Comptia (PT0-001) Exam Questions And Answers page 12
A penetration testing company was hired to conduct a penetration test against Company A's network of 20.10.10.0/24 and mail.companyA.com. While the penetration testing company was in the information gathering phase, it was discovered that the mail.companyA.com IP address resolved to 20.15.1.2 and belonged to Company B. Which of the following would be the BEST solution to conduct penetration testing against mail.companyA.com?
The penetration tester should ask Company A for a signed statement giving permission to conduct a test against mail.companyA.com.
The penetration tester should ignore mail.companyA.com testing and complete only the network range 20.10.10.0/24.
The penetration tester should only use passive open source intelligence gathering methods leveraging publicly available information to analyze mail.companyA.com.
Information Gathering and Vulnerability Identification
Attacks and Exploits
A penetration test was performed by an on-staff junior technician. During the test, the technician discovered the web application could disclose an SQL table with user account and password information. Which of the following is the MOST effective way to notify management of this finding and its importance?
Document the findings with an executive summary, recommendations, and screenshots of the web application disclosure.
Connect to the SQL server using this information and change the password to one or two non-critical accounts to demonstrate a proof--of-concept to management.
Notify the development team of the discovery and suggest that input validation be implemented with a professional penetration testing company.
Request that management create an RFP to begin a formal engagement with a professional penetration testing company.
Information Gathering and Vulnerability Identification
Penetration Testing Tools
A recently concluded penetration test revealed that a legacy web application is vulnerable to SQL injection. Research indicates that completely remediating the vulnerability would require an architectural change, and the stakeholders are not in a position to risk the availability on the application. Under such circumstances, which of the following controls are low-effort, short-term solutions to minimize the SQL injection risk? (Choose two.)
Identity and eliminate inline SQL statements from the code.
Identify and eliminate dynamic SQL from stored procedures.
Identify and sanitize all user inputs.
Use a whitelist approach for SQL statements.
Use a blacklist approach for SQL statements.
Identify the source of malicious input and block the IP address.
Attacks and Exploits
Penetration Testing Tools
A recent vulnerability scan of all web servers in an environment offers the following results:
Taking a risk-based approach, which of the following is the BEST order to approach remediation based on exposure?
Taking a risk-based approach, which of the following is the BEST order to approach remediation based on exposure?
Unrestricted file upload, clickjacking, verbose server banner, SQL injection
Unrestricted file upload, SQL injection, clickjacking, verbose server banner
Clickjacking, unrestricted file upload, verbose server banner, SQL injection
SQL injection, unrestricted file upload, clickjacking, verbose server banner
SQL injection, clickjacking, unrestricted file upload, verbose server banner
Planning and Scoping
Information Gathering and Vulnerability Identification
A security analyst has uncovered a suspicious request in the logs for a web application. Given the following URL:
http:www.company-site.com/about.php?i=_V_V_V_V_VetcVpasswd
Which of the following attack types is MOST likely to be the vulnerability?
http:www.company-site.com/about.php?i=_V_V_V_V_VetcVpasswd
Which of the following attack types is MOST likely to be the vulnerability?
Directory traversal
Cross-site scripting
Remote file inclusion
User enumeration
Information Gathering and Vulnerability Identification
Attacks and Exploits
A security analyst was provided with a detailed penetration report, which was performed against the organization's DMZ environment. It was noted on the report that a finding has a CVSS base score of 10.0. Which of the following levels of difficulty would be required to exploit this vulnerability?
Very difficult; perimeter systems are usually behind a firewall.
Somewhat difficult; would require significant processing power to exploit.
Trivial; little effort is required to exploit this finding.
Impossible; external hosts are hardened to protect against attacks.
Attacks and Exploits
Penetration Testing Tools
A security assessor completed a comprehensive penetration test of a company and its networks and systems. During the assessment, the tester identified a vulnerability in the crypto library used for TLS on the company's intranet-wide payroll web application. However, the vulnerability has not yet been patched by the vendor, although a patch is expected within days. Which of the following strategies would BEST mitigate the risk of impact?
Modify the web server crypto configuration to use a stronger cipher-suite for encryption, hashing, and digital signing.
Implement new training to be aware of the risks in accessing the application. This training can be decommissioned after the vulnerability is patched.
Implement an ACL to restrict access to the application exclusively to the finance department. Reopen the application to company staff after the vulnerability is patched.
Require payroll users to change the passwords used to authenticate to the application. Following the patching of the vulnerability, implement another required password change.
Attacks and Exploits
Penetration Testing Tools
A security assessor is attempting to craft specialized XML files to test the security of the parsing functions during ingest into a Windows application. Before beginning to test the application, which of the following should the assessor request from the organization?
Sample SOAP messages
The REST API documentation
A protocol fuzzing utility
An applicable XSD file
Information Gathering and Vulnerability Identification
Attacks and Exploits
A security consultant is trying to attack a device with a previously identified user account.
Which of the following types of attacks is being executed?
Which of the following types of attacks is being executed?
Credential dump attack
DLL injection attack
Reverse shell attack
Pass the hash attack
Attacks and Exploits
A security guard observes an individual entering the building after scanning a badge. The facility has a strict badge-in and badge-out requirement with a turnstile. The security guard then audits the badge system and finds two log entries for the badge in question within the last 30 minutes. Which of the following has MOST likely occurred?
The badge was cloned.
The physical access control server is malfunctioning.
The system reached the crossover error rate.
The employee lost the badge.
Planning and Scoping
Information Gathering and Vulnerability Identification
Comments