次の認定試験に速く合格する！

簡単に認定試験を準備し、学び、そして合格するためにすべてが必要だ。

会員センターカート (0)

PT0-001 無料問題集「CompTIA PenTest+ Certification」

ページ: 1 / 16
トータル 295 問

サインアップ、ログインされた後に、試験全体を無料で表示できるようになります。

質問 1

A penetration tester has compromised a Windows server and is attempting to achieve persistence. Which of the following would achieve that goal?

（A）powershell && set-executionpolicy unrestricted

（B）reg save HKLM\System\CurrentControlSet\Services\Sv.reg

（C）net session server | dsquery -user | net use c$

（D）schtasks.exe /create/tr "powershell.exe" Sv.ps1 /run

正解：B 解答を投票する

質問 2

Which of the following documents BEST describes the manner in which a security assessment will be conducted?

（A）SLA

（B）MSA

（C）BIA

（D）SOW

正解：C 解答を投票する

質問 3

An engineer, who is conducting a penetration test for a web application, discovers the user login process sends from field data using the HTTP GET method. To mitigate the risk of exposing sensitive information, the form should be sent using an:

（A）HTTP TRACE method.

（B）HTTP POST method.

（C）HTTP PUT method.

（D）HTTP OPTIONS method.

正解：B 解答を投票する

質問 4

An Internet-accessible database server was found with the following ports open: 22, 53, 110, 1433, and 3389. Which of the following would be the BEST hardening technique to secure the server?

（A）Ensure all protocols are using encryption.

（B）Ensure the IDS rules have been updated.

（C）Employ network ACLs.

（D）Disable source routing on the server.

正解：C 解答を投票する

質問 5

A penetration tester has been hired to perform a penetration test for an organization. Which of the following is indicative of an error-based SQL injection attack?

（A）1=1 or b--

（B）1=1 or 2--

（C）1=1 or a--

（D）a=1 or 1--

正解：D 解答を投票する

質問 6

Which of the following would be BEST for performing passive reconnaissance on a target's external domain?

（A）CeWL

（B）Shodan

（C）OpenVAS

（D）Peach

正解：B 解答を投票する

質問 7

D18912E1457D5D1DDCBD40AB3BF70D5D
During the exploitation phase of a penetration test, a vulnerability is discovered that allows command execution on a Linux web server. A cursory review confirms the system access is only in a low-privilege user context: www-dat a. After reviewing, the following output from /etc/sudoers:

Which of the following users should be targeted for privilege escalation?

（A）Jedwards, operator, bfranks, emann, OPERATOR, and ADMINS can execute commands useful for privilege escalation.

（B）All users on the machine can execute privileged commands useful for privilege escalation.

（C）Bfranks, emann, members of the Linux admin group, OPERATORS, and ADMINS can execute commands useful for privilege escalation.

（D）Only members of the Linux admin group, OPERATORS, ADMINS, jedwards, and operator can execute privileged commands useful for privilege escalation.

正解：D 解答を投票する

質問 8

A penetration tester has compromised a system and wishes to connect to a port on it from the attacking machine to control the system Which of the following commands should the tester run on the compromised system?

（A）nc looalhot 4423

（B）nc 127.0.0.1 4423 -e /bin/bash

（C）nc -nvlp 4423 -e /bin/bash

（D）nc 10.0.0.1 4423

正解：C 解答を投票する

質問 9

A manager calls upon a tester to assist with diagnosing an issue within the following Python script:
#!/usr/bin/python
s = "Administrator"
The tester suspects it is an issue with string slicing and manipulation Analyze the following code segment and drag and drop the correct output for each string manipulation to its corresponding code segment Options may be used once or not at all

正解：

質問 10

A penetration tester wants to script out a way to discover all the RPTR records for a range of IP addresses. Which of the following is the MOST efficient to utilize?

（A）dig -r > echo "8.8.8.8" >> /etc/resolv/conf

（B）nmap -p 53 -oG dnslist.txt | cut -d ":" -f 4

（C）for x in (1...254); do dig -x 192.168. $x. $x; done

（D）nslookup -ns 8.8.8.8 << dnslist.txt

正解：C 解答を投票する

質問 11

A vulnerability scan identifies that an SSL certificate does not match the hostname; however, the client disputes the finding. Which of the following techniques can the penetration tester perform to adjudicate the validity of the findings?

（A）Ensure the scanner is configured to analyze IP hosts.

（B）Ensure the scanner has the proper plug -ins loaded.

（C）Ensure the scanner is configured to perform ARP resolution.

（D）Ensure the scanner can make outbound DNS requests.

正解：D 解答を投票する

質問 12

When calculating the sales price of a penetration test to a client, which of the following is the MOST important aspect to understand?

（A）The required scope of work

（B）The operating cost

（C）The client's budget

（D）The non-disclosure agreement

正解：A 解答を投票する

質問 13

A penetration testing company was hired to conduct a penetration test against Company A's network of 20.10.10.0/24 and mail.companyA.com. While the penetration testing company was in the information gathering phase, it was discovered that the mail.companyA.com IP address resolved to 20.15.1.2 and belonged to Company B.
Which of the following would be the BEST solution to conduct penetration testing against mail.companyA.com?

