PT0-001無料問題集「CompTIA PenTest+ Certification」

質問 1

While performing privilege escalation on a Windows 7 workstation, a penetration tester identifies a service that imports a DLL by name rather than an absolute path. To exploit this vulnerability, which of the following criteria must be met?

（A）Permissions not disabled in the DLL

（B）Weak folder permissions of a directory in the DLL search path

（C）DLL not cryptographically signed by the vendor

（D）Write permissions in the C:\Windows\System32\imports directory

正解：B 解答を投票する

質問 2

During a physical security review, a detailed penetration testing report was obtained, which was issued to a security analyst and then discarded in the trash. The report contains validated critical risk exposures. Which of the following processes would BEST protect this information from being disclosed in the future?

（A）Install surveillance cameras near all garbage disposal areas.

（B）Restrict access to physical copies to authorized personnel only.

（C）Require only electronic copies of all documents to be maintained.

（D）Ensure corporate policies include guidance on the proper handling of sensitive information.

正解：D 解答を投票する

質問 3

A penetration tester successfully exploits a DM2 server that appears to be listening on an outbound port The penetration tester wishes to forward that traffic back to a device Which of the following are the BEST tools to use few this purpose? (Select TWO)

（A）Nmap

（B）Wiresrtark

（C）Cain and Abel

（D）Netcat

（E）SSH

（F）Tcpdump

正解：D、E 解答を投票する

質問 4

An attacker performed a MITM attack against a mobile application. The attacker is attempting to manipulate the application's network traffic via a proxy tool. The attacker only sees limited traffic as cleartext. The application log files indicate secure SSL/TLS connections are failing. Which of the following is MOST likely preventing proxying of all traffic?

（A）Closed ports

（B）Misconfigured routes

（C）Strong cipher suites

（D）Certificate pinning

正解：D 解答を投票する

質問 5

A penetration tester is performing a black-box test of a client web application, and the scan host is unable to access it. The client has sent screenshots showing the system is functioning correctly. Which of the following is MOST likely the issue?

（A）The penetration tester needs an OAuth bearer token.

（B）The tester has provided an incorrect password for the application.

（C）An IPS/WAF whitelist is in place to protect the environment.

（D）The penetration tester was not provided with a WSDL file.

正解：A 解答を投票する

質問 6

A penetration tester is reviewing the following output from a wireless sniffer:

Which of the following can be extrapolated from the above information?

（A）Hardware vendor

（B）Key strength

（C）Channel interference

（D）Usernames

正解：D 解答を投票する

質問 7

A penetration tester wants to script out a way to discover all the RPTR records for a range of IP addresses. Which of the following is the MOST efficient to utilize?

（A）dig -r > echo "8.8.8.8" >> /etc/resolv/conf

（B）nmap -p 53 -oG dnslist.txt | cut -d ":" -f 4

（C）for x in (1...254); do dig -x 192.168. $x. $x; done

（D）nslookup -ns 8.8.8.8 << dnslist.txt

正解：C 解答を投票する

質問 8

A penetration tester is performing a black box assessment on a web-based banking application. The tester was only provided with a URL to the login page. Give the below code and output Import requests from BeautifulSoup import BeautifulSoup request = requests.get ("https://www.bank.com/admin") respHeaders, respBody = request[0]. Request[1] if respHeader.statuscode == 200:
soup = BeautifulSoup (respBody)
soup = soup.FindAll ("div", ("type" : "hidden"))
print respHeader. StatusCode, StatusMessage
else:
print respHeader. StatusCode, StatusMessage
Output: 200 OK
Which of the following is the tester intending to do?

（A）Analyze HTTP respond code

（B）Search for HTTP headers

（C）Scrape the page for hidden fields

（D）Horizontally escalate privileges

正解：C 解答を投票する

質問 9

Given the following Python script:
#1/usr/bin/python
import socket as skt
for port in range (1,1024):
try:
sox=skt.socket(skt.AF.INET,skt.SOCK_STREAM)
sox.settimeout(1000)
sox.connect (('127.0.0.1', port))
print '%d:OPEN' % (port)
sox.close
except: continue
Which of the following is where the output will go?

（A）To the screen

（B）To a network server

（C）To a file

（D）To /dev/null

正解：A 解答を投票する

質問 10

At the beginning of a penetration test, the tester finds a file that includes employee data, such as email addresses, work phone numbers, computers names, and office locations. The file is hosted on a public web server. Which of the following BEST describes the technique that was used to obtain this information?

（A）Enumeration of services

（B）Social engineering

（C）OSINT gathering

（D）Port scanning

正解：C 解答を投票する

質問 11

A penetration tester is checking a script to determine why some basic math errors are persisting. The expected result was the program outputting "True".

Given the output from the console above, which of the following explains how to correct the errors in the script? (Choose two.)

（A）Change 'fi' to 'Endli'.

（B）Change 'source' and 'dest' to "$source" and "$dest".

（C）Remove the 'let' in front of 'dest=5+5'.

（D）Change 'else' to 'elif'.

（E）Change the '=' to '-eq'.

正解：B、C 解答を投票する

質問 12

A penetration tester ran an Nmap scan against a target and received the following output:

Which of the following commands would be best for the penetration tester to execute NEXT to discover any weaknesses or vulnerabilities?

（A）medusa -h 192.168.121.1 -U users.txt -P passwords.txt -M ssh

（B）snmpwalk -c public 192.168.121.1

（C）onesixtyone -d 192.168.121.1

（D）enum4linux -w 192.168.121.1

正解：B 解答を投票する

質問 13

A penetration tester has been assigned to perform an external penetration assessment of a company. Which of the following steps would BEST help with the passive-information-gathering process? (Choose two.)

（A）Use domain and IP registry websites to identify the company's external netblocks and external facing applications.

（B）Perform a vulnerability scan against the company's external netblock, identify exploitable vulnerabilities, and attempt to gain access.

（C）Search social media for information technology employees who post information about the technologies they work with.

（D）Wait outside of the company's building and attempt to tailgate behind an employee.

（E）Identify the company's external facing webmail application, enumerate user accounts and attempt password guessing to gain access.

正解：C、E 解答を投票する

質問 14

A client is asking a penetration tester to evaluate a new web application for availability. Which of the following types of attacks should the tester use?

（A）TCP SYN flood

（B）xss

（C）SQL injection

（D）XMAS scan

正解：C 解答を投票する

質問 15

After performing a security assessment for a firm, the client was found to have been billed for the time the client's test environment was unavailable. The client claims to have been billed unfairly. Which of the following documents would MOST likely be able to provide guidance in such a situation?

（A）EULA

（B）BPA

（C）NDA

（D）SOW

正解：D 解答を投票する

PT0-001 無料問題集「CompTIA PenTest+ Certification」

弊社を連絡する

関連リンク

トップ試験