Exam Logo

Comptia (PT0-001) Exam Questions And Answers page 11

A penetration tester used an ASP.NET web shell to gain access to a web application, which allowed the tester to pivot in the corporate network. Which of the following is the MOST important follow-up activity to complete after the tester delivers the report?
Attacks and Exploits Penetration Testing Tools
A penetration tester wants to check manually if a ghost vulnerability exists in a system. Which of the following methods is the correct way to validate the vulnerability?
Attacks and Exploits Penetration Testing Tools
A penetration tester wants to check manually if a ghost vulnerability exists in a system. Which of the following methods is the correct way to validate the vulnerability?
Attacks and Exploits Penetration Testing Tools
A penetration tester wants to launch a graphic console window from a remotely compromised host with IP 10.0.0.20 and display the terminal on the local computer with IP 192.168.1.10. Which of the following would accomplish this task?
Attacks and Exploits Penetration Testing Tools
A penetration tester wants to script out a way to discover all the RPTR records for a range of IP addresses. Which of the following is the MOST efficient to utilize?
Attacks and Exploits Penetration Testing Tools
A penetration tester wants to target NETBIOS name service. Which of the following is the MOST likely command to exploit the NETBIOS name service?
Attacks and Exploits Penetration Testing Tools
A penetration tester was able to enter an SQL injection command into a text box and gain access to the information store on the database. Which of the following is the BEST recommendation that would mitigate the vulnerability?
Attacks and Exploits Penetration Testing Tools
A penetration tester was able to retrieve the initial VPN user domain credentials by phishing a member of the IT department. Afterward, the penetration tester obtained hashes over the VPN and easily cracked them using a dictionary attack. Which of the following remediation steps should be recommended? (Select THREE).
Information Gathering and Vulnerability Identification Attacks and Exploits
A penetration tester, who is not on the client s network. is using Nmap to scan the network for hosts that are in scope. The penetration tester is not receiving any response on the command:

nmap 100.100/1/0-125

Which of the following commands would be BEST to return results?
Planning and Scoping Penetration Testing Tools
A penetration testing company is performing a penetration test against Company A. Company A has provided the IP address range 10.0.0.0/24 as its in-scope network range. During the information gathering phase, the penetration tester is asked to conduct active information-gathering techniques. Which of the following is the BEST tool to use for active information gathering?
Information Gathering and Vulnerability Identification Penetration Testing Tools