Exam Logo

Comptia (PT0-001) Exam Questions And Answers page 6

A penetration tester has gained a root shell on a target Linux server and wants to have the server "check in" over HTTP using a GET request to the penetration tester's laptop once every hour, even after system reboots. The penetration tester wrote a bash script to perform this. Which of the following represents the BEST method to persist the script?
Attacks and Exploits Penetration Testing Tools
A penetration tester has gained physical access to a facility and connected directly into the internal network. The penetration tester now wants to pivot into the server VLAN. Which of the following would accomplish this?
Attacks and Exploits Penetration Testing Tools
A penetration tester has identified a directory traversal vulnerability. Which of the following payloads could have helped the penetration tester identify this vulnerability?
Attacks and Exploits Penetration Testing Tools
A penetration tester has obtained access to an IP network subnet that contains ICS equipment intercommunication. Which of the following attacks is MOST likely to succeed in creating a physical effect?
Attacks and Exploits Penetration Testing Tools
A penetration tester has performed a pivot to a new Linux device on a different network. The tester writes the following command:

for m in {1..254..1};do ping -c 1 192.168.101.$m; done

Which of the following BEST describes the result of running this command?
Attacks and Exploits Penetration Testing Tools
A penetration tester has performed a security assessment for a startup firm. The report lists a total of ten vulnerabilities, with five identified as critical. The client does not have the resources to immediately remediate all vulnerabilities. Under such circumstances, which of the following would be the BEST suggestion for the client?
Penetration Testing Tools Reporting and Communication
A penetration tester has performed a vulnerability scan of a specific host that contains a valuable database and has identified the following vulnerabilities:

• XSS
• HTTP DELETE method allowed
• SQL injection
• Vulnerable to CSRF

To which of the following should the tester give the HIGHEST priority?
Information Gathering and Vulnerability Identification Attacks and Exploits
A penetration tester has run multiple vulnerability scans against a target system. Which of the following would be unique to a credentialed scan?
Attacks and Exploits Penetration Testing Tools
A penetration tester has SSH access to a Linux server that is exposed to the internet and has access to a corporate internal network. This server, with IP address 200.111.111.9, only has port TCP 22 externally opened. The penetration tester also discovered the internal IP address 192.168.1.5 from a Windows server. Which of the following steps should the penetration tester follow to open an RDP connection to this Windows server and to try to log on?
Attacks and Exploits Penetration Testing Tools
A penetration tester has successfully deployed an evil twin and is starting to see some victim traffic. The next step the penetration tester wants to take is to capture all the victim web traffic unencrypted. Which of the following would BEST meet this goal?
Attacks and Exploits Penetration Testing Tools