Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

CompTIA PT0-002 - CompTIA PenTest+ Certification Exam

Page: 4 / 14
Total 464 questions

Which of the following tools can a penetration tester use to brute force a user password over SSH using multiple threads?

A.

CeWL

B.

John the Ripper

C.

Hashcat

D.

Hydra

A penetration tester is performing an assessment of an application that allows users to upload documents to a cloud-based file server for easy access anywhere in the world. Which of the following would most likely allow a tester to access unintentionally exposed documents?

A.

Directory traversal attack

B.

Cross-site request forgery

C.

Cross-site scripting attack

D.

Session attack

A penetration tester managed to exploit a vulnerability using the following payload:

IF (1=1) WAIT FOR DELAY '0:0:15'

Which of the following actions would best mitigate this type ol attack?

A.

Encrypting passwords

B.

Parameterizing queries

C.

Encoding output

D.

Sanitizing HTML

During a penetration test of a server application, a security consultant found that the application randomly crashed or remained stable after opening several simultaneous connections to the application and always submitting the same packets of data. Which of the following is the best sequence of steps the tester should use to understand and exploit the vulnerability?

A.

Attacha remoteprofiler to the server application. Establish a random number of connections to the server application. Send fixed packets of data simultaneously using those connections.

B.

Attacha remotedebugger to the server application. Establish a large number of connections to the server application. Send fixed packets of data simultaneously using those connections.

C.

Attacha local disassembler to the server application. Establish a single connection to the server application. Send fixed packets of data simultaneously using that connection.

D.

Attacha remotedisassembler to the server application. Establish a small number of connections to the server application. Send fixed packets of data simultaneously using those connections.

A penetration tester is reviewing the security of a web application running in an laaS compute instance. Which of the following payloads should the tester send to get the running process credentials?

A.

file=http://192.168. 1. 78?+document.cookie

B.

file =.. / .. / .. /proc/self/environ

C.

file='%20or%2054365=54365 ;--

D.

file=http://169.254.169.254/latest/meta-data/

A penetration tester wrote the following script on a compromised system:

#!/bin/bash

network='10.100.100'

ports='22 23 80 443'

for x in {1 .. 254};

do (nc -zv $network.$x $ports );

done

Which of the following would explain using this script instead of another tool?

A.

The typical tools could not be used against Windows systems.

B.

The configuration required the penetration tester to not utilize additional files.

C.

The Bash script will provide more thorough output.

D.

The penetration tester wanted to persist this script to run on reboot.

Which of the following tools would be the best to use to intercept an HTTP response at an API, change its content, and forward it back to the origin mobile device?

A.

Drozer

B.

Burp Suite

C.

Android SDK Tools

D.

MobSF

Which of the following tools provides Python classes for interacting with network protocols?

A.

Responder

B.

Impacket

C.

Empire

D.

PowerSploit

A penetration tester is attempting to perform reconnaissance on a customer's external-facing footprint and reviews a summary of the fingerprinting scans:

SSH servers: 23

NTP servers: 4

Rsync servers: 5

LDAP servers: 2

Which of the following OSs is the organization most likely using?

A.

Mac OS X

B.

FreeBSD

C.

Microsoft Windows

D.

Linux

Which of the following is the most secure way to protect a final report file when delivering the report to the client/customer?

A.

Creating a link on a cloud service and delivering it by email

B.

Asking for a PGP public key to encrypt the file

C.

Requiring FTPS security to download the file

D.

Copying the file on a USB drive and delivering it by postal mail