CompTIA PT0-001 CompTIA PenTest+ Certification Exam Online Training
CompTIA PT0-001 Online Training
The questions for PT0-001 were last updated at Jan 05,2025.
- Exam Code: PT0-001
- Exam Name: CompTIA PenTest+ Certification Exam
- Certification Provider: CompTIA
- Latest update: Jan 05,2025
A penetration tester is testing a banking application and uncovers a vulnerability. The tester is logged in as a non-privileged user who should have no access to any data.
Given the data below from the web interception proxy
Request
POST /Bank/Tax/RTSdocuments/ HTTP 1.1
Host: test.com
Accept: text/html; application/xhtml+xml
Referrer: https://www.test.com/Bank/Tax/RTSdocuments/
Cookie: PHPSESSIONID: ;
Content-Type: application/form-data;
Response
403 Forbidden
<tr>
<td> Error:</td></tr>
<tr><td> Insufficient Privileges to view the data. </td></tr>
Displaying 1-10 of 105 records
Which of the following types of vulnerabilities is being exploited?
- A . Forced browsing vulnerability
- B . Parameter pollution vulnerability
- C . File upload vulnerability
- D . Cookie enumeration
A tester has captured a NetNTLMv2 hash using Responder.
Which of the following commands will allow the tester to crack the hash using a mask attack?
- A . hashcat -m 5600 -r rulea/beat64.rule hash.txt wordliat.txt
- B . hashcax -m 500 hash.txt
- C . hashc&t -m 5600 -a 3 haah.txt ?a?a?a?a?a?a?a?a
- D . hashcat -m 5600 -o reaulta.txt hash.txt wordliat.txt
During post-exploitation, a tester identifies that only system binaries will pass an egress filter and store a file with the following command:
c: creditcards.db>c:winitsystem32calc.exe:creditcards.db
Which of the following file system vulnerabilities does this command take advantage of?
- A . Hierarchical file system
- B . Alternate data streams
- C . Backdoor success
- D . Extended file system
A web server is running PHP, and a penetration tester is using LFI to execute commands by passing parameters through the URL. This is possible because server logs were poisoned to execute the PHP system ( ) function .
Which of the following would retrieve the contents of the passwd file?
- A . ”&CMD_cat /etc/passwd–&id-34”
- B . ”&CMD=cat / etc/passwd%&id= 34”
- C . ”&CMD=cat ../../../../etc/passwd7id=34′
- D . ”&system(CMD) ”cat /etc/passed&id=34”
A vulnerability scan identifies that an SSL certificate does not match the hostname; however, the client disputes the finding .
Which of the following techniques can the penetration tester perform to adjudicate the validity of the findings?
- A . Ensure the scanner can make outbound DNS requests.
- B . Ensure the scanner is configured to perform ARP resolution.
- C . Ensure the scanner is configured to analyze IP hosts.
- D . Ensure the scanner has the proper plug -ins loaded.
In which of the following scenarios would a tester perform a Kerberoasting attack?
- A . The tester has compromised a Windows device and dumps the LSA secrets.
- B . The tester needs to retrieve the SAM database and crack the password hashes.
- C . The tester has compromised a limited-privilege user and needs to target other accounts for lateral movement.
- D . The tester has compromised an account and needs to dump hashes and plaintext passwords from the system.
A penetration tester is utilizing social media to gather information about employees at a company. The tester has created a list of popular words used in employee profile s.
For which of the following types of attack would this information be used?
- A . Exploit chaining
- B . Session hijacking
- C . Dictionary
- D . Karma
After gaining initial low-privilege access to a Linux system, a penetration tester identifies an interesting binary in a user’s folder titled “changepass”
-sr Cxr -x 1 root root 6443 Oct 18 2017 /home/user/changepass
Using “strings” to print ASCII printable characters from changepass, the tester notes the following:
$ strings changepass
Exit
setuid
strmp
GLINC _2.0
ENV_PATH
%s/changepw
malloc
strlen
Given this information, which of the following is the MOST likely path of exploitation to achieve root privileges on the machines?
- A . Copy changepass to a writable directory and export the ENV_PATH environmental variable to the path of a token-stealing binary titled changepw. Then run changepass
- B . Create a copy of changepass in the same directory, naming it changpw. Export the ENV_PATH environmental variable to the path “/home/user’. Then run changepass
- C . Export the ENV_PATH environmental variable to the path of a writable directory that contains a token-stealing binary title changepw
- D . Run changepass within the current directory with sudo after exporting the ENV_PATH environmental variable to the path of ‘/usr/local/bin’
A penetration tester observes that several high numbered ports are listening on a public web server. However, the system owner says the application only uses port 443 .
Which of the following would be BEST to recommend?
- A . Transition the application to another port
- B . Filter port 443 to specific IP addresses
- C . Implement a web application firewall
- D . Disable unneeded services.
Which of the following types of physical security attacks does a mantrap mitigate-?
- A . Lock picking
- B . Impersonation
- C . Shoulder surfing
- D . Tailgating
Latest PT0-001 Dumps Valid Version with 248 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
