Exam Logo

Comptia (PT0-001) Exam Questions And Answers page 10

A penetration tester observes that the content security policy header is missing during a web application penetration test. Which of the following techniques would the penetration tester MOST likely perform?
Information Gathering and Vulnerability Identification Attacks and Exploits
A penetration tester ran an Nmap scan against a target and received the following output:


Which of the following commands would be best for the penetration tester to execute NEXT to discover any weaknesses or vulnerabilities?
Attacks and Exploits Penetration Testing Tools
A penetration tester ran the following Nmap scan on a computer:

nmap -aV 192.168.1.5

The organization said it had disabled Telnet from its environment. However, the results of the Nmap scan show port 22 as closed and port 23 as open to SSH. Which of the following is the BEST explanation for what happened?
Attacks and Exploits Penetration Testing Tools
A penetration tester reported the following vulnerabilities:


Which of the following is the correct order to rate the vulnerabilities from critical to low considering the MOST immediate impact?
Attacks and Exploits Penetration Testing Tools
A penetration tester reviews the scan results of a web application. Which of the following vulnerabilities is MOST critical and should be prioritized for exploitation?
Attacks and Exploits
A penetration tester runs a script that queries the domain controller for user service principal names. Which of the following techniques is MOST likely being attempted?
Information Gathering and Vulnerability Identification Attacks and Exploits
A penetration tester runs the following from a compromised python -c
import pty;pty.spawn ( /bin/bash ) . Which of the following actions are the tester taking?
Attacks and Exploits Penetration Testing Tools
A penetration tester runs the following on a machine:


Which of the following will be returned?
Attacks and Exploits Penetration Testing Tools
A penetration tester successfully exploits a DMZ server that appears to be listening on an outbound port. The penetration tester wishes to forward that traffic back to a device. Which of the following are the BEST tools to use for this purpose? (Choose two.)
Attacks and Exploits Penetration Testing Tools
A penetration tester successfully exploits a system, receiving a reverse shell. Which of the following is a Meterpreter command that is used to harvest locally stored credentials?
Attacks and Exploits Penetration Testing Tools