一番最新のCompTIA PT0-001試験問題集PDFには2022年更新 [Q105-Q123]

Share

一番最新のCompTIA PT0-001試験問題集PDFには2022年更新

100%無料CompTIA PenTest+ PT0-001問題集PDFお試しサンプル認定ガイドがカバーされます

質問 105
While trying to maintain persistence on a Windows system with limited privileges, which of the following registry keys should the tester use?

  • A. HKEY_CURRENT_CONFIG
  • B. HKEY_CURRENT_USER
  • C. HKEY_LOCAL_MACHINE
  • D. HKEY_CLASSES_ROOT

正解: B

解説:
Explanation/Reference: https://www.redcanary.com/blog/windows-registry-attacks-threat-detection/

 

質問 106
A penetration tester has access to a local machine running Linux, but the account has limited privileges. Which of the following types of files could the tester BEST use for privilege escalation?

  • A. Binaries stored in /usr/bin
  • B. Files with permission 4xxx
  • C. Files with the wrong ACL rules configured
  • D. Files stored in /root directory

正解: D

 

質問 107
Which of the following commands starts the Metasploit database?

  • A. db_init
  • B. db_connect
  • C. msfvenom
  • D. workspace
  • E. msfconsole

正解: E

解説:
References: https://www.offensive-security.com/metasploit-unleashed/msfconsole/

 

質問 108
A penetration tester wants to check manually if a "ghost" vulnerability exists in a system. Which of the following methods is the correct way to validate the vulnerability?

  • A. Download the GHOST file to a Windows system and compile
    gcc -o GHOST
    test i:
    ./GHOST
  • B. Download the GHOST file to a Linux system and compile
    gcc -o GHOST GHOST.c
    test i:
    ./GHOST
  • C. Download the GHOST file to a Linux system and compile
    gcc -o GHOST
    test i:
    ./GHOST
  • D. Download the GHOST file to a Windows system and compile
    gcc -o GHOST GHOST.c
    test i:
    ./GHOST

正解: B

 

質問 109
A company requested a penetration tester review the security of an in-house developed Android application. The penetration tester received an APK file to support the assessment. The penetration tester wants to run SAST on the APK file. Which of the following preparatory steps must the penetration tester do FIRST? (Select TWO).

  • A. Cross-compile the application.
  • B. Convert to JAR.
  • C. Re-sign the APK.
  • D. Decompile.
  • E. Attach to ADB.
  • F. Convert JAR files to DEX.

正解: B,D

 

質問 110
During a physical security review, a detailed penetration testing report was obtained, which was issued to a security analyst and then discarded in the trash. The report contains validated critical risk exposures. Which of the following processes would BEST protect this information from being disclosed in the future?

  • A. Restrict access to physical copies to authorized personnel only.
  • B. Ensure corporate policies include guidance on the proper handling of sensitive information.
  • C. Require only electronic copies of all documents to be maintained.
  • D. Install surveillance cameras near all garbage disposal areas.

正解: B

 

質問 111
Black box penetration testing strategy provides the tester with:

  • A. source code
  • B. privileged credentials
  • C. a target list
  • D. a network diagram

正解: C

 

質問 112
A penetration tester must assess a web service. Which of the following should the tester request during the scoping phase?

  • A. WSDLfile
  • B. SOAP project file
  • C. After-hours contact escalation
  • D. XSD

正解: A

 

質問 113
A financial institution is asking a penetration tester to determine if collusion capabilities to produce wire fraud are present. Which of the following threat actors should the penetration tester portray during the assessment?

  • A. Script kiddie
  • B. Cybercrime organization.
  • C. Insider threat
  • D. Nation state

正解: D

 

質問 114
A penetration tester is checking a script to determine why some basic math errors are persisting. The expected result was the program outputting "True".

Given the output from the console above, which of the following explains how to correct the errors in the script? (Choose two.)

  • A. Change 'else' to 'elif'.
  • B. Change 'fi' to 'Endli'.
  • C. Change 'source' and 'dest' to "$source" and "$dest".
  • D. Change the '=' to '-eq'.
  • E. Remove the 'let' in front of 'dest=5+5'.

