PT0-003無料問題集「CompTIA PenTest+」

質問 1

During an engagement, a penetration tester needs to break the key for the Wi-Fi network that uses WPA2 encryption. Which of the following attacks would accomplish this objective?

（A）Replay

（B）KRACK

（C）Initialization vector

（D）ChopChop

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 2

A penetration tester is attempting to exfiltrate sensitive data from a client environment without alerting the client's blue team. Which of the following exfiltration methods most likely remain undetected?

（A）Domain Name System

（B）Cloud storage

（C）Test storage sites

（D）Email

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 3

A penetration tester needs to use the native binaries on a system in order to download a file from the internet and evade detection. Which of the following tools would the tester most likely use?

（A）certutil.exe

（B）netsh.exe

（C）nc.exe

（D）cmdkey.exe

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 4

Which of the following technologies is most likely used with badge cloning? (Select two).

（A）RFID

（B）CAN bus

（C）Bluetooth

（D）NFC

（E）Zigbee

（F）Modbus

正解：A、D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 5

A penetration tester is attempting to discover vulnerabilities in a company's web application. Which of the following tools would most likely assist with testing the security of the web application?

（A）Nikto

（B）sqlmap

（C）OpenVAS

（D）Nessus

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 6

During a penetration test, a junior tester uses Hunter.io for an assessment and plans to review the information that will be collected. Which of the following describes the information the junior tester will receive from the Hunter.io tool?

（A）Data breach information about the organization that could be used for additional enumeration

（B）Information from the target's main web page that collects usernames, metadata, and possible data exposures

（C）A collection of email addresses for the target domain that is available on multiple sources on the internet

（D）DNS records for the target domain and subdomains that could be used to increase the external attack surface

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 7

A penetration tester performs a service enumeration process and receives the following result after scanning a server using the Nmap tool:
PORT STATE SERVICE
22/tcp open ssh
25/tcp filtered smtp
111/tcp open rpcbind
2049/tcp open nfs
Based on the output, which of the following services provides the best target for launching an attack?

（A）Database

（B）File sharing

（C）Email

（D）Remote access

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 8

Which of the following is the most efficient way to infiltrate a file containing data that could be sensitive?

（A）Split the file in tiny pieces and send it over dnscat

（B）Compress the file and send it using TFTP

（C）Use steganography and send the file over FTP

（D）Encrypt and send the file over HTTPS

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 9

During a security assessment, a penetration tester needs to exploit a vulnerability in a wireless network's authentication mechanism to gain unauthorized access to the network. Which of the following attacks would the tester most likely perform to gain access?

（A）KARMA attack

（B）Eavesdropping

（C）Beacon flooding

（D）MAC address spoofing

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 10

SIMULATION
You are a penetration tester running port scans on a server.
INSTRUCTIONS
Part 1: Given the output, construct the command that was used to generate this output from the available options.
Part 2: Once the command is appropriately constructed, use the given output to identify the potential attack vectors that should be investigated further.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

正解：

Part 1 - 192.168.2.2 -O -sV --top-ports=100 and SMB vulns
Part 2 - Weak SMB file permissions
https://subscription.packtpub.com/book/networking-and-servers/9781786467454/1/ch01lvl1sec13/fingerprinting-os-and-services-running-on-a-target-host

PT0-003 無料問題集「CompTIA PenTest+」

弊社を連絡する

関連リンク

トップ試験