Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

CompTIA PT0-002 - CompTIA PenTest+ Certification Exam

Page: 6 / 14
Total 464 questions

A company provided the following network scope for a penetration test:

169.137.1.0/24

221.10.1.0/24

149.14.1.0/24

A penetration tester discovered a remote command injection on IP address 149.14.1.24 and exploited the system. Later, the tester learned that this particular IP address belongs to a third party. Which of the following stakeholders is responsible for this mistake?

A.

The company that requested the penetration test

B.

The penetration testing company

C.

The target host's owner

D.

The penetration tester

E.

The subcontractor supporting the test

A software company has hired a security consultant to assess the security of the company's software development practices. The consultant opts to begin reconnaissance by performing fuzzing on a software binary. Which of the following vulnerabilities is the security consultant MOST likely to identify?

A.

Weak authentication schemes

B.

Credentials stored in strings

C.

Buffer overflows

D.

Non-optimized resource management

The following PowerShell snippet was extracted from a log of an attacker machine:

A penetration tester would like to identify the presence of an array. Which of the following line numbers would define the array?

A.

Line 8

B.

Line 13

C.

Line 19

D.

Line 20

A client evaluating a penetration testing company requests examples of its work. Which of the following represents the BEST course of action for the penetration testers?

A.

Redact identifying information and provide a previous customer's documentation.

B.

Allow the client to only view the information while in secure spaces.

C.

Determine which reports are no longer under a period of confidentiality.

D.

Provide raw output from penetration testing tools.

A penetration tester has gained access to the Chief Executive Officer's (CEO's) internal, corporate email. The next objective is to gain access to the network.

Which of the following methods will MOST likely work?

A.

Try to obtain the private key used for S/MIME from the CEO's account.

B.

Send an email from the CEO's account, requesting a new account.

C.

Move laterally from the mail server to the domain controller.

D.

Attempt to escalate privileges on the mail server to gain root access.

During an assessment, a penetration tester was able to access the organization's wireless network from outside of the building using a laptop running Aircrack-ng. Which of the following should be recommended to the client to remediate this issue?

A.

Changing to Wi-Fi equipment that supports strong encryption

B.

Using directional antennae

C.

Using WEP encryption

D.

Disabling Wi-Fi

A penetration tester has established an on-path position between a target host and local network services but has not been able to establish an on-path position between the target host and the Internet. Regardless, the tester would like to subtly redirect HTTP connections to a spoofed server IP. Which of the following methods would BEST support the objective?

A.

Gain access to the target host and implant malware specially crafted for this purpose.

B.

Exploit the local DNS server and add/update the zone records with a spoofed A record.

C.

Use the Scapy utility to overwrite name resolution fields in the DNS query response.

D.

Proxy HTTP connections from the target host to that of the spoofed host.

Which of the following is the most secure method for sending the penetration test report to the client?

A.

Sending the penetration test report on an online storage system.

B.

Sending the penetration test report inside a password-protected ZIP file.

C.

Sending the penetration test report via webmail using an HTTPS connection.

D.

Encrypting the penetration test report with the client’s public key and sending it via email.

During a penetration test, a tester is able to change values in the URL from example.com/login.php?id=5 to example.com/login.php?id=10 and gain access to a web application. Which of the following vulnerabilities has the penetration tester exploited?

A.

Command injection

B.

Broken authentication

C.

Direct object reference

D.

Cross-site scripting

A penetration tester is able to use a command injection vulnerability in a web application to get a reverse shell on a system After running a few commands, the tester runs the following:

python -c 'import pty; pty.spawn("/bin/bash")'

Which of the following actions Is the penetration tester performing?

A.

Privilege escalation

B.

Upgrading the shell

C.

Writing a script for persistence

D.

Building a bind shell