Comptia PenTest+ Certmaster learn Practice Test Review Exam 354 Questions and Answers.
2 views 0 purchase
Course
Comptia PenTest
Institution
Comptia PenTest
Comptia PenTest+ Certmasterlearn Practice Test Review
Exam 354 Questions and Answers.
PenTesters finish performing an exercise for a software development team. What might
the testers mention in a final report? (Select all that apply.) - > Strong Hash Functions,
Credential usage
What is the ...
Comptia PenTest+ Certmaster learn Practice Test Review
Exam 354 Questions and Answers.
PenTesters finish performing an exercise for a software development team. What might
the testers mention in a final report? (Select all that apply.) - > Strong Hash Functions,
Credential usage
What is the Open Web Application Security Project (OWASP)? - > A Resource for
CyberSecurity Awareness
How is a PenTest report tracked while it passes through many hands before delivery? - >
Chain of Custody
A systems administrator tells security engineers that a recent server breach succeeded
without warning. The engineers explain that the attack was a Living off the Land (LoTL)
attack and the system did not throw any alerts for what reason? - > Native OS Tools were
used in the attack
A PenTest team must have a strong ethical background. Which issue is ethics related? -
> Failed background check
A PenTest team reports an issue to a client that may have legal ramifications. Which of
the following issues may have legal ramifications, if reported. - > It is important to be able
to identify and report any criminal activity, even if the activity occurred by accident. For
example, if someone on the team were to inadvertently scan the wrong network.
What communication protocol does an IT manager establish for a PenTest team during a
PenTest engagement? - > Testing Threshold
An organization performs an analysis to determine its tolerance level for risk. What is this
value known as? - > Risk Appetite
A PenTester shows a client how a cleartext password and other information can be
extracted from system memory. Which tool does the PenTester demonstrate? - >
Mimikatz
,The ___ tool is a parallel brute-forcer for network logins. Its focus is to support numerous
network services that allow remote authentication. - > Medusa
The ____ tool allows for the interpretation of results from an Nmap scan to automatically
start medusa against the identified open ports. It can also use results from nmap with
option "-sV" to identify and target services on non-standard ports. - > Brutespray
The ____ tool is similar to medusa, in that it supports parallel testing of several network
authentications. It comes bundled with a tool called pw-inspect. - > Hydra
A PenTest manager drafts multiple contact lists for a pending engagement. Which list
does the lead finalize? - > Primary contact: CIO, Technical contact: IT manager,
Emergency contact: IT Manager
The ___ contact handles the project on the client's end. This can usually be a CIO or
other party responsible for major decisions surrounding the penetration test. - > Primary
The ___ contact handles the technology elements of the activity. This is usually someone
that has in-depth knowledge of the client system, such as the IT manager. - > Technical
The ___ contact is the party that can be contacted in case of particularly urgent matters,
such as system and technical issues. This is often the same as the technical contact. - >
Emergency
An organization realizes the potential for an attack on their systems. As a result, a
resiliency assessment takes place, and various controls are suggested to be put in place.
If an access control list (ACL) is on a firewall, what type of control does the systems
engineer implement? - > Logical
controls automate protection to prevent unauthorized access or misuse and include
Access Control Lists (ACL) that are implemented as software or hardware. - > Logical or
technical
controls are security measures implemented to monitor the adherence to organizational
policies and procedures. - > Administrative
controls restrict, detect and monitor access to specific physical areas or assets. Methods
include barriers, tokens, biometrics, or other controls. - > Physical
,A Pentest team performs an exercise at a large financial firm. During the process, it is
discovered that a risk exists due to missing firmware updates on several hardware-based
firewalls. The team concludes a risk rating during which step of the Pentest process? - >
Analysis
occurs after a team has completed an exercise. A collection of the results of all activities
are analyzed, and a summary is derived of the risk ratings for each. - > Analysis
will deliver the results and any remediation suggestions to the stakeholders, along with a
realistic timeline of reducing risk and implementing corrective actions. - > Reporting
is a critical phase as it provides more information about available network resources.
Scanning identifies live hosts, listening ports, and more. - > Scanning
focuses on gathering as much information about the target as possible. This process
includes searching information on the Internet, using Open-Source Information Gathering
Tools (OSINT). - > Reconnaissance
While footprinting a system, a PenTester uses the finger command. What is true
regarding this command? (Select all that apply.) - > It is used on a Linux System, It is
used to view a user's home directory
On a Linux system, the____ command can be used to display the OS name, version, and
other details about the system. - > uname -a
What Windows service uses port 445 - > NETBIOS
What port can run on 139 or 445 - > SMB
What nmap option is used to conduct a stealth scan - > -sS
framework can help to greatly reduce repetition and increase reach by allowing team
members to share data and findings about client organizations. - > Dradis
An organization utilizes a few dozen voice assistants throughout its offices. The devices
are made and branded by an obscure manufacturer. What technological security issue
might the organization encounter with these devices? - > Lack of automated updates
, A PenTester remotely adds a user to a Windows system on one box and elevates a Linux
user account to root on another. Which approach does the tester use? (Select all that
apply.) - > net user jjones /add, editing a file and changing the user's user ID and group ID
A PenTest technician sanitizes systems from a completed engagement. When
overwriting data on disks, which statements are true regarding SSD drives? (Select all
that apply.) - > Overwriting an HDD is more reliable than with an SSD, SSD uses an
algorithm to reduce wear
A PenTest exercise has concluded. The PenTest team now addresses which area? - >
Shell Removal
A PenTest group performs an assessment exercise for a small business. If the exercise
targets a particular subnet that is for VIP use only, which assessment approach does the
group use when planning an attack? (Select all that apply.) - > Goals, Objectives
A ___ approach uses assessments that have a particular purpose or reason. For
example, if an organization is concerned with a sensitive server, the PenTest team will
focus on that server. - > Goal Based
A ___ approach is the same as a goal-based approach. For example, before
implementing a new point of sale (PoS) system that accepts credit cards, the PenTesting
team might test the system for any security issues before implementation. - > Objective-
based
assessments are used as part of fulfilling the requirements of a specific law or standard,
such as GDPR, HIPAA, or PCI DSS. - > Compliance base
assessments is a method that uses two opposing teams in a PenTest or incident
response exercise. In this approach one team attacks while the other responds. - > Red
team/blue team
A PenTest team prepares to perform an attack on an organization to test employee
diligence. When spoofing a call, how might the team appear to be trusted? - > Utilizing
Caller ID
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller alfreddicki. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $17.99. You're not tied to anything after your purchase.
