PT0-002無料問題集「CompTIA PenTest+ Certification」

質問 1

A penetration tester enters a command into the shell and receives the following output:
C:\Users\UserX\Desktop>vmic service get name, pathname, displayname, startmode | findstr /i auto | findstr /i /v |C:\\Windows\\" I findstr /i /v""
VulnerableService Some Vulnerable Service C:\Program Files\A Subfolder\B Subfolder\SomeExecutable.exe Automatic
Which of the following types of vulnerabilities does this system contain?

（A）Unquoted service path

（B）Clear text credentials

（C）Writable services

（D）Insecure file/folder permissions

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 2

Which of the following tools is commonly used for network scanning and enumeration during a penetration test?

（A）Burp Suite

（B）Nmap

（C）Wireshark

（D）Metasploit

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 3

A penetration tester found the following valid URL while doing a manual assessment of a web application: http://www.example.com/product.php?id=123987.
Which of the following automated tools would be best to use NEXT to try to identify a vulnerability in this URL?

（A）Nikto

（B）SQLmap

（C）Nessus

（D）DirBuster

正解：C 解答を投票する

質問 4

A customer adds a requirement to the scope of a penetration test that states activities can only occur during normal business hours. Which of the following BEST describes why this would be necessary?

（A）Because of concerns regarding bandwidth limitations

（B）For testing of the customer's SLA with the ISP

（C）To meet PCI DSS testing requirements

（D）To ensure someone is available if something goes wrong

正解：D 解答を投票する

質問 5

During the assessment of a client's cloud and on-premises environments, a penetration tester was able to gain ownership of a storage object within the cloud environment using the..... premises credentials. Which of the following best describes why the tester was able to gain access?

（A）Federation misconfiguration of the container

（B）laaS failure at the provider

（C）Container listed in the public domain

（D）Key mismanagement between the environments

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 6

The following PowerShell snippet was extracted from a log of an attacker machine:

A penetration tester would like to identify the presence of an array. Which of the following line numbers would define the array?

（A）Line 8

（B）Line 20

（C）Line 13

（D）Line 19

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 7

A penetration tester, who is doing an assessment, discovers an administrator has been exfiltrating proprietary company information. The administrator offers to pay the tester to keep quiet. Which of the following is the BEST action for the tester to take?

（A）Check the scoping document to determine if exfiltration is within scope.

（B）Escalate the issue.

（C）Stop the penetration test.

（D）Include the discovery and interaction in the daily report.

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 8

During the reconnaissance phase, a penetration tester obtains the following output:
Reply from 192.168.1.23: bytes=32 time<54ms TTL=128
Reply from 192.168.1.23: bytes=32 time<53ms TTL=128
Reply from 192.168.1.23: bytes=32 time<60ms TTL=128
Reply from 192.168.1.23: bytes=32 time<51ms TTL=128
Which of the following operating systems is MOST likely installed on the host?

（A）Linux

（B）Windows

（C）NetBSD

（D）macOS

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 9

A penetration tester was contracted to test a proprietary application for buffer overflow vulnerabilities. Which of the following tools would be BEST suited for this task?

（A）Burp Suite

（B）GDB

（C）SearchSpliot

（D）Netcat

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 10

A penetration tester managed to get control of an internal web server that is hosting the IT knowledge base. Which of the following attacks should the penetration tester attempt next?

（A）Spear phishing

（B）Vishing

（C）Watering hole

（D）Whaling

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 11

During a REST API security assessment, a penetration tester was able to sniff JSON content containing user credentials. The JSON structure was as follows:
<
transaction_id: "123456", content: [ {
user_id: "mrcrowley", password: ["€54321#"] b <
user_id: "ozzy",
password: ["1112228"] ) ]
Assuming that the variable json contains the parsed JSON data, which of the following Python code snippets correctly returns the password for the user ozzy?

（A）json['content']['password'][1]

（B）json['content'][1]['password'][0]

（C）json['user_id']['password'][0][1]

（D）json['content'][0]['password'][1]

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 12

A penetration tester gained access to one of the target company's servers. During the enumeration phase, the penetration tester lists the bash history and observes the following row:
Which of the following steps should the penetration tester take next?

（A）Attempt to read email.

（B）Brute force all mail users.

（C）Enumerate mail server users.

（D）Download hashes.

正解：A 解答を投票する

PT0-002 無料問題集「CompTIA PenTest+ Certification」

弊社を連絡する

関連リンク

トップ試験