CompTIA PT0-001 Free Practice Questions

NEW QUESTION 1
A penetration tester is utilizing social media to gather information about employees at a company. The tester has created a list of popular words used in employee profile s. For which of the following types of attack would this information be used?

• A. Explogt chaining
• B. Session hijacking
• C. Dictionary
• D. Karma

Answer: B

NEW QUESTION 2
A penetration tester successfully explogts a Windows host and dumps the hashes Which of the following hashes can the penetration tester use to perform a pass-the-hash attack?

• A. Option A
• B. Option B
• C. Option C
• D. Option D

Answer: D

NEW QUESTION 3
A penetration tester has successfully explogted an application vulnerability and wants to remove the command history from the Linux session. Which of the following will accomplish this successfully?

• A. history --remove
• B. cat history I clear
• C. rm -f ./history
• D. history -c

Answer: D

NEW QUESTION 4
DRAG DROP
A manager calls upon a tester to assist with diagnosing an issue within the following Python script:
#!/usr/bin/python
s = "Administrator"
The tester suspects it is an issue with string slicing and manipulation Analyze the following code segment and drag and drop the correct output for each string manipulation to its corresponding code segment Options may be used once or not at all

Answer:

Explanation:
Nsrt
Snma
Trat
Imda

NEW QUESTION 5
Click the exhibit button.

A penetration tester is performing an assessment when the network administrator shows the tester a packet sample that is causing trouble on the network Which of the following types of attacks should the tester stop?

• A. SNMP brute forcing
• B. ARP spoofing
• C. DNS cache poisoning
• D. SMTP relay

Answer: B

NEW QUESTION 6
A penetration tester wants to target NETBIOS name service. Which of the following is the most likely command to explogt the NETBIOS name service?

• A. arPspoof
• B. nmap
• C. responder
• D. burpsuite

Answer: C

NEW QUESTION 7
A penetration tester notices that the X-Frame-Optjons header on a web application is not set. Which of the following would a malicious actor do to explogt this configuration setting?

• A. Use path modification to escape the application's framework.
• B. Create a frame that overlays the application.
• C. Inject a malicious iframe containing JavaScript.
• D. Pass an iframe attribute that is maliciou

Answer: B

NEW QUESTION 8
A client asks a penetration tester to add more addresses to a test currently in progress. Which of the following would defined the target list?

• A. Rules of engagement
• B. Master services agreement
• C. Statement of work
• D. End-user license agreement

Answer: D

NEW QUESTION 9
After several attempts, an attacker was able to gain unauthorized access through a biometric sensor using the attacker's actual fingerprint without explogtation. Which of the following is the MOST likely explanation of what happened?

• A. The biometric device is tuned more toward false positives
• B. The biometric device is configured more toward true negatives
• C. The biometric device is set to fail closed
• D. The biometnc device duplicated a valid user's fingerpnn

Answer: A

NEW QUESTION 10
If a security consultant comes across a password hash that resembles the following b117 525b3454 7Oc29ca3dBaeOb556ba8
Which of the following formats is the correct hash type?

• A. Kerberos
• B. NetNTLMvl
• C. NTLM
• D. SHA-1

Answer: C

NEW QUESTION 11
A penetration tester locates a few unquoted service paths during an engagement. Which of the following can the tester attempt to do with these?

• A. Attempt to crack the service account passwords.
• B. Attempt DLL hijacking attacks.
• C. Attempt to locate weak file and folder permissions.
• D. Attempt privilege escalation attack

Answer: D

NEW QUESTION 12
A penetration tester successfully explogts a DM2 server that appears to be listening on an outbound port The penetration tester wishes to forward that traffic back to a device Which of the following are the BEST tools to use few this purpose? (Select TWO)

• A. Tcpdump
• B. Nmap
• C. Wiresrtark
• D. SSH
• E. Netcat
• F. Cain and Abel

Answer: CD

NEW QUESTION 13
Which of the following types of physical security attacks does a mantrap mitigate-?

• A. Lock picking
• B. Impersonation
• C. Shoulder surfing
• D. Tailgating

Answer: D

NEW QUESTION 14
Given the following script:

Which of the following BEST describes the purpose of this script?

• A. Log collection
• B. Event logging
• C. Keystroke monitoring
• D. Debug message collection

Answer: C

NEW QUESTION 15
A company planned for and secured the budget to hire a consultant to perform a web application penetration test. Upon discovered vulnerabilities, the company asked the consultant to perform the following tasks:
• Code review
• Updates to firewall setting

• A. Scope creep
• B. Post-mortem review
• C. Risk acceptance
• D. Threat prevention

Answer: C

NEW QUESTION 16
Which of the following BEST explains why it is important to maintain confidentiality of any identified findings when performing a penetration test?

• A. Penetration test findings often contain company intellectual property
• B. Penetration test findings could lead to consumer dissatisfaction if made pubic
• C. Penetration test findings are legal documents containing privileged information
• D. Penetration test findings can assist an attacker in compromising a system

Answer: C

NEW QUESTION 17
A client has voiced concern about the number of companies being branched by remote attackers, who are looking for trade secrets. Which of following BEST describes the types of adversaries this would identify?

• A. Script kiddies
• B. APT actors
• C. Insider threats
• D. Hacktrvist groups

Answer: B