[Q79-Q101] PT0-003認証試験の問題集解答を提供しています [2024年11月]

Share

PT0-003認証試験の問題集解答を提供しています [2024年11月]

更新されたPT0-003試験練習テスト問題

質問 # 79
A penetration tester conducted an assessment on a web server. The logs from this session show the following:
http://www.thecompanydomain.com/servicestatus.php?serviceID=892&serviceID=892 ' ; DROP TABLE SERVICES; -- Which of the following attacks is being attempted?

  • A. Session hijacking
  • B. Cross-site scripting
  • C. Clickjacking
  • D. Parameter pollution
  • E. Cookie hijacking

正解:D


質問 # 80
A penetration tester utilized Nmap to scan host 64.13.134.52 and received the following results:

Based on the output, which of the following services are MOST likely to be exploited? (Choose two.)

  • A. HTTP
  • B. DNS
  • C. Telnet
  • D. SMTP
  • E. SNMP
  • F. NTP

正解:A、B


質問 # 81
A penetration tester exploited a unique flaw on a recent penetration test of a bank. After the test was completed, the tester posted information about the exploit online along with the IP addresses of the exploited machines. Which of the following documents could hold the penetration tester accountable for this action?

  • A. NDA
  • B. ROE
  • C. SLA
  • D. MSA

正解:A


質問 # 82
During an engagement, a penetration tester wants to enumerate users from Linux systems by using finger and rwho commands. However, the tester realizes these commands alone will not achieve the desired result. Which of the following is the best tool to use for this task?

  • A. theHarvester
  • B. smbclient
  • C. Nikto
  • D. Burp Suite

正解:B

解説:
The smbclient tool is used to access SMB/CIFS resources on a network. It allows penetration testers to connect to shared resources and enumerate users on a network, particularly in Windows environments. While finger and rwho are more common on Unix/Linux systems, smbclient provides better functionality for enumerating users across a network.
Step-by-Step Explanation
Understanding smbclient:
Purpose: smbclient is used to access and manage files and directories on SMB/CIFS servers.
Capabilities: It allows for browsing shared resources, listing directories, downloading and uploading files, and enumerating users.
User Enumeration:
Command: Use smbclient with the -L option to list available shares and users.
smbclient -L //target_ip -U username
Example: Enumerating users on a target system.
smbclient -L //192.168.50.2 -U anonymous
Advantages:
Comprehensive: Provides detailed information about shared resources and users.
Cross-Platform: Can be used on both Linux and Windows systems.
Reference from Pentesting Literature:
SMB enumeration is a common practice discussed in penetration testing guides for identifying shared resources and users in a network environment.
HTB write-ups frequently mention the use of smbclient for enumerating network shares and users.
Reference:
Penetration Testing - A Hands-on Introduction to Hacking
HTB Official Writeups


質問 # 83
Which of the following tools would be MOST useful in collecting vendor and other security-relevant information for IoT devices to support passive reconnaissance?

  • A. WebScarab-NG
  • B. Nessus
  • C. Nmap
  • D. Shodan

正解:C


質問 # 84
Which of the following is the MOST common vulnerability associated with IoT devices that are directly connected to the Internet?

  • A. Susceptibility to DDoS attacks
  • B. Unsupported operating systems
  • C. Inability to network
  • D. The existence of default passwords

正解:B


質問 # 85
Which of the following provides an exploitation suite with payload modules that cover the broadest range of target system types?

  • A. Metasploit
  • B. Ethercap
  • C. Nessus
  • D. Burp Suite

正解:A


質問 # 86
A penetration tester is cleaning up and covering tracks at the conclusion of a penetration test. Which of the following should the tester be sure to remove from the system? (Choose two.)

  • A. Created user accounts
  • B. Server logs
  • C. Reboot system
  • D. Spawned shells
  • E. Administrator accounts
  • F. ARP cache

正解:A、D

解説:
Removing shells: Remove any shell programs installed when performing
the pentest.
Removing tester-created credentials: Be sure to remove any user accounts created during the pentest. This includes backdoor accounts.
Removing tools: Remove any software tools that were installed on the
customer's systems that were used to aid in the exploitation of systems.


質問 # 87
A software company has hired a security consultant to assess the security of the company's software development practices. The consultant opts to begin reconnaissance by performing fuzzing on a software binary. Which of the following vulnerabilities is the security consultant MOST likely to identify?

  • A. Non-optimized resource management
  • B. Buffer overflows
  • C. Credentials stored in strings
  • D. Weak authentication schemes

正解:B

解説:
fuzzing introduces unexpected inputs into a system and watches to see if the system has any negative reactions to the inputs that indicate security, performance, or quality gaps or issues


質問 # 88
Which of the following would a company's hunt team be MOST interested in seeing in a final report?

  • A. Methodology
  • B. Scope details
  • C. Attack TTPs
  • D. Executive summary

正解:C


質問 # 89
Which of the following is the most common vulnerability associated with loT devices that are directly connected to the internet?