正解: C,E

 

質問 115
Which of the following commands starts the Metasploit database?

  • A. db_init
  • B. db_connect
  • C. msfvenom
  • D. workspace
  • E. msfconsole

正解: E

解説:
Explanation/Reference: https://www.offensive-security.com/metasploit-unleashed/msfconsole/

 

質問 116
A security consultant found a SCADA device in one of the VLANs in scope. Which of the following actions would BEST create a potentially destructive outcome against device?

  • A. Lunch a Nessus vulnerability scan against the device.
  • B. Launch a DNS cache poisoning attack against the device.
  • C. Launch an SNMP password brute force attack against the device.
  • D. Launch an SMB exploit against the device.

正解: C

 

質問 117
A penetration tester is performing a code review against a web application Given the following URL and source code:

Which of the following vulnerabilities is present in the code above?

  • A. Cross-site scripting
  • B. SQL injection
  • C. Command injection
  • D. LDAP injection

正解: C

 

質問 118
A tester has determined that null sessions are enabled on a domain controller. Which of the following attacks can be performed to leverage this vulnerability?

  • A. RID cycling to enumerate users and groups
  • B. Password brute forcing to log into the host
  • C. Pass the hash to relay credentials
  • D. Session hijacking to impersonate a system account

正解: B

 

質問 119
A penetration tester successfully exploits a DM2 server that appears to be listening on an outbound port The penetration tester wishes to forward that traffic back to a device Which of the following are the BEST tools to use few this purpose? (Select TWO)

  • A. SSH
  • B. Cain and Abel
  • C. Nmap
  • D. Netcat
  • E. Tcpdump
  • F. Wiresrtark

正解: A,F

 

質問 120
An assessor begins an internal security test of the Windows domain internal. comptia. net. The assessor is given network access via DHCP, but is not given any network maps or target IP addresses. Which of the following commands can the assessor use to find any likely Windows domain controllers?
A)

B)

C)

D)

  • A. Option B
  • B. Option C
  • C. Option D
  • D. Option A

正解: D

 

質問 121
Instructions:
Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
You are a security analyst tasked with hardening a web server.
You have been given a list of HTTP payloads that were flagged as malicious.

正解:

解説:

 

質問 122
A penetration tester has been asked to conduct OS fingerprinting with Nmap using a company-provide text file that contain a list of IP addresses.
Which of the following are needed to conduct this scan? (Select TWO).

  • A. _iL
  • B. -O
  • C. -oX
  • D. -oN
  • E. -sS
  • F. _sV

正解: A,B

 

質問 123
......


CompTIA PT0-001 認定試験の出題範囲:

トピック出題範囲
トピック 1
  • Explain Weaknesses Related To Specialized Systems
  • Compare And Contrast Social Engineering Attacks
トピック 2
  • Given A Scenario, Exploit Local Host Vulnerabilities
  • Compare And Contrast Various Use Cases Of Tools
トピック 3
  • Explain The Importance Of Scoping An Engagement Properly
  • Explain The Key Aspects Of Compliance-Based Assessments
トピック 4
  • Given A Scenario, Exploit Network-Based Vulnerabilities
  • Compare And Contrast Various Use Cases Of Tools
トピック 5
  • Given A Scenario, Exploit Wireless And RF-Based Vulnerabilities
  • Explain Post-Report Delivery Activities
トピック 6
  • Given A Scenario, Analyze A Basic Script (Limited To Bash, Python, Ruby, And Powershell)
トピック 7
  • Given A Scenario, Analyze Tool Output Or Data Related To A Penetration Test
トピック 8
  • Given A Scenario, Conduct Information Gathering Using Appropriate Techniques
トピック 9
  • Explain The Process Of Leveraging Information To Prepare For Exploitation
トピック 10
  • Given A Scenario, Use Nmap To Conduct Information Gathering Exercises
トピック 11
  • Explain The Importance Of Communication During The Penetration Testing Process

 

更新されたのはCompTIA PT0-001問題集PDFオンラインエンジン:https://jp.fast2test.com/PT0-001-premium-file.html


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어