CompTIA PT0-001 Dumps Questions 2021

NEW QUESTION 1
Joe, a penetration tester, is asked to assess a company's physical security by gaining access to its corporate office. Joe ism looking for a method that will enable him to enter the building during business hours or when there are no employee on-site. Which of the following would be MOST effective in accomplishing this?

• A. Badge cloning
• B. Lock picking
• C. Tailgating
• D. Piggybacking

Answer: A

NEW QUESTION 2
DRAG DROP
A manager calls upon a tester to assist with diagnosing an issue within the following Python script:
#!/usr/bin/python
s = "Administrator"
The tester suspects it is an issue with string slicing and manipulation Analyze the following code segment and drag and drop the correct output for each string manipulation to its corresponding code segment Options may be used once or not at all

Answer:

Explanation:
Nsrt
Snma
Trat
Imda

NEW QUESTION 3
A penetration tester is utilizing social media to gather information about employees at a company. The tester has created a list of popular words used in employee profile s. For which of the following types of attack would this information be used?

• A. Explogt chaining
• B. Session hijacking
• C. Dictionary
• D. Karma

Answer: B

NEW QUESTION 4
When performing compliance-based assessments, which of the following is the MOST important Key consideration?

• A. Additional rate
• B. Company policy
• C. Impact tolerance
• D. Industry type

Answer: A

NEW QUESTION 5
While engaging clients for a penetration test from highly regulated industries, which of the following is usually the MOST important to the clients from a business perspective?

• A. Letter of engagement and attestation of findings
• B. NDA and MSA
• C. SOW and final report
• D. Risk summary and executive summary

Answer: D

NEW QUESTION 6
Which of the following CPU register does the penetration tester need to overwrite in order to explogt a simple butter overflow?

• A. Stack pointer register
• B. Index pointer register
• C. Stack base pointer
• D. Destination index register

Answer: D

NEW QUESTION 7
A company contracted a firm specializing in penetration testing to assess the security of a core business application. The company provided the firm with a copy of the Java bytecode. Which of the following steps must the firm take before it can run a static code analyzer?

• A. Run the application through a dynamic code analyzer.
• B. Employ a fuzzing utility.
• C. Decompile the application.
• D. Check memory allocation

Answer: D

NEW QUESTION 8
Click the exhibit button.

Given the Nikto vulnerability scan output shown in the exhibit, which of the following explogtation techniques might be used to explogt the target system? (Select TWO)

• A. Arbitrary code execution
• B. Session hijacking
• C. SQL injection
• D. Login credential brute-forcing
• E. Cross-site request forgery

Answer: CE

NEW QUESTION 9
If a security consultant comes across a password hash that resembles the following b117 525b3454 7Oc29ca3dBaeOb556ba8
Which of the following formats is the correct hash type?

• A. Kerberos
• B. NetNTLMvl
• C. NTLM
• D. SHA-1

Answer: C

NEW QUESTION 10
Which of the following has a direct and significant impact on the budget of the security assessment?

• A. Scoping
• B. Scheduling
• C. Compliance requirement
• D. Target risk

Answer: A

NEW QUESTION 11
A constant wants to scan all the TCP Pots on an identified device. Which of the following Nmap switches will complete this task?

• A. -p-
• B. -p ALX,
• C. -p 1-65534
• D. -port 1-65534

Answer: A

NEW QUESTION 12
A penetration tester successfully explogts a Windows host and dumps the hashes Which of the following hashes can the penetration tester use to perform a pass-the-hash attack?

• A. Option A
• B. Option B
• C. Option C
• D. Option D

Answer: D

NEW QUESTION 13
A client requests that a penetration tester emulate a help desk technician who was recently laid off. Which of the following BEST describes the abilities of the threat actor?

• A. Advanced persistent threat
• B. Script kiddie
• C. Hacktivist
• D. Organized crime

Answer: A

NEW QUESTION 14
A penetration tester is checking a script to determine why some basic persisting. The expected result was the program outputting "True."

Given the output from the console above, which of the following explains how to correct the errors in the script? (Select TWO)

• A. Change fi' to 'Endlf
• B. Remove the 'let' in front of 'dest=5+5'.
• C. Change the '=" to '-eq'.
• D. Change •source* and 'dest' to "Ssource" and "Sdest"
• E. Change 'else' to 'eli

Answer: BC

NEW QUESTION 15
A penetration tester is required to perform OSINT on staff at a target company after completing the infrastructure aspect. Which of the following would be the BEST step for the penetration tester to take?

• A. Obtain staff information by calling the company and using social engineering techniques.
• B. Visit the client and use impersonation to obtain information from staff.
• C. Send spoofed emails to staff to see if staff will respond with sensitive information.
• D. Search the Internet for information on staff such as social networking site

Answer: C

NEW QUESTION 16
Which of the following reasons does penetration tester needs to have a customer's point-of -contact information available at all time? (Select THREE).

• A. To report indicators of compromise
• B. To report findings that cannot be explogted
• C. To report critical findings
• D. To report the latest published explogts
• E. To update payment information
• F. To report a server that becomes unresponsive
• G. To update the statement o( work
• H. To report a cracked password

Answer: DEF

NEW QUESTION 17
A penetration tester notices that the X-Frame-Optjons header on a web application is not set. Which of the following would a malicious actor do to explogt this configuration setting?

• A. Use path modification to escape the application's framework.
• B. Create a frame that overlays the application.
• C. Inject a malicious iframe containing JavaScript.
• D. Pass an iframe attribute that is maliciou

Answer: B