PT0-001のPDFで合格させるスゴ問題集でPT0-001最新のリアル試験問題 [Q174-Q198]

Share

PT0-001のPDFで合格させるスゴ問題集でPT0-001最新のリアル試験問題

有効なPT0-001テスト解答PT0-001試験PDF問題を試そう

質問 # 174
A penetration tester is performing initial intelligence gathering on some remote hosts prior to conducting a vulnerability scan.
The tester runs the following command:
nmap -D 192.168.1.1, 192.168.1.2, 192.168.1.3 -sV -o --max-rate 2 192.168.1.130 Which of the following BEST describes why multiple IP addresses are specified?

  • A. The network is subnetted as a/25 or greater, and the tester needed to access hosts on two different subnets.
  • B. A discovery scan is run on the first set of addresses, whereas a deeper, more aggressive scan is run against the latter host.
  • C. The scanning machine has several interfaces to balance the scan request across at the specified rate.
  • D. The tester is trying to perform a more stealthy scan by including several bogus addresses.

正解:D


質問 # 175
A penetration tester has been asked to conduct OS fingering with Nmap using a company-provided text file that contains a list of IP addresses. Which of the following are needed to conduct this scan? (Choose two.).

  • A. -iL
  • B. -V
  • C. -oX
  • D. oN
  • E. -sS
  • F. -O

正解:A、D

解説:
Explanation
Explanation/Reference:
Reference https://securitytrails.com/blog/top-15-nmap-commands-to-scan-remote-hosts#six-scan-hosts-and- ip-addresses-reading-from-a-text-file


質問 # 176
After successfully enumerating users on an Active Directory domain controller using enum4linux a penetration tester wants to conduct a password-guessing attack Given the below output:

Which of the following can be used to extract usernames from the above output prior to conducting the attack?

  • A. cut -d: -f2 enum41inux_output.txt | awk '{print S2}' I cut -d: -f1 > usernaraes.txt
  • B. grep user enuza41inux_output.txt I awk '{print $1}' | cut -d[ -f2 I cut -d] -f1 > username.txt
  • C. cat enum41inux_output.txt > grep -v user I sed 's/\[//' I sed 's/\]//' 2> usernames.txt
  • D. grep -i rid v< enura.41inux_output. txt' | cut -d: -f2 i cut -d] -f1 > usernames. txt

正解:B


質問 # 177
A company has engaged a penetration tester to perform an assessment for an application that resides in the company's DMZ. Prior to conducting testing, in which of the following solutions should the penetration tester's IP address be whitelisted?

  • A. NIDS
  • B. WAF
  • C. DLP
  • D. HIDS

正解:A


質問 # 178
Consumer-based IoT devices are often less secure than systems built for traditional desktop computers.
Which of the following BEST describes the reasoning for this?

  • A. It is difficult for administrators to implement the same security standards across the board.
  • B. Regulatory authorities often have lower security requirements for IoT systems.
  • C. Manufacturers developing IoT devices are less concerned with security.
  • D. IoT systems often lack the hardware power required by more secure solutions.

正解:D


質問 # 179
Which of the following commands starts the Metasploit database?

  • A. msfvenom
  • B. workspace
  • C. db_connect
  • D. db_init
  • E. msfconsole

正解:E

解説:
References: https://www.offensive-security.com/metasploit-unleashed/msfconsole/


質問 # 180
Instructions:
Analyze the code segments to determine which sections are needed to complete a port scanning script.
Drag the appropriate elements into the correct locations to complete the script.
If at any time you would like to bring back the initial state of the simulation, please click the reset all button.
During a penetration test, you gain access to a system with a limited user interface. This machine appears to have access to an isolated network that you would like to port scan.

正解:

解説:


質問 # 181
Which of the following tools would a penetration tester leverage to conduct OSINT? (Select TWO).

  • A. Wireshark
  • B. Shodan
  • C. SET
  • D. Maltego
  • E. BeEF
  • F. Dynamo

正解:B、D

解説:
References: https://resources.infosecinstitute.com/top-five-open-source-intelligence-osint-tools/#gref


質問 # 182
A penetration tester identifies the following findings during an external vulnerability scan:

Which of the following attack strategies should be prioritized from the scan results above?

  • A. Web server configurations may reveal sensitive information
  • B. Weak password management practices may be employed
  • C. Obsolete software may contain exploitable components
  • D. Cryptographically weak protocols may be intercepted

正解:C


質問 # 183
Which of the following tools is used to perform a credential brute force attack?

  • A. Peach
  • B. Hydra
  • C. John the Ripper
  • D. Hashcat

正解:B

解説:
Reference https://www.greycampus.com/blog/information-security/brute-force-attacks-prominent-tools-totackle-such-attacks


質問 # 184
After performing a security assessment for a firm, the client was found to have been billed for the time the client's test environment was unavailable The Client claims to have been billed unfairly. Which of the following documents would MOST likely be able to provide guidance in such a situation?

  • A. BRA
  • B. SOW
  • C. NDA
  • D. EULA

正解:A


質問 # 185
A penetration testing company was hired to conduct a penetration test against Company A's network of 20.10.10.0/24 and mail.companyA.com. While the penetration testing company was in the information gathering phase, it was discovered that the mail.companyA.com IP address resolved to 20.15.1.2 and belonged to Company B.
Which of the following would be the BEST solution to conduct penetration testing against mail.companyA.com?

  • A. The penetration tester should conduct penetration testing against mail.companyA.com because the domain name is in scope.
  • B. The penetration tester should only use passive open source intelligence gathering methods leveraging publicly available information to analyze mail.companyA.com.
  • C. The penetration tester should ignore mail.companyA.com testing and complete only the network range 20.10.10.0/24.
  • D. The penetration tester should ask Company A for a signed statement giving permission to conduct a test against mail.companyA.com.

