次の認定試験に速く合格する!

簡単に認定試験を準備し、学び、そして合格するためにすべてが必要だ。

会員センター  カート (0)

PT0-003 無料問題集「CompTIA PenTest+」

ページ: 1 / 15
トータル 241 問
完全版を入手する
During a web application assessment, a penetration tester identifies an input field that allows JavaScript injection. The tester inserts a line of JavaScript that results in a prompt, presenting a text box when browsing to the page going forward. Which of the following types of attacks is this an example of?

解説: (JPNTest メンバーにのみ表示されます)
A tester enumerated a firewall policy and now needs to stage and exfiltrate data captured from the engagement. Given the following firewall policy:
Action | SRC
| DEST
| --
Block | 192.168.10.0/24 : 1-65535 | 10.0.0.0/24 : 22 | TCP
Allow | 0.0.0.0/0 : 1-65535 | 192.168.10.0/24:443 | TCP
Allow | 192.168.10.0/24 : 1-65535 | 0.0.0.0/0:443 | TCP
Block | . | . | *
Which of the following commands should the tester try next?

解説: (JPNTest メンバーにのみ表示されます)
A tester obtains access to an endpoint subnet and wants to move laterally in the network. Given the following Nmap scan output:
Nmap scan report for some_host
Host is up (0.01s latency).
PORT STATE SERVICE
445/tcp open microsoft-ds
Host script results:
smb2-security-mode: Message signing disabled
Which of the following command and attack methods is the most appropriate for reducing the chances of being detected?

解説: (JPNTest メンバーにのみ表示されます)
As part of an engagement, a penetration tester wants to maintain access to a compromised system after rebooting. Which of the following techniques would be best for the tester to use?

解説: (JPNTest メンバーにのみ表示されます)
Which of the following describes the process of determining why a vulnerability scanner is not providing results?

解説: (JPNTest メンバーにのみ表示されます)
During a penetration test, a tester attempts to pivot from one Windows 10 system to another Windows system.
The penetration tester thinks a local firewall is blocking connections. Which of the following command-line utilities built into Windows is most likely to disable the firewall?

解説: (JPNTest メンバーにのみ表示されます)
During a pre-engagement activity with a new customer, a penetration tester looks for assets to test. Which of the following is an example of a target that can be used for testing?

解説: (JPNTest メンバーにのみ表示されます)
A penetration tester is performing an authorized physical assessment. During the test, the tester observes an access control vestibule and on-site security guards near the entry door in the lobby. Which of the following is the best attack plan for the tester to use in order to gain access to the facility?

解説: (JPNTest メンバーにのみ表示されます)
A penetration tester finds that an application responds with the contents of the /etc/passwd file when the following payload is sent:
xml
Copy code
<?xml version="1.0"?>
<!DOCTYPE data [
<!ENTITY foo SYSTEM "file:///etc/passwd" >
]>
<test>&foo;</test>
Which of the following should the tester recommend in the report to best prevent this type of vulnerability?

解説: (JPNTest メンバーにのみ表示されます)
A penetration tester currently conducts phishing reconnaissance using various tools and accounts for multiple intelligence-gathering platforms. The tester wants to consolidate some of the tools and accounts into one solution to analyze the output from the intelligence-gathering tools. Which of the following is the best tool for the penetration tester to use?

解説: (JPNTest メンバーにのみ表示されます)
A penetration tester is working on an engagement in which a main objective is to collect confidential information that could be used to exfiltrate data and perform a ransomware attack. During the engagement, the tester is able to obtain an internal foothold on the target network. Which of the following is the next task the tester should complete to accomplish the objective?

解説: (JPNTest メンバーにのみ表示されます)
A penetration tester conducts reconnaissance for a client's network and identifies the following system of interest:
$ nmap -A AppServer1.compita.org
Starting Nmap 7.80 (2023-01-14) on localhost (127.0.0.1) at 2023-08-04 15:32:27 Nmap scan report for AppServer1.compita.org (192.168.1.100) Host is up (0.001s latency).
Not shown: 999 closed ports
Port State Service
21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
80/tcp open http
135/tcp open msrpc
139/tcp open netbios-ssn
443/tcp open https
445/tcp open microsoft-ds
873/tcp open rsync
8080/tcp open http-proxy
8443/tcp open https-alt
9090/tcp open zeus-admin
10000/tcp open snet-sensor-mgmt
The tester notices numerous open ports on the system of interest. Which of the following best describes this system?

解説: (JPNTest メンバーにのみ表示されます)
A penetration tester is conducting reconnaissance on a target network. The tester runs the following Nmap command: nmap -sv -sT -p - 192.168.1.0/24. Which of the following describes the most likely purpose of this scan?

解説: (JPNTest メンバーにのみ表示されます)
During a discussion of a penetration test final report, the consultant shows the following payload used to attack a system:
html
Copy code
7/<sCRitP>aLeRt('pwned')</ScriPt>
Based on the code, which of the following options represents the attack executed by the tester and the associated countermeasure?

解説: (JPNTest メンバーにのみ表示されます)
A penetration tester wants to send a specific network packet with custom flags and sequence numbers to a vulnerable target. Which of the following should the tester use?

解説: (JPNTest メンバーにのみ表示されます)
During an engagement, a penetration tester wants to enumerate users from Linux systems by using finger and rwho commands. However, the tester realizes these commands alone will not achieve the desired result.
Which of the following is the best tool to use for this task?

解説: (JPNTest メンバーにのみ表示されます)
Which of the following elements of a penetration test report can be used to most effectively prioritize the remediation efforts for all the findings?

解説: (JPNTest メンバーにのみ表示されます)
ページ: 1 / 15
トータル 241 問

弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

オンラインサポート時間:( UTC+9 ) 9:00-24:00
月曜日から土曜日まで

サポート:現在連絡 

関連リンク

トップ試験