PT0-003無料問題集「CompTIA PenTest+」

質問 1

A tester performs a vulnerability scan and identifies several outdated libraries used within the customer SaaS product offering. Which of the following types of scans did the tester use to identify the libraries?

（A）DAST

（B）IAST

（C）SAST

（D）SBOM

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 2

During an engagement, a penetration tester found some weaknesses that were common across the customer's entire environment. The weaknesses included the following:
Weaker password settings than the company standard
Systems without the company's endpoint security software installed
Operating systems that were not updated by the patch management system
Which of the following recommendations should the penetration tester provide to address the root issue?

（A）Add all systems to the vulnerability management system.

（B）Patch the out-of-date operating systems.

（C）Implement a configuration management system.

（D）Deploy an endpoint detection and response system.

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 3

A penetration tester enumerates a legacy Windows host on the same subnet. The tester needs to select exploit methods that will have the least impact on the host's operating stability. Which of the following commands should the tester try first?

（A）responder -I eth0 john responder_output.txt <rdp to target>

（B）hydra -L administrator -P /path/to/pwlist.txt -t 100 rdp://<target_host>

（C）msf > use <module_name> msf > set <options> msf > set PAYLOAD windows/meterpreter/reverse_tcp msf > run

（D）python3 ./buffer_overflow_with_shellcode.py <target> 445

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 4

After a recent penetration test was conducted by the company's penetration testing team, a systems administrator notices the following in the logs:
2/10/2023 05:50AM C:\users\mgranite\schtasks /query
2/10/2023 05:53AM C:\users\mgranite\schtasks /CREATE /SC DAILY
Which of the following best explains the team's objective?

（A）To determine the users' permissions

（B）To view scheduled processes

（C）To create persistence in the network

（D）To enumerate current users

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 5

While performing an internal assessment, a tester uses the following command:
crackmapexec smb 192.168.1.0/24 -u user.txt -p Summer123@
Which of the following is the main purpose of the command?

（A）To perform a pass-the-hash attack over multiple endpoints within the internal network

（B）To perform password spraying on internal systems

（C）To execute a command in multiple endpoints at the same time

（D）To perform common protocol scanning within the internal network

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 6

A penetration tester runs a vulnerability scan that identifies several issues across numerous customer hosts. The executive report outlines the following information:
Server High-severity vulnerabilities
1. Development sandbox server 32
2. Back office file transfer server 51
3. Perimeter network web server 14
4. Developer QA server 92
The client is concerned about the availability of its consumer-facing production application. Which of the following hosts should the penetration tester select for additional manual testing?

（A）Server 3

（B）Server 2

（C）Server 4

（D）Server 1

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 7

During an external penetration test, a tester receives the following output from a tool:
test.comptia.org
info.comptia.org
vpn.comptia.org
exam.comptia.org
Which of the following commands did the tester most likely run to get these results?

（A）nmap -Pn -sV -vv -A comptia.org

（B）amass enum -passive -d comptia.org

（C）nslookup -type=SOA comptia.org

（D）shodan host comptia.org

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 8

A penetration tester assesses an application allow list and has limited command-line access on the Windows system. Which of the following would give the penetration tester information that could aid in continuing the test?

（A）mmc.exe

（B）nltest.exe

（C）rundll.exe

（D）icacls.exe

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 9

A penetration tester performs a service enumeration process and receives the following result after scanning a server using the Nmap tool:
PORT STATE SERVICE
22/tcp open ssh
25/tcp filtered smtp
111/tcp open rpcbind
2049/tcp open nfs
Based on the output, which of the following services provides the best target for launching an attack?

（A）Database

（B）File sharing

（C）Email

（D）Remote access

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 10

A penetration tester performs an assessment on the target company's Kubernetes cluster using kube-hunter. Which of the following types of vulnerabilities could be detected with the tool?

（A）Application deployment issues in Kubernetes

（B）Network configuration errors in Kubernetes services

（C）Security vulnerabilities specific to Docker containers

（D）Weaknesses and misconfigurations in the Kubernetes cluster

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

PT0-003 無料問題集「CompTIA PenTest+」

弊社を連絡する

関連リンク

トップ試験