  • A. Susceptibility to DDoS attacks
  • B. Inability to network
  • C. The existence of default passwords
  • D. Unsupported operating systems

正解:C

解説:
IoT devices are often shipped with default passwords, which are easily discoverable and widely known.
Many users fail to change these default credentials, leaving the devices vulnerable to unauthorized access.
This issue is one of the most common vulnerabilities associated with IoT devices connected directly to the internet. Attackers can exploit these default passwords to gain control over the devices, potentially leading to a range of malicious activities, including the recruitment of the devices into botnets for Distributed Denial of Service (DDoS) attacks, data breaches, or other cybercriminal activities.


質問 # 90
A penetration tester wants to test a list of common passwords against the SSH daemon on a network device.
Which of the following tools would be BEST to use for this purpose?

  • A. Patator
  • B. Mimikatz
  • C. Hashcat
  • D. John the Ripper

正解:A

解説:
https://www.kali.org/tools/patator/


質問 # 91
The delivery of a penetration test within an organization requires defining specific parameters regarding the nature and types of exercises that can be conducted and when they can be conducted. Which of the following BEST identifies this concept?

  • A. Rules of engagement
  • B. Program scope
  • C. Non-disclosure agreement
  • D. Statement of work

正解:A

解説:
Rules of engagement (ROE) is a document that outlines the specific guidelines and limitations of a penetration test engagement. The document is agreed upon by both the penetration testing team and the client and sets expectations for how the test will be conducted, what systems are in scope, what types of attacks are allowed, and any other parameters that need to be defined. ROE helps to ensure that the engagement is conducted safely, ethically, and with minimal disruption to the client's operations.


質問 # 92
A penetration tester is able to use a command injection vulnerability in a web application to get a reverse shell on a system After running a few commands, the tester runs the following:
python -c 'import pty; pty.spawn("/bin/bash")'
Which of the following actions Is the penetration tester performing?

  • A. Building a bind shell
  • B. Privilege escalation
  • C. Writing a script for persistence
  • D. Upgrading the shell

正解:D

解説:
The penetration tester is performing an action called upgrading the shell, which means improving the functionality and interactivity of the shell. By running the python command, the penetration tester is spawning a new bash shell that has features such as tab completion, command history, and job control. This can help the penetration tester to execute commands more easily and efficiently.


質問 # 93
Which of the following is a regulatory compliance standard that focuses on user privacy by implementing the right to be forgotten?

  • A. ISO 27001
  • B. NIST SP 800-53
  • C. GDPR

正解:C

解説:
GDPR is a regulatory compliance standard that focuses on user privacy by implementing the right to be forgotten. GDPR stands for General Data Protection Regulation, and it is a law that applies to the European Union and the United Kingdom. GDPR gives individuals the right to request their personal data be deleted by data controllers and processors under certain circumstances, such as when the data is no longer necessary, when the consent is withdrawn, or when the data was unlawfully processed. GDPR also imposes other obligations and rights related to data protection, such as data minimization, data portability, data breach notification, and consent management. The other options are not regulatory compliance standards that focus on user privacy by implementing the right to be forgotten. NIST SP 800-53 is a set of security and privacy controls for federal information systems and organizations in the United States. ISO 27001 is an international standard that specifies the requirements for an information security management system.


質問 # 94
A penetration tester has established an on-path attack position and must now specially craft a DNS query response to be sent back to a target host. Which of the following utilities would BEST support this objective?

  • A. tcpdump
  • B. Socat
  • C. dig
  • D. Scapy

正解:D

解説:
https://thepacketgeek.com/scapy/building-network-tools/part-09/


質問 # 95
A penetration tester runs the following command on a system:
find / -user root -perm -4000 -print 2>/dev/null
Which of the following is the tester trying to accomplish?

  • A. Find files that were created during exploitation and move them to /dev/null
  • B. Find files with the SUID bit set
  • C. Set the SGID on all files in the / directory
  • D. Find the /root directory on the system

正解:B

解説:
the 2>/dev/null is output redirection, it simply sends all the error messages to infinity and beyond preventing any error messages to appear in the terminal session.
The tester is trying to find files with the SUID bit set on the system. The SUID (set user ID) bit is a special permission that allows a file to be executed with the privileges of the file owner, regardless of who runs it.
This can be used to perform privileged operations or access restricted resources. A penetration tester can use the find command with the -user and -perm options to search for files owned by a specific user (such as root) and having a specific permission (such as 4000, which indicates the SUID bit is set).


質問 # 96
Which of the following assessment methods is the most likely to cause harm to an ICS environment?

