Comptia (PT0-001) Exam Questions And Answers page 18
When negotiating a penetration testing contract with a prospective client, which of the following disclaimers should be included in order to mitigate liability in case of a future breach of the client s systems?
The NDA protects the consulting firm from future liabilities in the event of a breach.
The assessment reviewed the cyber key terrain and most critical assets of the client s network.
The penetration test is based on the state of the system and its configuration at the time of assessment.
Attacks and Exploits
Reporting and Communication
When performing compliance-based assessments, which of the following is the MOST important key consideration?
Additional rate
Company policy
Impact tolerance
Industry type
Planning and Scoping
Reporting and Communication
What actions align with a script kiddie threat actor?
Single Choice
Which of the following actions BEST matches a script kiddie s threat actor?
Exfiltrate network diagrams to perform lateral movement.
Steal credit cards from the database and sell them in the deep web.
Install a rootkit to maintain access to the corporate network.
Deface the website of a company in search of retribution.
Attacks and Exploits
Which of the following are MOST important when planning for an engagement? (Select TWO).
Goals/objectives
Architectural diagrams
Tolerance to impact
Storage time for a report
Company policies
Planning and Scoping
Information Gathering and Vulnerability Identification
Why is an MSA helpful?
Single Choice
Which of the following BEST describes why an MSA is helpful?
It contractually binds both parties to not disclose vulnerabilities.
It reduces potential for scope creep.
It clarifies the business arrangement by agreeing to specific terms.
It defines the timelines for the penetration test.
Planning and Scoping
Which of the following BEST explains why it is important to maintain confidentially of any identified findings when performing a penetration test?
Penetration test findings often contain company intellectual property
Penetration test findings could lead to consumer dissatisfaction if made public.
Penetration test findings are legal documents containing privileged information.
Penetration test findings can assist an attacker in compromising a system.
Attacks and Exploits
Penetration Testing Tools
Which of the following BEST protects against a rainbow table attack?
Increased password complexity
Symmetric encryption
Cryptographic salting
Hardened OS configurations
Information Gathering and Vulnerability Identification
Which of the following can be used to perform online password attacks against RDP?
Hashcat
John the Ripper
Aircrack-ng
Ncrack
Information Gathering and Vulnerability Identification
Attacks and Exploits
What command is used to start the Metasploit database?
Single Choice
Which of the following commands starts the Metasploit database?
msfconsole
workspace
msfvenom
db_init
db_connect
Attacks and Exploits
Penetration Testing Tools
Which of the following commands will allow a tester to enumerate potential unquoted service paths on a host?
wmic environment get name, variablevalue, username | findstr /i Path | findstr /i Service
wmic service get /format:hform > c:\temp\services.html
wmic startup get caption, location, command |findstr /i service |findstr /v /i %
wmic service get name, displayname, pathname, startmode |findstr /i auto |findstr /i /v c:\windows\\ |findstr /i /v
Information Gathering and Vulnerability Identification
Attacks and Exploits
Comments