CompTIA PT0-001 Dumps Questions 2021

NEW QUESTION 1
A penetration tester is required to perform OSINT on staff at a target company after completing the infrastructure aspect. Which of the following would be the BEST step for the penetration tester to take?

• A. Obtain staff information by calling the company and using social engineering techniques.
• B. Visit the client and use impersonation to obtain information from staff.
• C. Send spoofed emails to staff to see if staff will respond with sensitive information.
• D. Search the Internet for information on staff such as social networking site

Answer: C

NEW QUESTION 2
A penetration testet is attempting to capture a handshake between a client and an access point by monitoring a WPA2-PSK secured wireless network The (ester is monitoring the correct channel tor the identified network but has been unsuccessful in capturing a handshake Given this scenario, which of the following attacks would BEST assist the tester in obtaining this handshake?

• A. Karma attack
• B. Deauthentication attack
• C. Fragmentation attack
• D. SSID broadcast flood

Answer: B

NEW QUESTION 3
A constant wants to scan all the TCP Pots on an identified device. Which of the following Nmap switches will complete this task?

• A. -p-
• B. -p ALX,
• C. -p 1-65534
• D. -port 1-65534

Answer: A

NEW QUESTION 4
A penetration tester runs the following from a compromised box 'python -c -import pty;Pty.sPawn( "/bin/bash").' Which of the following actions is the tester taking?

• A. Removing the Bash history
• B. Upgrading the shell
• C. Creating a sandbox
• D. Capturing credentials

Answer: A

NEW QUESTION 5
Click the exhibit button.

A penetration tester is performing an assessment when the network administrator shows the tester a packet sample that is causing trouble on the network Which of the following types of attacks should the tester stop?

• A. SNMP brute forcing
• B. ARP spoofing
• C. DNS cache poisoning
• D. SMTP relay

Answer: B

NEW QUESTION 6
A penetration tester has a full shell to a domain controller and wants to discover any user account that has not authenticated to the domain in 21 days. Which of the following commands would BEST accomplish this?

• A. dsrm -users "DN=compony.com; OU=hq CN=usera"
• B. dsuser -name -account -limit 3
• C. dsquery uaer -inactive 3
• D. dsquery -o -rein -limit 21

Answer: B

NEW QUESTION 7
During an internal penetration test, several multicast and broadcast name resolution requests are observed traversing the network. Which of the following tools could be used to impersonate network resources and collect authentication requests?

• A. Ettercap
• B. Tcpdump
• C. Responder
• D. Medusa

Answer: D

NEW QUESTION 8
In a physical penetration testing scenario, the penetration tester obtains physical access to a laptop following .s a potential NEXT step to extract credentials from the device?

• A. Brute force the user's password.
• B. Perform an ARP spoofing attack.
• C. Leverage the BeEF framework to capture credentials.
• D. Conduct LLMNR/NETBIOS-ns poisonin

Answer: D

NEW QUESTION 9
A security consultant is trying to attack a device with a previous identified user account.

Which of the following types of attacks is being executed?

• A. Credential dump attack
• B. DLL injection attack
• C. Reverse shell attack
• D. Pass the hash attack

Answer: D

NEW QUESTION 10
A tester has captured a NetNTLMv2 hash using Responder Which of the following commands will allow the tester to crack the hash using a mask attack?

• A. hashcat -m 5600 -r rulea/beat64.rule hash.txt wordliat.txt
• B. hashcax -m 5€00 hash.txt
• C. hashc&t -m 5600 -a 3 haah.txt ?a?a?a?a?a?a?a?a
• D. hashcat -m 5600 -o reaulta.txt hash.txt wordliat.txt

Answer: A

NEW QUESTION 11
The following command is run on a Linux file system: Chmod 4111 /usr/bin/sudo
Which of the following issues may be explogted now?

• A. Kernel vulnerabilities
• B. Sticky bits
• C. Unquoted service path
• D. Misconfigured sudo

Answer: D

NEW QUESTION 12
A penetration tester was able to retrieve the initial VPN user domain credentials by phishing a member of the IT department. Afterward, the penetration tester obtained hashes over the VPN and easily cracked them using a dictionary attack Which of the following remediation steps should be recommended? (Select THREE)

• A. Mandate all employees take security awareness training
• B. Implement two-factor authentication for remote access
• C. Install an intrusion prevention system
• D. Increase password complexity requirements
• E. Install a security information event monitoring solution.
• F. Prevent members of the IT department from interactively logging in as administrators
• G. Upgrade the cipher suite used for the VPN solution

Answer: BDG

NEW QUESTION 13
Which of the following has a direct and significant impact on the budget of the security assessment?

• A. Scoping
• B. Scheduling
• C. Compliance requirement
• D. Target risk

Answer: A

NEW QUESTION 14
The results of a basic compliance scan show a subset of assets on a network. This data differs from what is shown on the network architecture diagram, which was supplied at the beginning of the test. Which of the following are the MOST likely causes for this difference? (Select TWO)

• A. Storage access
• B. Limited network access
• C. Misconfigured DHCP server
• D. Incorrect credentials
• E. Network access controls

Answer: A

NEW QUESTION 15
A client asks a penetration tester to add more addresses to a test currently in progress. Which of the following would defined the target list?

• A. Rules of engagement
• B. Master services agreement
• C. Statement of work
• D. End-user license agreement

Answer: D

NEW QUESTION 16
After several attempts, an attacker was able to gain unauthorized access through a biometric sensor using the attacker's actual fingerprint without explogtation. Which of the following is the MOST likely explanation of what happened?

• A. The biometric device is tuned more toward false positives
• B. The biometric device is configured more toward true negatives
• C. The biometric device is set to fail closed
• D. The biometnc device duplicated a valid user's fingerpnn

Answer: A