正解:B


質問 # 186
Which of the following tools can be used to perform a basic remote vulnerability scan of a website's configuration?

  • A. Mimikatz
  • B. Patator
  • C. Nikto
  • D. BeEF

正解:C


質問 # 187
A penetration tester is testing a banking application and uncovers a vulnerability. The tester is logged in as a non-privileged user who should have no access to any data. Given the data below from the web interception proxy Request POST /Bank/Tax/RTSdocuments/ HTTP 1.1 Host: test.com Accept: text/html; application/xhtml+xml Referrer: https://www.test.com/Bank/Tax/RTSdocuments/ Cookie: PHPSESSIONID: ; Content-Type: application/form-data; Response
403 Forbidden
<tr>
<td> Error:</td></tr>
<tr><td> Insufficient Privileges to view the data. </td></tr>
Displaying 1-10 of 105 records
Which of the following types of vulnerabilities is being exploited?

  • A. File upload vulnerability
  • B. Parameter pollution vulnerability
  • C. Forced browsing vulnerability
  • D. Cookie enumeration

正解:C


質問 # 188
A penetration tester has SSH access to a Linux server that is exposed to the internet and has access to a corporate internal network. This server, with IP address 200.111.111.9, only has port TCP 22 externally opened. The penetration tester also discovered the internal IP address 192.168.1.5 from a Windows server. Which of the following steps should the penetration tester follow to open an RDP connection to this Windows server and to try to log on?

  • A. Connect to the Linux server using # ssh -L 3389:192.168.1.5:3389 200 .111.111.9; RDP to localhost address, port 3389.
  • B. Connect to the Windows server using # ssh -L 3389:200.111.111.9:22 192.168.1.5.
  • C. Connect to the Windows server using # ssh -L 22:200.111.111.9:3389 192.168.1.5.
  • D. Connect to the Linux server using # ssh 200.111.111.9, establish an RDP connection to the 192.168.1.5 address.

正解:D


質問 # 189
A consultant wants to scan all the TCP ports on an identified device. Which of the following Nmap switches will complete this task?

  • A. -p 1-65534
  • B. -p-
  • C. -port 1-65534
  • D. -p ALL

正解:A

解説:
Explanation/Reference: https://securitytrails.com/blog/top-15-nmap-commands-to-scan-remote-hosts


質問 # 190
A penetration tester is connected to a client's local network and wants to passively identify cleartext protocols and potentially sensitive data being communicated across the network.
Which of the following is the BEST approach to take?

  • A. Run a stress test.
  • B. Run a port scan.
  • C. Run an MITM attack.
  • D. Run a network vulnerability scan.

正解:C


質問 # 191
Which of the following CPU registers does the penetration tester need to overwrite in order to exploit a simple buffer overflow?

  • A. Destination index register
  • B. Index pointer register
  • C. Stack pointer register
  • D. Stack base pointer

正解:C

解説:
Explanation/Reference: http://www.informit.com/articles/article.aspx?p=704311&seqNum=3


質問 # 192
An organization has requested that a penetration test be performed to determine if it is possible for an attacker to gain a foothold on the organization's server segment During the assessment, the penetration tester identifies tools that appear to have been left behind by a prior attack Which of the following actions should the penetration tester take?

  • A. Discontinue further testing and report the situation to management
  • B. Document the presence of the left-behind tools in the report and proceed with the test
  • C. Remove the tools from the affected systems before continuing on with the test
  • D. Attempt to use the remnant tools to achieve persistence

正解:B


質問 # 193
A security analyst has uncovered a suspicious request in the logs for a web application. Given the following URL:
http:www.company-site.com/about.php?i=_V_V_V_V_VetcVpasswd
Which of the following attack types is MOST likely to be the vulnerability?

  • A. User enumeration
  • B. Remote file inclusion
  • C. Directory traversal
  • D. Cross-site scripting

正解:D


質問 # 194
A client's systems administrator requests a copy of the report from the penetration tester, but the systems administrator is not listed as a point of contact or signatory.
Which of the following is the penetration tester's BEST course of action?

  • A. Send the report and carbon copy the point of contact/signatory for visibility.
  • B. Send the report since the systems administrator will be in charge of implementing the fixes.
  • C. Forward the request to the point of contact/signatory for authorization.
  • D. Reply and explain to the systems administrator that proper authorization is needed to provide the report.

正解:D


質問 # 195
Given the following:
http://example.com/download.php?id-.../.../.../etc/passwd
Which of the following BEST describes the above attack?

  • A. Directory traversal attack
  • B. Redirect attack
  • C. Insecure direct object reference attack
  • D. Malicious file upload attack

正解:A


質問 # 196
The following command is run on a Linux file system:
Chmod 4111 /usr/bin/sudo
Which of the following issues may be exploited now?

  • A. Kernel vulnerabilities
  • B. Unquoted service path
  • C. Sticky bits
  • D. Misconfigured sudo

正解:C


質問 # 197
A penetration tester delivers a web application vulnerability scan report to a client. The penetration tester rates a vulnerability as medium severity. The same vulnerability was reported as a critical severity finding on the previous report. Which of the following is the MOST likely reason for the reduced severity?

  • A. The client has applied a hot fix without updating the version.
  • B. The threat landscape has significantly changed.
  • C. Thera are currently no known exploits for this vulnerability.
  • D. The client has updated their codebase with new features.

正解:A


質問 # 198
......

PT0-001問題集はあなたの合格を必ず保証します:https://jp.fast2test.com/PT0-001-premium-file.html


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어