Comptia (PT0-001) Exam Questions And Answers page 19
Which of the following commands would allow a penetration tester to access a private network from the Internet in Metasploit?
run autoroute -s 192.168.1.0/24
db_nmap -iL /tmp/privatehosts.txt
use auxiliary/server/socks4a
Attacks and Exploits
Penetration Testing Tools
Which of the following CPU registers does the penetration tester need to overwrite in order to exploit a simple buffer overflow?
Stack pointer register
Index pointer register
Stack base pointer
Destination index register
Attacks and Exploits
Penetration Testing Tools
Which of the following has a direct and significant impact on the budget of the security assessment?
Scoping
Scheduling
Compliance requirement
Target risk
Planning and Scoping
Reporting and Communication
Who should be notified when penetration testing begins?
Single Choice
Which of the following is an important stakeholder to notify when penetration testing has begun?
System owner
Remediation manager
Compliance assessor
Patching team
Planning and Scoping
Reporting and Communication
Which of the following is the BEST way to deploy vulnerability scanners with many networks segmented by firewalls with active IPS rules?
Deploy a single scanner inside each network segment.
Deploy many scanners inside one segment and allow any rules.
Deploy one internal scanner and one external scanner.
Deploy one internal scanner with heavy server resources.
Information Gathering and Vulnerability Identification
Attacks and Exploits
Which of the following is the MOST comprehensive type of penetration test on a network?
Black box
White box
Gray box
Red team
Architecture review
Attacks and Exploits
Penetration Testing Tools
Which of the following should a penetration tester verify prior to testing the login and permissions management for a web application that is protected by a CDN-based WAF?
If an NDA is signed with the CDN company
If the SSL certificates for the web application are valid
If a list of the applicable WAF rules was obtained
If the IP addresses for the penetration tester are whitelisted on the WAF
Attacks and Exploits
Penetration Testing Tools
Which of the following situations would cause a penetration tester to communicate with a system owner/client during the course of a test? (Select TWO.)
The tester discovers personally identifiable data on the system.
The system shows evidence of prior unauthorized compromise.
The system shows a lack of hardening throughout.
The system becomes unavailable following an attempted exploit.
The tester discovers a finding on an out-of-scope system.
Attacks and Exploits
Reporting and Communication
Which of the following types of intrusion techniques is the use of an under-the-door tool during a physical security assessment an example of?
Lockpicking
Egress sensor triggering
Lock bumping
Lock bypass
Attacks and Exploits
Which of the following vulnerabilities are MOST likely to be false positives when reported by an automated scanner on a static HTML web page? (Choose two.)
Missing secure flag for a sensitive cookie
Reflected cross-site scripting
Enabled directory listing
Insecure HTTP methods allowed
Unencrypted transfer of sensitive data
Command injection
Disclosure of internal system information
Support of weak cipher suites
Information Gathering and Vulnerability Identification
Attacks and Exploits
Comments