PT0-001試験無料問題集（295題）「CompTIA PenTest+ Certification 認定」

出題：1

A penetration tester was able to retrieve the initial VPN user domain credentials by phishing a member of the IT department. Afterward, the penetration tester obtained hashes over the VPN and easily cracked them using a dictionary attack Which of the following remediation steps should be recommended? (Select THREE)

A. Implement two-factor authentication for remote access

B. Mandate all employees take security awareness training

C. Increase password complexity requirements

D. Upgrade the cipher suite used for the VPN solution

E. Install an intrusion prevention system

F. Prevent members of the IT department from interactively logging in as administrators

G. Install a security information event monitoring solution.

正解：B,C,D 解答を投票する

出題：2

A recent vulnerability scan of all web servers in an environment offers the following results:

Taking a risk-based approach, which of the following is the BEST order to approach remediation based on exposure?

A. SQL injection, unrestricted file upload, clickjacking, verbose server banner

B. Unrestricted file upload, clickjacking, verbose server banner, SQL injection

C. SQL injection, clickjacking, unrestricted file upload, verbose server banner

D. Unrestricted file upload, SQL injection, clickjacking, verbose server banner

E. Clickjacking, unrestricted file upload, verbose server banner, SQL injection

正解：D 解答を投票する

出題：3

A manager calls upon a tester to assist with diagnosing an issue within the following Python script:
#!/usr/bin/python
s = "Administrator"
The tester suspects it is an issue with string slicing and manipulation Analyze the following code segment and drag and drop the correct output for each string manipulation to its corresponding code segment Options may be used once or not at all

正解：

出題：4

A penetration tester discovers SNMP on some targets. Which of the following should the penetration tester try FIRST?

A. Upload a new config file.

B. Sniff SNMP traffic.

C. Use default credentials.

D. Conduct a MITM.

正解：C 解答を投票する

出題：5

Which of the following describe a susceptibility present in Android-based commercial mobile devices when organizations are not employing MDM services? (Choose two.)

A. Unsigned apps can be installed.

B. The default device log facility does not record system actions.

C. End users have root access to devices by default.

D. Configurations are user-customizable.

E. IPSec VPNs are not configurable.

F. Push notification services require Internet access.

正解：A,D 解答を投票する

出題：6

Which of the following excerpts would come from a corporate policy?

A. The corporate systems must store passwords using the MD5 hashing algorithm.

B. Employees must use strong passwords for accessing corporate assets.

C. The help desk can be reached at 800-passwd1 to perform password resets.

D. Employee passwords must contain a minimum of eight characters, with one being alphanumeric.

正解：B 解答を投票する

出題：7

D18912E1457D5D1DDCBD40AB3BF70D5D
During the exploitation phase of a penetration test, a vulnerability is discovered that allows command execution on a Linux web server. A cursory review confirms the system access is only in a low-privilege user context: www-dat a. After reviewing, the following output from /etc/sudoers:

Which of the following users should be targeted for privilege escalation?

A. Only members of the Linux admin group, OPERATORS, ADMINS, jedwards, and operator can execute privileged commands useful for privilege escalation.

B. All users on the machine can execute privileged commands useful for privilege escalation.

C. Jedwards, operator, bfranks, emann, OPERATOR, and ADMINS can execute commands useful for privilege escalation.

D. Bfranks, emann, members of the Linux admin group, OPERATORS, and ADMINS can execute commands useful for privilege escalation.

正解：A 解答を投票する

出題：8

A client has scheduled a wireless penetration test. Which of the following describes the scoping target information MOST likely needed before testing can begin?

A. The physical location and network ESSIDs to be tested

B. The number of wireless devices owned by the client

C. The bands and frequencies used by the client's devices

D. The client's preferred wireless access point vendor

正解：C 解答を投票する

出題：9

Which of the following reasons does penetration tester needs to have a customer's point-of -contact information available at all time? (Select THREE).

A. To update payment information

B. To report a cracked password

C. To report the latest published exploits

D. To report critical findings

E. To report indicators of compromise

F. To report findings that cannot be exploited

G. To report a server that becomes unresponsive

H. To update the statement o( work

正解：D,E,G 解答を投票する

出題：10

During a penetration test, a tester runs a phishing campaign and receives a shell from an internal PC running Windows 10 OS. The tester wants to perform credential harvesting with Mimikatz.
Which of the following registry changes would allow for credential caching in memory?

A. reg add HKLM\System\CurrentControlSet\Control\SecurityProviders\WDigest /v userLogoCredential /t REG_DWORD /d 1

B. reg add HKLM\System\ControlSet002\Control\SecurityProviders\WDigest /v userLogoCredential /t REG_DWORD /d 0

C. reg add HKCU\System\CurrentControlSet\Control\SecurityProviders\WDigest /v userLogoCredential /t REG_DWORD /d 1

D. reg add HKLM\Software\CurrentControlSet\Control\SecurityProviders\WDigest /v userLogoCredential /t REG_DWORD /d 1

正解：B 解答を投票する

出題：11

You are a penetration tester running port scans on a server.
INSTRUCTIONS
Part1: Given the output, construct the command that was used to generate this output from the available options.
Part2: Once the command is appropriately constructed, use the given output to identify the potential attack vectors that should be investigated further.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Part1

Part2

正解：

Part 1 - nmap 192.168.2.2 -sV -O
Part 2 - Weak SMB file permissions

出題：12

Which of the following would be BEST for performing passive reconnaissance on a target's external domain?

A. OpenVAS

B. Shodan

C. Peach

D. CeWL

正解：B 解答を投票する

出題：13

An Internet-accessible database server was found with the following ports open: 22, 53, 110, 1433, and 3389. Which of the following would be the BEST hardening technique to secure the server?

A. Employ network ACLs.

B. Ensure all protocols are using encryption.

C. Disable source routing on the server.

D. Ensure the IDS rules have been updated.

正解：A 解答を投票する

出題：14

Which of the following BEST explains why it is important to maintain confidentiality of any identified findings when performing a penetration test?

A. Penetration test findings often contain company intellectual property

B. Penetration test findings are legal documents containing privileged information

C. Penetration test findings could lead to consumer dissatisfaction if made pubic

D. Penetration test findings can assist an attacker in compromising a system

正解：D 解答を投票する

出題：15

Which of the following is an important stakeholder to notify when penetration testing has begun?

A. Remediation manager

B. Compliance assessor

C. System owner

D. Patching team

正解：C 解答を投票する

出題：16

Which of the following tools is used to perform a credential brute force attack?

A. Hydra

B. John the Ripper

C. Hashcat

D. Peach

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

PT0-001試験無料問題集「CompTIA PenTest+ Certification 認定」