IT認証試験問題集
毎月、ITshikenは1500人以上の受験者が試験準備を助けて、試験に合格するために受験者にご協力します
 ホームページ / PT0-001 問題集  / PT0-001 問題練習

CompTIA PT0-001 問題練習

CompTIA PenTest+ Certification Exam 試験

最新更新時間: 2020/11/18,合計87問。

いい買物の日:PT0-001 最新真題を買う時、日本語版と英語版両方を同時に獲得できます。

実際の問題集を練習し、試験のポイントを了解し、テストに申し込むするかどうかを決めることができます。

さらに試験準備時間の35%を節約するには、PT0-001 問題集を使用してください。

 / 6

Question No : 1
A penetration tester identifies the following findings during an external vulnerability scan:



Which of the following attack strategies should be prioritized from the scan results above?

正解:

Question No : 2
A company requested a penetration tester review the security of an in-house developed Android application. The penetration tester received an APK file to support the assessment. The penetration tester wants to run SAST on the APK file.
Which of the following preparatory steps must the penetration tester do FIRST? (Select Two)

正解:

Question No : 3
Which of the following commands starts the Metasploit database?

正解:

Question No : 4
Consumer-based loT devices are often less secure than systems built for traditional desktop computers.
Which of the following BEST describes the reasoning for this?

正解:

Question No : 5
A penetration tester has compromised an internal Windows server during an assessment and wants to perform post-exploitation attacks against other machines on the network.
Which of the following would be MOST effective to download additional tools from a remote server?

正解:

Question No : 6
Which of the following CPU registers does the penetration tester need to overwrite in order to exploit a simple buffer overflow?

正解:

Question No : 7
A security assessor is attempting to craft specialized XML files to test the security of the parsing functions during ingest into a Windows application.
Before beginning to test the application, which of the following should the assessor request from the organization?

正解:

Question No : 8
Which of the following is an example of a pear phishing attack?

正解:

Question No : 9
A healthcare organization must abide by local regulations to protect and attest to the protection of personal health information of covered individuals.
Which of the following conditions should a penetration tester specifically test for when performing an assessment? (Select Two)

正解:

Question No : 10
An energy company contracted a security firm to perform a penetration test of a power plant, which employs ICS to manage power generation and cooling.
Which of the following is a consideration unique to such an environment that must be made by the firm when preparing for the assessment?

正解:

Question No : 11
A client has requested an external network penetration test for compliance certification purposes. During discussion between the client and the penetration tester, the client expresses unwillingness to the penetration tester’s source IP addresses to the client’s IPS whitelist for the duration of the test.
Which of the following is the BEST argument as to why the penetration testers source IP addresses should be whitelisted?

正解:

Question No : 12
Which of the following services is MOST likely to be found enabled on legacy RTOS deployments?

正解:

Question No : 13
After successfully exploiting a local file inclusion vulnerability within a web application, a limited reverse shell is spawned back to the penetration testers workstation.
Which of the following can be used to escape the limited shell and create a fully functioning TTY?

正解:

Question No : 14
A penetration tester is able to move laterally throughout a domain with minimal roadblocks after compromising a single workstation.
Which of the following mitigation strategies would be BEST to recommend in the report? (Select THREE)

正解:

Question No : 15
A penetration tester is performing ARP spoofing against a switch.
Which of the following should the penetration tester spoof to get the MOST information?

正解:

 / 6