Comptia (PT0-001) Exam Questions And Answers page 6
A penetration tester has gained a root shell on a target Linux server and wants to have the server "check in" over HTTP using a GET request to the penetration tester's laptop once every hour, even after system reboots. The penetration tester wrote a bash script to perform this. Which of the following represents the BEST method to persist the script?
Use the nohup command to launch the script immune to logouts.
Configure a systemd service at default run level to launch the script.
Modify .bash_profile to launch the script in the background.
Attacks and Exploits
Penetration Testing Tools
A penetration tester has gained physical access to a facility and connected directly into the internal network. The penetration tester now wants to pivot into the server VLAN. Which of the following would accomplish this?
Spoofing a printer s MAC address
Abusing DTP negotiation
Performing LLMNR poisoning
Conducting an STP attack
Attacks and Exploits
Penetration Testing Tools
A penetration tester has identified a directory traversal vulnerability. Which of the following payloads could have helped the penetration tester identify this vulnerability?
or folder like file ;
|| is /tmp/
&& dir C:/
../../../../../../../../
><script>document.location=/root/</script>
Attacks and Exploits
Penetration Testing Tools
A penetration tester has obtained access to an IP network subnet that contains ICS equipment intercommunication. Which of the following attacks is MOST likely to succeed in creating a physical effect?
DNS cache poisoning
Record and replay
Supervisory server SMB
Blind SQL injection
Attacks and Exploits
Penetration Testing Tools
A penetration tester has performed a pivot to a new Linux device on a different network. The tester writes the following command:
for m in {1..254..1};do ping -c 1 192.168.101.$m; done
Which of the following BEST describes the result of running this command?
for m in {1..254..1};do ping -c 1 192.168.101.$m; done
Which of the following BEST describes the result of running this command?
Port scan
Service enumeration
Live host identification
Denial of service
Attacks and Exploits
Penetration Testing Tools
A penetration tester has performed a security assessment for a startup firm. The report lists a total of ten vulnerabilities, with five identified as critical. The client does not have the resources to immediately remediate all vulnerabilities. Under such circumstances, which of the following would be the BEST suggestion for the client?
Apply easy compensating controls for critical vulnerabilities to minimize the risk, and then reprioritize remediation.
Identify the issues that can be remediated most quickly and address them first.
Implement the least impactful of the critical vulnerabilities' remediations first, and then address other critical vulnerabilities
Fix the most critical vulnerability first, even if it means fixing the other vulnerabilities may take a very long lime.
Penetration Testing Tools
Reporting and Communication
A penetration tester has performed a vulnerability scan of a specific host that contains a valuable database and has identified the following vulnerabilities:
• XSS
• HTTP DELETE method allowed
• SQL injection
• Vulnerable to CSRF
To which of the following should the tester give the HIGHEST priority?
• XSS
• HTTP DELETE method allowed
• SQL injection
• Vulnerable to CSRF
To which of the following should the tester give the HIGHEST priority?
SQL injection
HTTP DELETE method allowed
Vulnerable to CSRF
XSS
Information Gathering and Vulnerability Identification
Attacks and Exploits
A penetration tester has run multiple vulnerability scans against a target system. Which of the following would be unique to a credentialed scan?
Exploits for vulnerabilities found
Detailed service configurations
Unpatched third-party software
Weak access control configurations
Attacks and Exploits
Penetration Testing Tools
A penetration tester has SSH access to a Linux server that is exposed to the internet and has access to a corporate internal network. This server, with IP address 200.111.111.9, only has port TCP 22 externally opened. The penetration tester also discovered the internal IP address 192.168.1.5 from a Windows server. Which of the following steps should the penetration tester follow to open an RDP connection to this Windows server and to try to log on?
Connect to the Linux server using # ssh 200.111.111.9, establish an RDP connection to the 192.168.1.5 address.
Connect to the Windows server using # ssh -L 3389:200.111.111.9:22 192.168.1.5.
Connect to the Linux server using # ssh -L 3389:192.168.1.5:3389 200 .111.111.9; RDP to localhost address, port 3389.
Connect to the Windows server using # ssh -L 22:200.111.111.9:3389 192.168.1.5.
Attacks and Exploits
Penetration Testing Tools
A penetration tester has successfully deployed an evil twin and is starting to see some victim traffic. The next step the penetration tester wants to take is to capture all the victim web traffic unencrypted. Which of the following would BEST meet this goal?
Perform an HTTP downgrade attack.
Harvest the user credentials to decrypt traffic.
Perform an MITM attack.
Implement a CA attack by impersonating trusted CAs.
Attacks and Exploits
Penetration Testing Tools
Comments