Exam Logo

Comptia (PT0-001) Exam Questions And Answers page 12

A penetration testing company was hired to conduct a penetration test against Company A's network of 20.10.10.0/24 and mail.companyA.com. While the penetration testing company was in the information gathering phase, it was discovered that the mail.companyA.com IP address resolved to 20.15.1.2 and belonged to Company B. Which of the following would be the BEST solution to conduct penetration testing against mail.companyA.com?
Information Gathering and Vulnerability Identification Attacks and Exploits
A penetration test was performed by an on-staff junior technician. During the test, the technician discovered the web application could disclose an SQL table with user account and password information. Which of the following is the MOST effective way to notify management of this finding and its importance?
Information Gathering and Vulnerability Identification Penetration Testing Tools
A recently concluded penetration test revealed that a legacy web application is vulnerable to SQL injection. Research indicates that completely remediating the vulnerability would require an architectural change, and the stakeholders are not in a position to risk the availability on the application. Under such circumstances, which of the following controls are low-effort, short-term solutions to minimize the SQL injection risk? (Choose two.)
Attacks and Exploits Penetration Testing Tools
A recent vulnerability scan of all web servers in an environment offers the following results:


Taking a risk-based approach, which of the following is the BEST order to approach remediation based on exposure?
Planning and Scoping Information Gathering and Vulnerability Identification
A security analyst has uncovered a suspicious request in the logs for a web application. Given the following URL:

http:www.company-site.com/about.php?i=_V_V_V_V_VetcVpasswd

Which of the following attack types is MOST likely to be the vulnerability?
Information Gathering and Vulnerability Identification Attacks and Exploits
A security analyst was provided with a detailed penetration report, which was performed against the organization's DMZ environment. It was noted on the report that a finding has a CVSS base score of 10.0. Which of the following levels of difficulty would be required to exploit this vulnerability?
Attacks and Exploits Penetration Testing Tools
A security assessor completed a comprehensive penetration test of a company and its networks and systems. During the assessment, the tester identified a vulnerability in the crypto library used for TLS on the company's intranet-wide payroll web application. However, the vulnerability has not yet been patched by the vendor, although a patch is expected within days. Which of the following strategies would BEST mitigate the risk of impact?
Attacks and Exploits Penetration Testing Tools
A security assessor is attempting to craft specialized XML files to test the security of the parsing functions during ingest into a Windows application. Before beginning to test the application, which of the following should the assessor request from the organization?
Information Gathering and Vulnerability Identification Attacks and Exploits
A security consultant is trying to attack a device with a previously identified user account.


Which of the following types of attacks is being executed?
Attacks and Exploits
A security guard observes an individual entering the building after scanning a badge. The facility has a strict badge-in and badge-out requirement with a turnstile. The security guard then audits the badge system and finds two log entries for the badge in question within the last 30 minutes. Which of the following has MOST likely occurred?
Planning and Scoping Information Gathering and Vulnerability Identification