  • A. Active scanning
  • B. Packet analysis
  • C. Ping sweep
  • D. Protocol reversing

正解:A

解説:
Active scanning is the process of sending probes or packets to a target system or network and analyzing the responses to gather information or identify vulnerabilities. Active scanning can be intrusive and disruptive, especially in an ICS environment, where availability and reliability are critical. Active scanning can cause unintended consequences, such as triggering alarms, shutting down devices, or affecting physical processes.
Therefore, active scanning is the most likely to cause harm to an ICS environment among the given options.
References:
*The Official CompTIA PenTest+ Study Guide (Exam PT0-002), Chapter 2: Conducting Passive Reconnaissance, page 72-73.
*The Official CompTIA PenTest+ Student Guide (Exam PT0-002) eBook1, Chapter 2: Conducting Passive Reconnaissance, page 2-20.
*Risk Assessment Standards for ICS Environments2, page 8.


質問 # 97
A penetration tester joins the assessment team in the middle of the assessment. The client has asked the team, both verbally and in the scoping document, not to test the production networks. However, the new tester is not aware of this request and proceeds to perform exploits in the production environment. Which of the following would have MOST effectively prevented this misunderstanding?

  • A. Prohibiting testers from joining the team during the assessment
  • B. Never assessing the production networks
  • C. Prohibiting exploitation in the production environment
  • D. Requiring all testers to review the scoping document carefully

正解:D

解説:
The scoping document is a document that defines the objectives, scope, limitations, deliverables, and expectations of a penetration testing engagement. It is an essential document that guides the penetration testing process and ensures that both the tester and the client agree on the terms and conditions of the test.
Requiring all testers to review the scoping document carefully would have most effectively prevented this misunderstanding, as it would have informed the new tester about the client's request not to test the production networks. The other options are not effective or realistic ways to prevent this misunderstanding.


質問 # 98
A penetration tester has obtained shell access to a Windows host and wants to run a specially crafted binary for later execution using the wmic.exe process call create function. Which of the following OS or filesystem mechanisms is MOST likely to support this objective?

  • A. PowerShell modules
  • B. PsExec
  • C. MP4 steganography
  • D. Alternate data streams

正解:D

解説:
Alternate data streams (ADS) are a feature of the NTFS file system that allows storing additional data in a file without affecting its size, name, or functionality. ADS can be used to hide or embed data or executable code in a file, such as a specially crafted binary for later execution. ADS can be created or accessed using various tools or commands, such as the command prompt, PowerShell, or Sysinternals12. For example, the following command can create an ADS named secret.exe in a file named test.txt and run it using wmic.exe process call create function: type secret.exe > test.txt:secret.exe & wmic process call create "cmd.exe /c test.txt:secret.exe"


質問 # 99
A penetration tester is getting ready to conduct a vulnerability scan as part of the testing process. The tester will evaluate an environment that consists of a container orchestration cluster. Which of the following tools should the tester use to evaluate the cluster?

  • A. Trivy
  • B. Kube-hunter
  • C. Grype
  • D. Nessus

正解:B

解説:
Evaluating a container orchestration cluster, such as Kubernetes, requires specialized tools designed to assess the security and configuration of container environments. Here's an analysis of each tool and why Kube-hunter is the best choice:
Trivy (Option A):
Explanation:
Capabilities: While effective at scanning container images for vulnerabilities, it is not specifically designed to assess the security of a container orchestration cluster itself.
Nessus (Option B):
Capabilities: It is not tailored for container orchestration environments and may miss specific issues related to Kubernetes or other orchestration systems.
Grype (Option C):
Capabilities: Similar to Trivy, it focuses on identifying vulnerabilities in container images rather than assessing the overall security posture of a container orchestration cluster.
Kube-hunter (answer: D):
Capabilities: It scans the Kubernetes cluster for a wide range of security issues, including misconfigurations and vulnerabilities specific to Kubernetes environments.
Reference:
Conclusion: Kube-hunter is the most appropriate tool for evaluating a container orchestration cluster, such as Kubernetes, due to its specialized focus on identifying security vulnerabilities and misconfigurations specific to such environments.


質問 # 100
Which of the following should a penetration tester consider FIRST when engaging in a penetration test in a cloud environment?

  • A. The geographical location where the cloud services are running
  • B. Whether the cloud service provider allows the penetration tester to test the environment
  • C. Whether the specific cloud services are being used by the application
  • D. Whether the country where the cloud service is based has any impeding laws

正解:B

解説:
The first thing that a penetration tester should consider when engaging in a penetration test in a cloud environment is whether the cloud service provider allows the tester to test the environment, as this will determine whether the tester has permission or authorization to perform the test. Some cloud service providers have policies or terms of service that prohibit or restrict penetration testing on their platforms or require prior approval or notification before testing. The tester should review these policies and obtain written consent from the provider before conducting any testing activities.


質問 # 101
......

検証済みのPT0-003問題集と解答を使って100%一発合格保証で更新された問題集:https://drive.google.com/open?id=1yuzMmBll1jwi2WThnNojZb4YKpyHUh1f

合格させるCompTIA PenTest+ PT0-003試験には132問があります:https://jp.fast2test.com/PT0-003-premium-file.html


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어