PT0-003 無料問題集「CompTIA PenTest+」
In a file stored in an unprotected source code repository, a penetration tester discovers the following line of code:
sshpass -p donotchange ssh [email protected]
Which of the following should the tester attempt to do next to take advantage of this information? (Select two).
sshpass -p donotchange ssh [email protected]
Which of the following should the tester attempt to do next to take advantage of this information? (Select two).
正解:C、F
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
A penetration tester established an initial compromise on a host. The tester wants to pivot to other targets and set up an appropriate relay. The tester needs to enumerate through the compromised host as a relay from the tester's machine. Which of the following commands should the tester use to do this task from the tester's host?
正解:D
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
A penetration tester runs a vulnerability scan that identifies several issues across numerous customer hosts. The executive report outlines the following information:
Server High-severity vulnerabilities
1. Development sandbox server 32
2. Back office file transfer server 51
3. Perimeter network web server 14
4. Developer QA server 92
The client is concerned about the availability of its consumer-facing production application. Which of the following hosts should the penetration tester select for additional manual testing?
Server High-severity vulnerabilities
1. Development sandbox server 32
2. Back office file transfer server 51
3. Perimeter network web server 14
4. Developer QA server 92
The client is concerned about the availability of its consumer-facing production application. Which of the following hosts should the penetration tester select for additional manual testing?
正解:A
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
In a cloud environment, a security team discovers that an attacker accessed confidential information that was used to configure virtual machines during their initialization. Through which of the following features could this information have been accessed?
正解:C
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
A penetration tester is working on an engagement in which a main objective is to collect confidential information that could be used to exfiltrate data and perform a ransomware attack. During the engagement, the tester is able to obtain an internal foothold on the target network. Which of the following is the next task the tester should complete to accomplish the objective?
正解:A
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)