PT0-003無料問題集「CompTIA PenTest+」

質問 1

During a security audit, a penetration tester wants to run a process to gather information about a target network's domain structure and associated IP addresses. Which of the following tools should the tester use?

（A）Dnsenum

（B）Nmap

（C）Wireshark

（D）Netcat

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 2

A penetration tester needs to confirm the version number of a client's web application server. Which of the following techniques should the penetration tester use?

（A）Directory brute forcing

（B）Banner grabbing

（C）SSL certificate inspection

（D）URL spidering

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 3

Which of the following could be used to enhance the quality and reliability of a vulnerability scan report?

（A）Client acceptance

（B）Risk analysis

（C）Peer review

（D）Root cause analysis

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 4

During a security assessment for an internal corporate network, a penetration tester wants to gain unauthorized access to internal resources by executing an attack that uses software to disguise itself as legitimate software. Which of the following host-based attacks should the tester use?

（A）Rootkit

（B）Buffer overflow

（C）On-path

（D）Logic bomb

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 5

During an assessment, a penetration tester gains a low-privilege shell and then runs the following command:
findstr /SIM /C:"pass" *.txt *.cfg *.xml
Which of the following is the penetration tester trying to enumerate?

（A）Secrets

（B）Configuration files

（C）Permissions

（D）Virtual hosts

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 6

During a web application assessment, a penetration tester identifies an input field that allows JavaScript injection. The tester inserts a line of JavaScript that results in a prompt, presenting a text box when browsing to the page going forward. Which of the following types of attacks is this an example of?

（A）XSS

（B）SQL injection

（C）SSRF

（D）Server-side template injection

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 7

A penetration tester needs to help create a threat model of a custom application. Which of the following is the most likely framework the tester will use?

（A）CI/CD

（B）DREAD

（C）MITRE ATT&CK

（D）OSSTMM

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 8

A penetration tester wants to send a specific network packet with custom flags and sequence numbers to a vulnerable target. Which of the following should the tester use?

（A）Scapy

（B）tcprelay

（C）tcpdump

（D）Bluecrack

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 9

A penetration tester identifies an exposed corporate directory containing first and last names and phone numbers for employees. Which of the following attack techniques would be the most effective to pursue if the penetration tester wants to compromise user accounts?

（A）Impersonation

（B）Tailgating

（C）Smishing

（D）Whaling

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 10

A penetration tester obtains password dumps associated with the target and identifies strict lockout policies.
The tester does not want to lock out accounts when attempting access. Which of the following techniques should the tester use?

（A）Brute-force attack

（B）MFA fatigue

（C）Credential stuffing

（D）Dictionary attack

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 11

Which of the following is the most efficient way to infiltrate a file containing data that could be sensitive?

（A）Split the file in tiny pieces and send it over dnscat

（B）Compress the file and send it using TFTP

（C）Use steganography and send the file over FTP

（D）Encrypt and send the file over HTTPS

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 12

During a security assessment, a penetration tester captures plaintext login credentials on the communication between a user and an authentication system. The tester wants to use this information for further unauthorized access.
Which of the following tools is the tester using?

（A）Burp Suite

（B）Wireshark

（C）Metasploit

（D）Zed Attack Proxy (ZAP)

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 13

Which of the following is most important when communicating the need for vulnerability remediation to a client at the conclusion of a penetration test?

（A）Articulation of escalation

（B）Articulation of impact

（C）Articulation of alignment

（D）Articulation of cause

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 14

A penetration tester wants to maintain access to a compromised system after a reboot. Which of the following techniques would be best for the tester to use?

（A）Establishing a reverse shell

（B）Performing a credential-dumping attack

（C）Creating a scheduled task

（D）Executing a process injection attack

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 15

During a routine penetration test, the client's security team observes logging alerts that indicate several ID badges were reprinted after working hours without authorization. Which of the following is the penetration tester most likely trying to do?

（A）Obtain long-term, valid access to the facility

（B）Revoke access to the facility for valid users

（C）Disrupt the availability of facility access systems

（D）Change access to the facility for valid users

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 16

With one day left to complete the testing phase of an engagement, a penetration tester obtains the following results from an Nmap scan:
Not shown: 1670 closed ports
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.2.3 (CentOS)
3306/tcp open mysql MySQL (unauthorized)
8888/tcp open http lighttpd 1.4.32
Which of the following tools should the tester use to quickly identify a potential attack path?

（A）sqlmap

（B）BeEF

（C）msfvenom

（D）SearchSploit

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

PT0-003 無料問題集「CompTIA PenTest+」

弊社を連絡する

関連リンク

トップ試験