Comptia (PT0-001) Exam Questions And Answers page 3
After gaining initial low-privilege access to a Linux system, a penetration tester identifies an interesting binary in a user's home folder titled changepass.
-sr-xr-x 1 root root 6443 Oct 18 2017 /home/user/changepass
Using strings" to print ASCII printable characters from changepass, the tester notes the following:
$ strings changepass
exit
setuid
strcmp
GLIBC_2.0
ENV_PATH
%s/changepw
malloc
strlen
Given this information, which of the following is the MOST likely path of exploitation to achieve root privileges on the machine?
-sr-xr-x 1 root root 6443 Oct 18 2017 /home/user/changepass
Using strings" to print ASCII printable characters from changepass, the tester notes the following:
$ strings changepass
exit
setuid
strcmp
GLIBC_2.0
ENV_PATH
%s/changepw
malloc
strlen
Given this information, which of the following is the MOST likely path of exploitation to achieve root privileges on the machine?
Create a copy of changepass in the same directory, naming it changepw. Export the ENV_PATH environmental variable to the path '/home/user/'. Then run changepass.
Export the ENV_PATH environmental variable to the path of a writable directory that contains a token-stealing binary titled changepw. Then run changepass.
Run changepass within the current directory with sudo after exporting the ENV_PATH environmental variable to the path of '/usr/local/bin'.
Attacks and Exploits
Penetration Testing Tools
After performing a security assessment for a firm, the client was found to have been billed for the time the client s test environment was unavailable. The client claims to have been billed unfairly. Which of the following documents would MOST likely be able to provide guidance in such a situation?
SOW
NDA
EULA
BPA
Reporting and Communication
After several attempts, an attacker was able to gain unauthorized access through a biometrics sensor using the attacker s actual fingerprint without exploitation. Which of the following is the MOST likely explanation of what happened?
The biometric device is tuned more toward false positives.
The biometric device is configured more toward true negatives.
The biometric device is set to fail closed.
The biometric device duplicated a valid user s fingerprint.
Attacks and Exploits
A healthcare organization must abide by local regulations to protect and attest to the protection of personal health information of covered individuals. Which of the following conditions should a penetration tester specifically test for when performing an assessment? (Select TWO).
Cleartext exposure of SNMP trap data
Software bugs resident in the IT ticketing system
S/MIME certificate templates defined by the CA
Health information communicated over HTTP
DAR encryption on records servers
Planning and Scoping
Attacks and Exploits
A malicious user wants to perform an MITM attack on a computer. The computer network configuration is given below:
IP: 192.168.1.20
NETMASK: 255.255.255.0
DEFAULT GATEWAY: 192.168.1.254
DHCP: 192.168.1.253
DNS: 192.168.10.10, 192.168.20.10
Which of the following commands should the malicious user execute to perform the MITM attack?
IP: 192.168.1.20
NETMASK: 255.255.255.0
DEFAULT GATEWAY: 192.168.1.254
DHCP: 192.168.1.253
DNS: 192.168.10.10, 192.168.20.10
Which of the following commands should the malicious user execute to perform the MITM attack?
arpspoof -c both -r -t 192.168.1.1 192.168.1.20
arpspoof -t 192.168.1.20 192.168.1.254
arpspoof -c both -t 192.168.1.20 192.168.1.253
arpspoof -r -t 192.168.1.253 192.168.1.20
Attacks and Exploits
Penetration Testing Tools
A MITM attack is being planned. The first step is to get information flowing through a controlled device. Which of the following should be used to accomplish this?
Repeating
War driving
Evil twin
Bluejacking
Replay attack
Information Gathering and Vulnerability Identification
An assessor begins an internal security test of the Windows domain internal.comptia.net. The assessor is given network access via DHCP, but is not given any network maps or target IP addresses. Which of the following commands can the assessor use to find any likely Windows domain controllers?
dig -q any _kerberos._tcp.internal.comptia.net
dig -q any _lanman._tcp.internal.comptia.net
dig -q any _ntlm._tcp.internal.comptia.net
dig -q any _smtp._tcp.internal.comptia.net
Information Gathering and Vulnerability Identification
Attacks and Exploits
An attacker performed a MITM attack against a mobile application. The attacker is attempting to manipulate the application s network traffic via a proxy tool. The attacker only sees limited traffic as cleartext. The application log files indicate secure SSL/TLS connections are failing. Which of the following is MOST likely preventing proxying of all traffic?
Closed ports
Misconfigured routes
Certificate pinning
Strong cipher suites
Attacks and Exploits
An attacker uses SET to make a copy of a company s cloud-hosted web mail portal and sends an email in hopes the Chief Executive Officer (CEO) logs in to obtain the CEO s login credentials. Which of the following types of attacks is this an example of?
Elicitation attack
Impersonation attack
Spear phishing attack
Drive-by download attack
Information Gathering and Vulnerability Identification
Attacks and Exploits
An email sent from the Chief Executive Officer (CEO) to the Chief Financial Officer (CFO) states a wire transfer is needed to pay a new vendor. Neither is aware of the vendor, and the CEO denies ever sending the email. Which of the following types of motivation was used in this attack?
Principle of fear
Principle of authority
Principle of scarcity
Principle of likeness
Principle of social proof
Information Gathering and Vulnerability Identification
Attacks and Exploits
Comments