CompTIA PenTest.pdf
(
81 KB
)
Pobierz
CompTIA PenTest+ Certification Practice
Questions
Question 1
During an external vulnerability scan, the penetration tester finds that telnet, ftp, and
http are open inbound on a storage server at the customer site. This information has
been relayed to the customer after the penetration test has been completed. Which of the
following is the BEST mitigation for this vulnerability?
A. The customer should enable two-factor authentication.
B. The customer should wrap http in TLS.
C. The customer should move the services to non-standard ports.
D. The customer should use system hardening guides to close unnecessary services and ports.
Question 2
A penetration tester finds a username with a relative ID (RID) of 500 on a Windows
device. Which of the following privilege levels does this user have?
A. Administrator
B. User
C. Guest
D. Power user
Question 3
A penetration tester notices the results from an external vulnerability scan are
unreliable. The same IP address has shown different vulnerabilities each time it is
scanned. Which of the following is the MOST likely cause for this?
A. The address being scanned is a load balancer with systems behind it.
B. The vulnerability scanner is reporting false positives.
C. The customer has been patching and rolling back their updates.
D. The vulnerability scanner is improperly configured.
Question 4
A web application is coded in such a way that it concatenates user input directly into a
database query:
http://example.com?page=news&ID=14
To which of the following vulnerabilities could this situation apply?
A. XML injection
B. Insecure direct object reference
C. Insecure cross-origin resource sharing
D. SQL injection
Question 5
Output from a static code analyzer shows a high number of null pointer issues. Which of
the following is the MOST likely cause of this issue?
A. Improper use of named pipes
B. Poor file-system integration
C. Lack of variable initialization
D. Bad socket programming
Question 6
A penetration tester is removing a local admin account from a target system, clearing
credentials from an exploitation framework, and purging copies of documents from the
laptop that was used to create reports. Which of the following is the penetration tester
performing?
A. Attestation of findings
B. Post-engagement cleanup
C. Deception techniques
D. Remediation steps
Question 7
HTTP is being used during authentication on a target network. Which of the following
passive reconnaissance techniques can help a penetration tester obtain a user's
credentials?
A. Traffic throttling
B. Traffic sniffing
C. Traffic shaping
D. Traffic blocking
Question 8
While scoping a compliance-based assessment, which of the following MUST be
considered?
A. Protocols used
B. Stealth
C. Bandwidth limitations
D. Local and national laws
PenTest+ Answer Key
Question 1)
D. The customer should use system hardening guides to close unnecessary
services and ports.
Question 2)
A. Administrator
Question 3)
A. The address being scanned is a load balancer with systems behind it.
Question 4)
D. SQL injection
Question 5)
C. Lack of variable initialization
Question 6)
B. Post-engagement cleanup
Question 7)
B. Traffic sniffing
Question 8)
D. Local and national laws
Plik z chomika:
panrusiu
Inne pliki z tego folderu:
C+_Porady_i_Metody.pdf
(102116 KB)
Helion - Visual Studio .NET .NET Framework. Czarna księga(1).pdf
(83887 KB)
Eugeniusz Wróbel - Programowanie w Języku Asemblera MASM.pdf
(50304 KB)
Ed Wilson - Windows PowerShell - Najlepsze Praktyki.pdf
(24653 KB)
Helion - Visual Studio .NET .NET Framework. Czarna księga.pdf
(83887 KB)
Inne foldery tego chomika:
❎ MECHANIKA
Complete IT Books Pack
cybersecurity_2021_by_packt
Książki Angielskie Hackowanie lub Programowanie
Linux Kali Linux & hack
Zgłoś jeśli
naruszono regulamin