The latest updated CompTIA PT0-001 exam dumps and free PT0-001 exam practice questions and answers! Latest updates from leads4pass CompTIA PT0-001 Dumps PDF and PT0-001 Dumps VCE, leads4pass PT0-001 exam questions updated and answers corrected!
Get the full CompTIA PT0-001 dumps from https://www.leads4pass.com/pt0-001.html (VCE&PDF)
Latest PT0-001 PDF for free
Share the CompTIA PT0-001 Dumps PDF for free From leads4pass PT0-001 Dumps part of the distraction collected on Google Drive shared by leads4pass
https://drive.google.com/file/d/11bPIY6jonEfvcjgCaEidIg2yWWKdN3pX/
Latest leads4pass PT0-001 Youtube
Share the latest CompTIA PT0-001 exam practice questions and answers for free from Led4Pass Dumps viewed online by Youtube Videos
The latest updated CompTIA PT0-001 Exam Practice Questions and Answers Online Practice Test is free to share from leads4pass (Q1-Q13)
QUESTION 1
Which of the following tools would a penetration tester leverage to conduct OSINT? (Select TWO).
A. Shodan
B. SET
C. BeEF
D. Wireshark
E. Maltego
F. Dynamo
Correct Answer: AE
References: https://resources.infosecinstitute.com/top-five-open-source-intelligence-osint-tools/#gref
Â
QUESTION 2
Which of the following is an example of a spear-phishing attack?
A. Targeting an executive with an SMS attack
B. Targeting a specific team with an email attack
C. Targeting random users with a USB key drop
D. Targeting an organization with a watering hole attack
Correct Answer: A
Reference: https://www.comparitech.com/blog/information-security/spear-phishing/
Â
QUESTION 3
During the information gathering phase of a network penetration test for the corp.local domain, which of the following
commands would provide a list of domain controllers?
A. nslookup -type=srv _ldap._tcp.dc._msdcs.corp.local
B. nmap -sV -p 389 – -script=ldap-rootdse corp.local
C. net group “Domain Controllers” /domain
D. gpresult /d corp.local /r “Domain Controllers”
Correct Answer: A
QUESTION 4
An attacker uses SET to make a copy of a company\\’s cloud-hosted webmail portal and sends an email m to obtain the
CEO s login credentials Which of the following types of attacks is this an example of?
A. Elicitation attack
B. Impersonation attack
C. Spear phishing attack
D. Drive-by download attack
Correct Answer: A
Reference: https://www.social-engineer.org/framework/influencing-others/elicitation/
Â
QUESTION 5
An assessor begins an internal security test of the Windows domain internal.comptia.net. The assessor is given network
access via DHCP but is not given any network maps or target IP addresses. Which of the following commands can the
assessor use to find any likely Windows domain controllers?
A. dig -q any _kerberos._tcp.internal.comptia.net
B. dig -q any _lanman._tcp.internal.comptia.net
C. dig -q any _ntlm._tcp.internal.comptia.net
D. dig -q any _smtp._tcp.internal.comptia.net
Correct Answer: A
Â
QUESTION 6
A penetration tester has successfully deployed an evil twin and is starting to see some victim traffic. The next step the
penetration tester wants to take is to capture all the victim web traffic unencrypted. Which of the following would BEST
meet this goal?
A. Perform an HTTP downgrade attack.
B. Harvest the user credentials to decrypt traffic.
C. Perform a MITM attack.
D. Implement a CA attack by impersonating trusted CAs.
Correct Answer: A
QUESTION 7
A consultant is performing a social engineering attack against a client. The consultant was able to collect a number of
usernames and passwords using a phishing campaign. The consultant is given credentials to log on to various employees’ email accounts. Given the findings, which of the following should the consultant recommend be
implemented?
A. Strong password policy
B. Password encryption
C. Email system hardening
D. Two-factor authentication
Correct Answer: D
Â
QUESTION 8
During an internal penetration test, several multicasts and broadcast name resolution requests are observed traversing
the network. Which of the following tools could be used to impersonate network resources and collect authentication
requests?
A. Ettercap
B. Tcpdump
C. Responder
D. Medusa
Correct Answer: C
Â
QUESTION 9
DRAG DROP
Instructions:
Analyze the code segments to determine which sections are needed to complete a port scanning script.
Drag the appropriate elements into the correct locations to complete the script.
If at any time you would like to bring back the initial state of the simulation, please click the reset all button.
During a penetration test, you gain access to a system with a limited user interface. This machine appears to have
access to an isolated network that you would like to port scan.
Select and Place:
Correct Answer:
Â
QUESTION 10
A penetration tester is performing ARP spoofing against a switch. Which of the following should the penetration tester
spoof to get the MOST information?
A. MAC address of the client
B. MAC address of the domain controller
C. MAC address of the webserver
D. MAC address of the gateway
Correct Answer: D
Â
QUESTION 11
Which of the following vulnerabilities is MOST likely to be false positives when reported by an automated scanner on a
static HTML web page? (Choose two.)
A. Missing secure flag for a sensitive cookie
B. Reflected cross-site scripting
C. Enabled directory listing
D. Insecure HTTP methods allowed
E. Unencrypted transfer of sensitive data
F. Command injection
G. Disclosure of internal system information
H. Support of weak cipher suites
Correct Answer: FG
Â
QUESTION 12
In a physical penetration testing scenario, the penetration tester obtains physical access to a laptop following potential
NEXT step to extract credentials from the device?
A. Brute force the user\\’s password.
B. Perform an ARP spoofing attack.
C. Leverage the BeEF framework to capture credentials.
D. Conduct LLMNR/NETBIOS-ns poisoning.
Correct Answer: A
Â
QUESTION 13
A penetration tester is performing a code review. Which of the following testing techniques is being performed?
A. Dynamic analysis
B. Fuzzing analysis
C. Static analysis
D. Run-time analysis
Correct Answer: C
Reference: https://smartbear.com/learn/code-review/what-is-code-review/
Fulldumps shares the latest updated CompTIA PT0-001 exam exercise questions, PT0-001 dumps pdf, and Youtube video learning for free.
All exam questions and answers come from the leads4pass exam dumps shared part! leads4pass updates throughout the year and shares a portion of your exam questions for free to help you understand the exam content and enhance your exam experience!
Get the full CompTIA PT0-001 exam dumps questions at https://www.leads4pass.com/pt0-001.html (pdf&vce)
ps.
Get free CompTIA PT0-001 dumps PDF online: https://drive.google.com/file/d/11bPIY6jonEfvcjgCaEidIg2yWWKdN3pX/