Exam Logo

Comptia (PT0-001) Exam Questions And Answers page 15

Consumer-based IoT devices are often less secure than systems built for traditional desktop computers. Which of the following BEST describes the reasoning for this?
Information Gathering and Vulnerability Identification
During a full-scope security assessment, which of the following is a prerequisite to social engineer a target by physically engaging them?
Planning and Scoping Information Gathering and Vulnerability Identification
During an internal network penetration test, a tester recovers the NTLM password hash for a user known to have full administrator privileges on a number of target systems. Efforts to crack the hash and recover the plaintext password have been unsuccessful.

Which of the following would be the BEST target for continued exploitation efforts?
Information Gathering and Vulnerability Identification Attacks and Exploits
During an internal penetration test, several multicast and broadcast name resolution requests are observed traversing the network. Which of the following tools could be used to impersonate network resources and collect authentication requests?
Attacks and Exploits Penetration Testing Tools
During a penetration test, a host is discovered that appears to have been previously compromised and has an active outbound connection. After verifying the network activity is malicious, which of the following should the tester do?
Attacks and Exploits Penetration Testing Tools
During a penetration test, a tester identifies traditional antivirus running on the exploited server. Which of the following techniques would BEST ensure persistence in a post-exploitation phase?
Attacks and Exploits Penetration Testing Tools
During a penetration test, a tester runs a phishing campaign and receives a shell from an internal PC running Windows 10 OS. The tester wants to perform credential harvesting with Mimikatz.

Which of the following registry changes would allow for credential caching in memory?
Attacks and Exploits Penetration Testing Tools
During a physical security review, a detailed penetration testing report was obtained, which was issued to a security analyst and then discarded in the trash. The report contains validated critical risk exposures. Which of the following processes would BEST protect this information from being disclosed in the future?
Penetration Testing Tools Reporting and Communication
During a vulnerability assessment, the security consultant finds an XP legacy system that is running a critical business function. Which of the following mitigations is BEST for the consultant to conduct?
Planning and Scoping Information Gathering and Vulnerability Identification
During testing, a critical vulnerability is discovered on a client's core server. Which of the following should be the NEXT action?
Information Gathering and Vulnerability Identification Attacks and Exploits