Want to know PT0-001 Exam Dumps features? Want to lear more about PT0-001 Braindumps experience? Study PT0-001 Braindumps. Gat a success with an absolute guarantee to pass CompTIA PT0-001 (CompTIA PenTest+ Certification Exam) test on your first attempt.
Online PT0-001 free questions and answers of New Version:
NEW QUESTION 1
A penetration tester was able to retrieve the initial VPN user domain credentials by phishing a member of the IT department. Afterward, the penetration tester obtained hashes over the VPN and easily cracked them using a dictionary attack Which of the following remediation steps should be recommended? (Select THREE)
- A. Mandate all employees take security awareness training
- B. Implement two-factor authentication for remote access
- C. Install an intrusion prevention system
- D. Increase password complexity requirements
- E. Install a security information event monitoring solution.
- F. Prevent members of the IT department from interactively logging in as administrators
- G. Upgrade the cipher suite used for the VPN solution
NEW QUESTION 2
Which of Ihe following commands would allow a penetration tester to access a private network from the Internet in Metasplogt?
- A. set rhost 192.168.1.10
- B. run autoroute -a 192.168.1.0/24
- C. db_nm«p -iL /tmp/privatehoots . txt
- D. use auxiliary/servet/aocka^a
NEW QUESTION 3
A penetration tester has been asked to conduct OS fingerprinting with Nmap using a companyprovide text file that contain a list of IP addresses.
Which of the following are needed to conduct this scan? (Select TWO).
- A. -O
- B. _iL
- C. _sV
- D. -sS
- E. -oN
- F. -oX
NEW QUESTION 4
You are a security analyst tasked with hardening a web server.
You have been given a list of HTTP payloads that were flagged as malicious.
NEW QUESTION 5
Joe, a penetration tester, is asked to assess a company's physical security by gaining access to its corporate office. Joe ism looking for a method that will enable him to enter the building during business hours or when there are no employee on-site. Which of the following would be MOST effective in accomplishing this?
- A. Badge cloning
- B. Lock picking
- C. Tailgating
- D. Piggybacking
NEW QUESTION 6
Which of the following reasons does penetration tester needs to have a customer's point-of -contact information available at all time? (Select THREE).
- A. To report indicators of compromise
- B. To report findings that cannot be explogted
- C. To report critical findings
- D. To report the latest published explogts
- E. To update payment information
- F. To report a server that becomes unresponsive
- G. To update the statement o( work
- H. To report a cracked password
NEW QUESTION 7
After a recent penetration test, a company has a finding regarding the use of dictionary and seasonal passwords by its employees. Which of the following is the BEST control to remediate the use of common dictionary terms?
- A. Expand the password length from seven to 14 characters
- B. Implement password history restrictions
- C. Configure password filters
- D. Disable the accounts after five incorrect attempts
- E. Decrease the password expiration window
NEW QUESTION 8
A penetration tester is designing a phishing campaign and wants to build list of users (or the target organization. Which of the following techniques would be the MOST appropriate? (Select TWO)
- A. Query an Internet WHOIS database.
- B. Search posted job listings.
- C. Scrape the company website.
- D. Harvest users from social networking sites.
- E. Socially engineer the corporate call cente
NEW QUESTION 9
When performing compliance-based assessments, which of the following is the MOST important Key consideration?
- A. Additional rate
- B. Company policy
- C. Impact tolerance
- D. Industry type
NEW QUESTION 10
An attacker uses SET to make a copy of a company's cloud-hosted web mail portal and sends an email m to obtain the CEO s login credentials Which of the following types of attacks is this an example of?
- A. Elicitation attack
- B. Impersonation attack
- C. Spear phishing attack
- D. Drive-by download attack
NEW QUESTION 11
A. penetration tester wants to check manually if a "ghost" vulnerability exists in a system. Which of the following methods is the correct way to validate the vulnerability?
- A. Option A
- B. Option B
- C. Option C
- D. Option D
NEW QUESTION 12
A client asks a penetration tester to add more addresses to a test currently in progress. Which of the following would defined the target list?
- A. Rules of engagement
- B. Master services agreement
- C. Statement of work
- D. End-user license agreement
NEW QUESTION 13
A security analyst has uncovered a suspicious request in the logs for a web application. Given the following URL:
- A. Directory traversal
- B. Cross-site scripting
- C. Remote file inclusion
- D. User enumeration
NEW QUESTION 14
A penetration testet is attempting to capture a handshake between a client and an access point by monitoring a WPA2-PSK secured wireless network The (ester is monitoring the correct channel tor the identified network but has been unsuccessful in capturing a handshake Given this scenario, which of the following attacks would BEST assist the tester in obtaining this handshake?
- A. Karma attack
- B. Deauthentication attack
- C. Fragmentation attack
- D. SSID broadcast flood
NEW QUESTION 15
A penetration tester is checking a script to determine why some basic persisting. The expected result was the program outputting "True."
Given the output from the console above, which of the following explains how to correct the errors in the script? (Select TWO)
- A. Change fi' to 'Endlf
- B. Remove the 'let' in front of 'dest=5+5'.
- C. Change the '=" to '-eq'.
- D. Change •source* and 'dest' to "Ssource" and "Sdest"
- E. Change 'else' to 'eli
NEW QUESTION 16
Which of the following BEST explains why it is important to maintain confidentiality of any identified findings when performing a penetration test?
- A. Penetration test findings often contain company intellectual property
- B. Penetration test findings could lead to consumer dissatisfaction if made pubic
- C. Penetration test findings are legal documents containing privileged information
- D. Penetration test findings can assist an attacker in compromising a system
NEW QUESTION 17
A client has voiced concern about the number of companies being branched by remote attackers, who are looking for trade secrets. Which of following BEST describes the types of adversaries this would identify?
- A. Script kiddies
- B. APT actors
- C. Insider threats
- D. Hacktrvist groups
NEW QUESTION 18
A constant wants to scan all the TCP Pots on an identified device. Which of the following Nmap switches will complete this task?
- A. -p-
- B. -p ALX,
- C. -p 1-65534
- D. -port 1-65534
Thanks for reading the newest PT0-001 exam dumps! We recommend you to try the PREMIUM Certleader PT0-001 dumps in VCE and PDF here: https://www.certleader.com/PT0-001-dumps.html (131 Q&As Dumps)