CompTIA PT0-001 CompTIA PenTest+ Certification Exam Online Training
CompTIA PT0-001 Online Training
The questions for PT0-001 were last updated at Jan 07,2025.
- Exam Code: PT0-001
- Exam Name: CompTIA PenTest+ Certification Exam
- Certification Provider: CompTIA
- Latest update: Jan 07,2025
A penetration tester is performing ARP spoofing against a switch .
Which of the following should the penetration tester spoof to get the MOST information?
- A . MAC address of the client
- B . MAC address of the domain controller
- C . MAC address of the web server
- D . MAC address of the gateway
A penetration tester is designing a phishing campaign and wants to build list of users (or the target organization .
Which of the following techniques would be the MOST appropriate? (Select TWO)
- A . Query an Internet WHOIS database.
- B . Search posted job listings.
- C . Scrape the company website.
- D . Harvest users from social networking sites.
- E . Socially engineer the corporate call center.
A penetration tester has been hired to perform a penetration test for an organization .
Which of the following is indicative of an error-based SQL injection attack?
- A . a=1 or 1CC
- B . 1=1 or bCC
- C . 1=1 or 2CC
- D . 1=1 or aCC
While conducting information gathering, a penetration tester is trying to identify Windows hosts .
Which of the following characteristics would be BEST to use for fingerprinting?
- A . The system responds with a MAC address that begins with 00:0A:3B.
- B . The system responds with port 22 open.
- C . The system responds with a TTL of 128.
- D . The system responds with a TCP window size of 5840.
C
Explanation:
Reference: https://social.technet.microsoft.com/Forums/windowsserver/en-US/67920af3-f60e-43dc-9941-feca54380b52/default-ttl-for-various-oss?forum=winserverpowershell#:~:text=The%20Default%20Ttl%20for%20windows,default%20for%20Unix%20is%2064
A consultant is identifying versions of Windows operating systems on a network.
Which of the following Nmap commands should the consultant run?
- A . nmap -T4 -v -sU -iL /tmp/list.txt -Pn ―script smb-system-info
- B . nmap -T4 -v -iL /tmp/list .txt -Pn ―script smb-os-disccvery
- C . nmap -T4 -v -6 -iL /tmp/liat.txt -Pn ―script smb-os-discovery -p 135-139
- D . nmap -T4 -v ―script smb-system-info 192.163.1.0/24
A company received a report with the following finding . While on the internal network the penetration tester was able to successfully capture SMB broadcasted user ID and password information on the network and decode this information. This allowed the penetration tester to then join their own computer to the ABC domain.
Which of the following remediation’s are appropriate for the reported findings’? (Select TWO)
- A . Set the Schedule Task Service from Automatic to Disabled
- B . Enable network-level authentication
- C . Remove the ability from Domain Users to join domain computers to the network
- D . Set the netlogon service from Automatic to Disabled
- E . Set up a SIEM alert to monitor Domain joined machines
- F . Set "Digitally sign network communications" to Always
The results of a basic compliance scan show a subset of assets on a network. This data differs from what is shown on the network architecture diagram, which was supplied at the beginning of the test .
Which of the following are the MOST likely causes for this difference? (Select TWO)
- A . Storage access
- B . Limited network access
- C . Misconfigured DHCP server
- D . Incorrect credentials
- E . Network access controls
Joe, an attacker, intends to transfer funds discreetly from a victim’s account to his own .
Which of the following URLs can he use to accomplish this attack?
- A . https://testbank.com/BankingApp/ACH.aspx?CustID=435345&accountType=F&action-ACHTransfer&senderID=654846¬ify=False&creditaccount=’OR 1=1 AND select username from testbank.custinfo where username like ‘Joe’&amount=200
- B . https://testbank.com/BankingApp/ACH.aspx?CustID=435345&accountType=F&action-ACHTransfer&senderID=654846¬ify=False&creditaccount=’OR 1=1 AND select username from testbank.custinfo where username like ‘Joe’ &amount=200
- C . https://testbank.com/BankingApp/ACH.aspx?CustID=435345&accountType=F&action-ACHTransfer&senderID=654846¬ify=True&creditaccount=’OR 1=1 AND select username from testbank.custinfo where username like ‘Joe’ &amount=200
- D . https://testbank.com/BankingApp/ACH.aspx?CustID=435345&accountType=F&action-ACHTransfer&senderID=654846¬ify=True&creditaccount=’AND 1=1 AND select username from testbank.custinfo where username like ‘Joe’ &amount=200
A penetration tester has been assigned to perform an external penetration assessment of a company .
Which of the following steps would BEST help with the passive-information-gathering process? (Choose two.)
- A . Wait outside of the company’s building and attempt to tailgate behind an employee.
- B . Perform a vulnerability scan against the company’s external netblock, identify exploitable vulnerabilities, and attempt to gain access.
- C . Use domain and IP registry websites to identify the company’s external netblocks and external facing applications.
- D . Search social media for information technology employees who post information about the technologies they work with.
- E . Identify the company’s external facing webmail application, enumerate user accounts and attempt password guessing to gain access.
Which of the following reasons does penetration tester needs to have a customer’s point-of -contact information available at all time? (Select THREE).
- A . To report indicators of compromise
- B . To report findings that cannot be exploited
- C . To report critical findings
- D . To report the latest published exploits
- E . To update payment information
- F . To report a server that becomes unresponsive
- G . To update the statement o( work
- H . To report a cracked password
Latest PT0-001 Dumps Valid Version with 248 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
