PENTEST+ EXAM PT0-001 STUDY, (ANSWERED)
Zverlory
zv3rl0ry
Zverl0ry
Zv3r!0ry
DRAG DROP -Place each of the following passwords in order of complexity from least complex (1) to most complex (4), based on the character sets represented. Each password may be used only once.Select and Place:
nist...
Zverlory
zv3rl0ry
Zverl0ry
Zv3r!0ry
DRAG DROP -Place each of the following passwords in order of complexity from least
complex (1) to most complex (4), based on the character sets represented. Each
password may be used only once.Select and Place:
nist
nsrt
imdA
strat
DRAG DROP -A manager calls upon a tester to assist with diagnosing an issue within
the following Python script:#!/usr/bin/pythons = ג€Administratorג€The tester suspects it
is an issue with string slicing and manipulation. Analyze the following code segment and
drag and drop the correct output for each string manipulation to its corresponding code
segment. Options may be used once or not at all.Select and Place:
D
A penetration tester has compromised a Windows server and is attempting to achieve
persistence. Which of the following would achieve that goal?
A. schtasks.exe /create/tr ג€powershell.exeג€ Sv.ps1 /run
B. net session server | dsquery -user | net use c$
C. powershell && set-executionpolicy unrestricted
D. reg save HKLM\System\CurrentControlSet\Services\Sv.reg
A
A client has scheduled a wireless penetration test. Which of the following describes the
scoping target information MOST likely needed before testing can begin?
A. The physical location and network ESSIDs to be tested
B. The number of wireless devices owned by the client
C. The client's preferred wireless access point vendor
D. The bands and frequencies used by the client's devices
B
Which of the following BEST describes some significant security weaknesses with an
ICS, such as those used in electrical utility facilities, natural gas facilities, dams, and
nuclear facilities?
A. ICS vendors are slow to implement adequate security controls.
B. ICS staff are not adequately trained to perform basic duties.
C. There is a scarcity of replacement equipment for critical devices.
D. There is a lack of compliance for ICS facilities.
C
A security analyst was provided with a detailed penetration report, which was performed
against the organization's DMZ environment. It was noted on the report that a finding
has a CVSS base score of 10.0. Which of the following levels of difficulty would be
required to exploit this vulnerability?
A. Very difficult; perimeter systems are usually behind a firewall.
,B. Somewhat difficult; would require significant processing power to exploit.
C. Trivial; little effort is required to exploit this finding.
D. Impossible; external hosts are hardened to protect against attacks.
AC
A penetration tester has gained access to a marketing employee's device. The
penetration tester wants to ensure that if the access is discovered, control of the device
can be regained. Which of the following actions should the penetration tester use to
maintain persistence to the device? (Select TWO.)
A. Place an entry in HKLM\Software\Microsoft\CurrentVersion\Run to call au57d.ps1.
B. Place an entry in C:\windows\system32\drivers\etc\hosts for 12.17.20.10
badcomptia.com.
C. Place a script in C:\users\%username\local\appdata\roaming\temp\au57d.ps1.
D. Create a fake service in Windows called RTAudio to execute manually.
E. Place an entry for RTAudio in HKLM\CurrentControlSet\Services\RTAudio.
F. Create a schedule task to call C:\windows\system32\drivers\etc\hosts.
A
Which of the following tools is used to perform a credential brute force attack?
A. Hydra
B. John the Ripper
C. Hashcat
D. Peach
BD
Which of the following situations would cause a penetration tester to communicate with
a system owner/client during the course of a test? (Select TWO.)
A. The tester discovers personally identifiable data on the system.
B. The system shows evidence of prior unauthorized compromise.
C. The system shows a lack of hardening throughout.
D. The system becomes unavailable following an attempted exploit.
E. The tester discovers a finding on an out-of-scope system.
D
A penetration tester has performed a security assessment for a startup firm. The report
lists a total of ten vulnerabilities, with five identified as critical. The client does not have
the resources to immediately remediate all vulnerabilities. Under such circumstances,
which of the following would be the BEST suggestion for the client?
A. Apply easy compensating controls for critical vulnerabilities to minimize the risk, and
then reprioritize remediation.
B. Identify the issues that can be remediated most quickly and address them first.
C. Implement the least impactful of the critical vulnerabilities' remediations first, and
then address other critical vulnerabilities
D. Fix the most critical vulnerability first, even if it means fixing the other vulnerabilities
may take a very long lime.
A
Which of the following is the reason why a penetration tester would run the chkconfig --
del servicename command at the end of an engagement?
A. To remove the persistence
B. To enable persistence
,C. To report persistence
D. To check for persistence
C
A penetration tester wants to target NETBIOS name service. Which of the following is
the MOST likely command to exploit the NETBIOS name service?
A. arpspoof
B. nmap
C. responder
D. burpsuite
A
A security consultant receives a document outlining the scope of an upcoming
penetration test. This document contains IP addresses and times that each can be
scanned. Which of the following would contain this information?
A. Rules of engagement
B. Request for proposal
C. Master service agreement
D. Business impact analysis
A
A penetration tester executes the following commands:Which of the following is a local
host vulnerability that the attacker is exploiting?
A. Insecure file permissions
B. Application whitelisting
C. Shell escape
D. Writable service
A
A penetration tester reviews the scan results of a web application. Which of the
following vulnerabilities is MOST critical and should be prioritized for exploitation?
A. Stored XSS
B. Fill path disclosure
C. Expired certificate
D. Clickjacking
D
A penetration tester observes that several high-numbered ports are listening on a public
web server. However, the system owner says the application only uses port 443. Which
of the following would be BEST to recommend?
A. Transition the application to another port.
B. Filter port 443 to specific IP addresses.
C. Implement a web application firewall.
D. Disable unneeded services.
C
A penetration tester was able to enter an SQL injection command into a text box and
gain access to the information store on the database. Which of the following is the
BEST recommendation that would mitigate the vulnerability?
A. Randomize the credentials used to log in.
B. Install host-based intrusion detection.
, C. Implement input normalization.
D. Perform system hardening.
A
Black box penetration testing strategy provides the tester with:
A. a target list
B. a network diagram
C. source code
D. privileged credentials
AE
Which of the following tools would a penetration tester leverage to conduct OSINT?
(Select TWO).
A. Shodan
B. SET
C. BeEF
D. Wireshark
E. Maltego
F. Dynamo
D
A penetration tester is performing ARP spoofing against a switch. Which of the following
should the penetration tester spoof to get the MOST information?
A. MAC address of the client
B. MAC address of the domain controller
C. MAC address of the web server
D. MAC address of the gateway
CDE
A penetration tester is able to move laterally throughout a domain with minimal
roadblocks after compromising a single workstation. Which of the following mitigation
strategies would be BEST to recommend in the report? (Select THREE).
A. Randomize local administrator credentials for each machine.
B. Disable remote logons for local administrators.
C. Require multifactor authentication for all logins.
D. Increase minimum password complexity requirements.
E. Apply additional network access control.
F. Enable full-disk encryption on every workstation.
G. Segment each host into its own VLAN.
D
A security consultant is trying to attack a device with a previously identified user
account.Which of the following types of attacks is being executed?
A. Credential dump attack
B. DLL injection attack
C. Reverse shell attack
D. Pass the hash attack
B
A malicious user wants to perform an MITM attack on a computer. The computer
network configuration is given below:IP: 192.168.1.20 -NETMASK: 255.255.255.0 -
DEFAULT GATEWAY: 192.168.1.254 -DHCP: 192.168.1.253 -DNS: 192.168.10.10,
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller ACADEMICAIDSTORE. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.49. You're not tied to anything after your purchase.
