CompTIA PT0-001 Dumps 2021

NEW QUESTION 1
If a security consultant comes across a password hash that resembles the following b117 525b3454 7Oc29ca3dBaeOb556ba8
Which of the following formats is the correct hash type?

• A. Kerberos
• B. NetNTLMvl
• C. NTLM
• D. SHA-1

Answer: C

NEW QUESTION 2
A penetration tester is checking a script to determine why some basic persisting. The expected result was the program outputting "True."

Given the output from the console above, which of the following explains how to correct the errors in the script? (Select TWO)

• A. Change fi' to 'Endlf
• B. Remove the 'let' in front of 'dest=5+5'.
• C. Change the '=" to '-eq'.
• D. Change •source* and 'dest' to "Ssource" and "Sdest"
• E. Change 'else' to 'eli

Answer: BC

NEW QUESTION 3
In which of the following components is an explogted vulnerability MOST likely to affect multiple running application containers at once?

• A. Common libraries
• B. Configuration files
• C. Sandbox escape
• D. ASLR bypass

Answer: D

NEW QUESTION 4
A penetration tester successfully explogts a DM2 server that appears to be listening on an outbound port The penetration tester wishes to forward that traffic back to a device Which of the following are the BEST tools to use few this purpose? (Select TWO)

• A. Tcpdump
• B. Nmap
• C. Wiresrtark
• D. SSH
• E. Netcat
• F. Cain and Abel

Answer: CD

NEW QUESTION 5
Which of the following CPU register does the penetration tester need to overwrite in order to explogt a simple butter overflow?

• A. Stack pointer register
• B. Index pointer register
• C. Stack base pointer
• D. Destination index register

Answer: D

NEW QUESTION 6
Given the following script:

Which of the following BEST describes the purpose of this script?

• A. Log collection
• B. Event logging
• C. Keystroke monitoring
• D. Debug message collection

Answer: C

NEW QUESTION 7
A client is asking a penetration tester to evaluate a new web application for availability. Which of the following types of attacks should the tester use?

• A. TCP SYN flood
• B. SQL injection
• C. xss
• D. XMAS scan

Answer: A

NEW QUESTION 8
An attacker uses SET to make a copy of a company's cloud-hosted web mail portal and sends an email m to obtain the CEO s login credentials Which of the following types of attacks is this an example of?

• A. Elicitation attack
• B. Impersonation attack
• C. Spear phishing attack
• D. Drive-by download attack

Answer: B

NEW QUESTION 9
A penetration tester is performing a remote scan to determine if the server farm is compliant with the company's software baseline . Which of the following should the penetration tester perform to verify compliance with the baseline?

• A. Discovery scan
• B. Stealth scan
• C. Full scan
• D. Credentialed scan

Answer: A

NEW QUESTION 10
Click the exhibit button.

Given the Nikto vulnerability scan output shown in the exhibit, which of the following explogtation techniques might be used to explogt the target system? (Select TWO)

• A. Arbitrary code execution
• B. Session hijacking
• C. SQL injection
• D. Login credential brute-forcing
• E. Cross-site request forgery

Answer: CE

NEW QUESTION 11
During an internal network penetration test, a tester recovers the NTLM password hash tor a user known to have full administrator privileges on a number of target systems Efforts to crack the hash and recover the plaintext password have been unsuccessful Which of the following would be the BEST target for continued explogtation efforts?

• A. Operating system Windows 7 Open ports: 23, 161
• B. Operating system Windows Server 2021 Open ports: 53, 5900
• C. Operating system Windows 8 1Open ports 445, 3389
• D. Operating system Windows 8 Open ports 514, 3389

Answer: C

NEW QUESTION 12
An assessor begins an internal security test of the Windows domain internal. comptia. net. The assessor is given network access via DHCP, but is not given any network maps or target IP addresses. Which of the following commands can the assessor use to find any likely Windows domain controllers?

• A. Option A
• B. Option B
• C. Option C
• D. Option D

Answer: A

NEW QUESTION 13
A penetration tester has been asked to conduct OS fingerprinting with Nmap using a companyprovide text file that contain a list of IP addresses.
Which of the following are needed to conduct this scan? (Select TWO).

• A. -O
• B. _iL
• C. _sV
• D. -sS
• E. -oN
• F. -oX

Answer: EF

NEW QUESTION 14
After successfully capturing administrator credentials to a remote Windows machine, a penetration tester attempts to access the system using PSExec but is denied permission. Which of the following shares must be accessible for a successful PSExec connection?

• A. IPCS and C$
• B. C$ and ADMINS
• C. SERVICES and ADMINS
• D. ADMINS and IPCS

Answer: C

NEW QUESTION 15
After a recent penetration test, a company has a finding regarding the use of dictionary and seasonal passwords by its employees. Which of the following is the BEST control to remediate the use of common dictionary terms?

• A. Expand the password length from seven to 14 characters
• B. Implement password history restrictions
• C. Configure password filters
• D. Disable the accounts after five incorrect attempts
• E. Decrease the password expiration window

Answer: A

NEW QUESTION 16
A penetration tester has successfully explogted an application vulnerability and wants to remove the command history from the Linux session. Which of the following will accomplish this successfully?

• A. history --remove
• B. cat history I clear
• C. rm -f ./history
• D. history -c

Answer: D