CompTIA PenTest+ Certification Exam 試験
Question No : 1
A penetration tester identifies the following findings during an external vulnerability scan:
Which of the following attack strategies should be prioritized from the scan results above?
Question No : 2
A company requested a penetration tester review the security of an in-house developed Android application. The penetration tester received an APK file to support the assessment. The penetration tester wants to run SAST on the APK file.
Which of the following preparatory steps must the penetration tester do FIRST? (Select Two)
Question No : 3
Which of the following commands starts the Metasploit database?
Question No : 4
Consumer-based loT devices are often less secure than systems built for traditional desktop computers.
Which of the following BEST describes the reasoning for this?
Question No : 5
A penetration tester has compromised an internal Windows server during an assessment and wants to perform post-exploitation attacks against other machines on the network.
Which of the following would be MOST effective to download additional tools from a remote server?
Question No : 6
Which of the following CPU registers does the penetration tester need to overwrite in order to exploit a simple buffer overflow?
Question No : 7
A security assessor is attempting to craft specialized XML files to test the security of the parsing functions during ingest into a Windows application.
Before beginning to test the application, which of the following should the assessor request from the organization?
Question No : 8
Which of the following is an example of a pear phishing attack?
Question No : 9
A healthcare organization must abide by local regulations to protect and attest to the protection of personal health information of covered individuals.
Which of the following conditions should a penetration tester specifically test for when performing an assessment? (Select Two)
Question No : 10
An energy company contracted a security firm to perform a penetration test of a power plant, which employs ICS to manage power generation and cooling.
Which of the following is a consideration unique to such an environment that must be made by the firm when preparing for the assessment?
Question No : 11
A client has requested an external network penetration test for compliance certification purposes. During discussion between the client and the penetration tester, the client expresses unwillingness to the penetration tester’s source IP addresses to the client’s IPS whitelist for the duration of the test.
Which of the following is the BEST argument as to why the penetration testers source IP addresses should be whitelisted?
Question No : 12
Which of the following services is MOST likely to be found enabled on legacy RTOS deployments?
Question No : 13
After successfully exploiting a local file inclusion vulnerability within a web application, a limited reverse shell is spawned back to the penetration testers workstation.
Which of the following can be used to escape the limited shell and create a fully functioning TTY?
Question No : 14
A penetration tester is able to move laterally throughout a domain with minimal roadblocks after compromising a single workstation.
Which of the following mitigation strategies would be BEST to recommend in the report? (Select THREE)
Question No : 15
A penetration tester is performing ARP spoofing against a switch.
Which of the following should the penetration tester spoof to get the MOST information?