. Which of the following is the MOST effective way to notify management of this finding and its importance?

• A. Document Ihe findtngs with an executive summary, recommendations, and screenshots of the web apphcation disclosure.
• B. Connect to the SQL server using this information and change the password to one or two noncritical accounts to demonstrate a proof-of-concept to management.
• C. Notify the development team of the discovery and suggest that input validation be implementedon the web application's SQL query strings.
• D. Request that management create an RFP to begin a formal engagement with a professional penetration testing company.

Answer: B