（A）The penetration tester should only use passive open source intelligence gathering methods leveraging publicly available information to analyze mail.companyA.com.

（B）The penetration tester should ignore mail.companyA.com testing and complete only the network range 20.10.10.0/24.

（C）The penetration tester should ask Company A for a signed statement giving permission to conduct a test against mail.companyA.com.

（D）The penetration tester should conduct penetration testing against mail.companyA.com because the domain name is in scope.

正解：A 解答を投票する

質問 14

A penetration tester observes that the content security policy header is missing during a web application penetration test. Which of the following techniques would the penetration tester MOST likely perform?

（A）Remote file inclusion attack

（B）Command injection attack

（C）Clickjacking attack

（D）Directory traversal attack

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 15

A penetration tester is performing initial intelligence gathering on some remote hosts prior to conducting a vulnerability scan.
The tester runs the following command:
nmap -p 192.168.1.1, 192.168.1.2, 192.168.1.3 -sV -o --max-rate 2 192.168.1.130 Which of the following BEST describes why multiple IP addresses are specified?

（A）The tester is trying to perform a more stealthy scan by including several bogus addresses.

（B）A discovery scan is run on the first set of addresses, whereas a deeper, more aggressive scan is run against the latter host.

（C）The network is subnetted as a/25 or greater, and the tester needed to access hosts on two different subnets.

（D）The scanning machine has several interfaces to balance the scan request across at the specified rate.

正解：C 解答を投票する

質問 16

A penetration tester has performed a security assessment for a startup firm. The report lists a total of ten vulnerabilities, with five identified as critical. The client does not have the resources to immediately remediate all vulnerabilities. Under such circumstances, which of the following would be the BEST suggestion for the client?

（A）Apply easy compensating controls for critical vulnerabilities to minimize the risk, and then reprioritize remediation.

（B）Implement the least impactful of the critical vulnerabilities' remediations first, and then address other critical vulnerabilities

（C）Identify the issues that can be remediated most quickly and address them first.

（D）Fix the most critical vulnerability first, even if it means fixing the other vulnerabilities may take a very long lime.

正解：D 解答を投票する

質問 17

An attacker performed a MITM attack against a mobile application. The attacker is attempting to manipulate the application's network traffic via a proxy tool. The attacker only sees limited traffic as cleartext. The application log files indicate secure SSL/TLS connections are failing. Which of the following is MOST likely preventing proxying of all traffic?

（A）Closed ports

（B）Misconfigured routes

（C）Strong cipher suites

（D）Certificate pinning

正解：D 解答を投票する

質問 18

Joe, an attacker, intends to transfer funds discreetly from a victim's account to his own. Which of the following URLs can he use to accomplish this attack?

（A）https://testbank.com/BankingApp/ACH.aspx?CustID=435345&accountType=F&action-ACHTransfer&senderID=654846&notify=False&creditaccount='OR 1=1 AND select username from testbank.custinfo where username like 'Joe' &amount=200

（B）https://testbank.com/BankingApp/ACH.aspx?CustID=435345&accountType=F&action-ACHTransfer&senderID=654846&notify=True&creditaccount='OR 1=1 AND select username from testbank.custinfo where username like 'Joe' -&amount=200

（C）https://testbank.com/BankingApp/ACH.aspx?CustID=435345&accountType=F&action-ACHTransfer&senderID=654846&notify=False&creditaccount='OR 1=1 AND select username from testbank.custinfo where username like 'Joe'-&amount=200

（D）https://testbank.com/BankingApp/ACH.aspx?CustID=435345&accountType=F&action-ACHTransfer&senderID=654846&notify=True&creditaccount='AND 1=1 AND select username from testbank.custinfo where username like 'Joe' -&amount=200

正解：A 解答を投票する

質問 19

Which of the following BEST protects against a rainbow table attack?
D18912E1457D5D1DDCBD40AB3BF70D5D

（A）Hardened OS configurations

（B）Increased password complexity

（C）Cryptographic salting

（D）Symmetric encryption

正解：B 解答を投票する

ページ: 1 / 16
トータル 295 問

PT0-001 の機能をすべて解除する

キャプチャ不要
365日無料更新サービス
希望する合格率を設定できる
時間の割り当てられる（時間：分）
PT0-001 に2つの練習用モード
サポートサービス対応

完全版を入手する

弊社を連絡する

我々は１２時間以内ですべてのお問い合わせを答えます。

オンラインサポート時間：( UTC+9 ) 9:00-24:00
月曜日から土曜日まで

サポート：現在連絡

トップ試験

MB-820 試験問題集
CPQ-Specialist 試験問題集
GB0-343 試験問題集
C-THR83-2405 試験問題集
DA0-001 試験問題集
NSK200 試験問題集

PT0-001 無料問題集「CompTIA PenTest+ Certification」

弊社を連絡する

関連リンク

トップ試験