Comptia (PT0-001) Exam Questions And Answers page 16
During the exploitation phase of a penetration test, a vulnerability is discovered that allows command execution on a Linux web server. A cursory review confirms the system access is only in a low-privilege user context: www-data. After reviewing, the following output from /etc/sudoers:
Which of the following users should be targeted for privilege escalation?
Which of the following users should be targeted for privilege escalation?
All users on the machine can execute privileged commands useful for privilege escalation.
Bfranks, emann, members of the Linux admin group, OPERATORS, and ADMINS can execute commands useful for privilege escalation.
Jedwards, operator, bfranks, emann, OPERATOR, and ADMINS can execute commands useful for privilege escalation.
Attacks and Exploits
Penetration Testing Tools
During the information gathering phase of a network penetration test for the corp.local domain, which of the following commands would provide a list of domain controllers?
nslookup type=srv _ldap._tcp.dc._msdcs.corp.local
nmap sV p 389 - -script=ldap-rootdse corp.local
net group Domain Controllers /domain
gpresult /d corp.local /r Domain Controllers
Information Gathering and Vulnerability Identification
Attacks and Exploits
Given the following:
http://example.com/download.php?id-.../.../.../etc/passwd
Which of the following BEST describes the above attack?
http://example.com/download.php?id-.../.../.../etc/passwd
Which of the following BEST describes the above attack?
Malicious file upload attack
Redirect attack
Directory traversal attack
Insecure direct object reference attack
Information Gathering and Vulnerability Identification
Attacks and Exploits
What will be the result of the given Python code?
Single Choice
Given the following Python code:
a = 'abcdefghijklmnop'
a[::2]
Which of the following will result?
a = 'abcdefghijklmnop'
a[::2]
Which of the following will result?
adgjmp
pnlhfdb
acegikmo
ab
Attacks and Exploits
Penetration Testing Tools
Where will the output of the given Python script go?
Single Choice
Given the following Python script:
Which of the following is where the output will go?
Which of the following is where the output will go?
To the screen
To a network server
To a file
To /dev/null
Attacks and Exploits
Penetration Testing Tools
Where will the output of the given Python script go?
Single Choice
Given the following Python script:
Which of the following is where the output will go?
Which of the following is where the output will go?
To a file
To a network server
To the screen
To /dev/null
Information Gathering and Vulnerability Identification
Attacks and Exploits
What is the purpose of the given script?
Single Choice
Given the following script:
Which of the following BEST describes the purpose of this script?
Which of the following BEST describes the purpose of this script?
Log collection
Event collection
Keystroke monitoring
Debug message collection
Planning and Scoping
Information Gathering and Vulnerability Identification
If a security consultant comes across a password hash that resembles the following:
b117525b345470c29ca3d8ae0b556ba8
Which of the following formats is the correct hash type?
b117525b345470c29ca3d8ae0b556ba8
Which of the following formats is the correct hash type?
SHA-1
Kerberos
NetNTLMv1
NTLM
Attacks and Exploits
Penetration Testing Tools
In a physical penetration tester testing scenario. the penetration tester obtains physical access to a laptop. The laptop is logged in but locked. Which of the following is a potential NEXT step to extract credentials from the device?
Brute force the user s password.
Perform an ARP spoofing attack.
Leverage the BeEF framework to capture credentials.
Conduct LLMNR/NETBIOS-ns poisoning.
Attacks and Exploits
Penetration Testing Tools
In which of the following components is an exploited vulnerability MOST likely to affect multiple running application containers at once?
Common libraries
Configuration files
Sandbox escape
ASLR bypass
Attacks and Exploits
Comments