Comptia (PT0-001) Exam Questions And Answers page 5
A penetration tester has access to a local machine running Linux, but the account has limited privileges. Which of the following types of files could the tester BEST use for privilege escalation?
Files with permission 4xxx
Files stored in /root directory
Files with the wrong ACL rules configured
Attacks and Exploits
Penetration Testing Tools
A penetration tester has a full shell to a domain controller and wants to discover any user account that has not authenticated to the domain in 21 days. Which of the following commands would BEST accomplish this?
dsrm -users DN=company.com; OU=hq CN=users
dsuser -name -account -limit 3
dsquery user -inactive 3
dsquery -o -rdn -limit 21
Attacks and Exploits
Penetration Testing Tools
A penetration tester has been asked to conduct a penetration test on a REST-based web service. Which of the following items is required?
The latest vulnerability scan results
A list of sample application requests
An up-to-date list of possible exploits
A list of sample test accounts
Attacks and Exploits
Penetration Testing Tools
A penetration tester has been asked to conduct OS fingering with Nmap using a company-provided text file that contains a list of IP addresses. Which of the following are needed to conduct this scan? (Choose two.)
-O
-iL
-sV
-sS
-oN
-oX
Information Gathering and Vulnerability Identification
Penetration Testing Tools
A penetration tester has been asked to conduct OS fingering with Nmap using a company-provided text file that contains a list of IP addresses. Which of the following are needed to conduct this scan? (Choose two.).
-O
-iL
-sV
-sS
-oN
-oX
Information Gathering and Vulnerability Identification
Penetration Testing Tools
A penetration tester has been assigned to perform an external penetration assessment of a company. Which of the following steps would BEST help with the passive-information-gathering process? (Choose two.)
Wait outside of the company s building and attempt to tailgate behind an employee.
Perform a vulnerability scan against the company s external netblock, identify exploitable vulnerabilities, and attempt to gain access.
Use domain and IP registry websites to identify the company s external netblocks and external facing applications.
Search social media for information technology employees who post information about the technologies they work with.
Identify the company s external facing webmail application, enumerate user accounts and attempt password guessing to gain access.
Planning and Scoping
Information Gathering and Vulnerability Identification
A penetration tester has been hired to perform a penetration test for an organization. Which of the following is indicative of an error-based SQL injection attack?
a=1 or 1
1=1 or b
1=1 or 2
1=1 or a
Attacks and Exploits
Penetration Testing Tools
A penetration tester has compromised a host. Which of the following would be the correct syntax to create a Netcat listener on the device?
nc -lvp 4444 /bin/bash
nc -vp 4444 /bin/bash
nc -p 4444 /bin/bash
nc -lp 4444 e /bin/bash
Attacks and Exploits
Penetration Testing Tools
A penetration tester has compromised a Windows server and is attempting to achieve persistence. Which of the following would achieve that goal?
schtasks.exe /create/tr powershell.exe Sv.ps1 /run
net session server | dsquery -user | net use c$
powershell && set-executionpolicy unrestricted
reg save HKLM\System\CurrentControlSet\Services\Sv.reg
Attacks and Exploits
Penetration Testing Tools
A penetration tester has gained access to a marketing employee's device. The penetration tester wants to ensure that if the access is discovered, control of the device can be regained. Which of the following actions should the penetration tester use to maintain persistence to the device? (Select TWO.)
Place an entry in HKLM\Software\Microsoft\CurrentVersion\Run to call au57d.ps1.
Place an entry in C:\windows\system32\drivers\etc\hosts for 12.17.20.10 badcomptia.com.
Place a script in C:\users\%username\local\appdata\roaming\temp\au57d.ps1.
Create a fake service in Windows called RTAudio to execute manually.
Place an entry for RTAudio in HKLM\CurrentControlSet\Services\RTAudio.
Create a schedule task to call C:\windows\system32\drivers\etc\hosts.
Attacks and Exploits
Penetration Testing Tools
Comments