The latest CompTIA PT0-001 dumps by Lead4Pass helps you pass the PT0-001 exam for the first time! Lead4Pass Latest Update CompTIA PT0-001 VCE Dump and PT0-001 PDF Dumps, Lead4Pass PT0-001 Exam Questions Updated, Answers corrected! Get the latest LeadPass PT0-001 dumps with Vce and PDF: https://www.leads4pass.com/pt0-001.html (Q&As: 156 dumps)
[Free PT0-001 PDF] CompTIA PT0-001 Dumps PDF can be collected on Google Drive shared by Lead4Pass:
https://drive.google.com/file/d/1hono1WDO24n2ZiT8HsuCLmnL7Z9yMUhl/
[Lead4pass PT0-001 Youtube] CompTIA PT0-001 Dumps can be viewed on Youtube shared by Lead4Pass
CompTIA PT0-001 Online Exam Practice Questions
QUESTION 1
A penetration tester is checking a script to determine why some basic math errors are persisting. The expected result
was the program outputting “True”.
Given the output from the console above, which of the following explains how to correct the errors in the script? (Choose
two.)
A. Change fi\\’ to \\’Endlf
B. Remove the \\’let\\’ in front of \\’dest=5+5\\’.
C. Change the \\’=” to \\’-eq\\’.
D. Change -Source* and \\’dest\\’ to “Ssource” and “Sdest”
E. Change \\’else\\’ to \\’elif.
Correct Answer: BD
QUESTION 2
A company contracted a firm specializing in penetration testing to assess the security of a core business application.
The company provided the firm with a copy of the Java bytecode. Which of the following steps must the firm take before
it can run a static code analyzer?
A. Run the application through a dynamic code analyzer.
B. Employ a fuzzing utility.
C. Decompile the application.
D. Check memory allocations.
Correct Answer: D
QUESTION 3
A penetration tester is scanning a network for SSH and has a list of provided targets. Which of the following Nmap
commands should the tester use?
A. nmap -p 22 -iL targets
B. Nmap -p 22 -sL targets
C. Nmap -p 22 -oG targets
D. Nmap -p 22 -oA targets
Correct Answer: A
QUESTION 4
While trying to maintain persistence on a Windows system with limited privileges, which of the following registry keys
should the tester use?
A. HKEY_CLASSES_ROOT
B. HKEY_LOCAL_MACHINE
C. HKEY_CURRENT_USER
D. HKEY_CURRENT_CONFIG
Correct Answer: C
Reference: https://www.redcanary.com/blog/windows-registry-attacks-threat-detection/
QUESTION 5
A company has engaged a penetration tester to perform an assessment for an application that resides in the
company\\’s DMZ. Prior to conducting testing, in which of the following solutions should the penetration tester\\’s IP
address be whitelisted?
A. WAF
B. HIDS
C. NIDS
D. DLP
Correct Answer: C
QUESTION 6
A penetration tester has compromised a Windows server and is attempting to achieve persistence. Which of the following would achieve that goal?
A. schtasks.exe /create/tr “powershell.exe” Sv.ps1 /run
B. net session server | dsquery -user | net use c$
C. PowerShell andand set-execution policy unrestricted
D. reg save HKLM\System\CurrentControlSet\Services\Sv.reg
Correct Answer: D
QUESTION 7
A vulnerability scan identifies that an SSL certificate does not match the hostname; however, the client disputes the
finding. Which of the following techniques can the penetration tester perform to adjudicate the validity of the findings?
A. Ensure the scanner can make outbound DNS requests.
B. Ensure the scanner is configured to perform ARP resolution.
C. Ensure the scanner is configured to analyze IP hosts.
D. Ensure the scanner has the proper plugins loaded.
Correct Answer: A
QUESTION 8
A company performed an annual penetration test of its environment. In addition to several new findings, all of the
previously identified findings persisted in the latest report. Which of the following is the MOST likely reason?
A. Infrastructure is being replaced with similar hardware and software.
B. Systems administrators are applying the wrong patches.
C. The organization is not taking action to remediate identified findings.
D. The penetration testing tools were misconfigured.
Correct Answer: C
QUESTION 9
After several attempts, an attacker was able to gain unauthorized access through a biometric sensor using the
attacker\\’s actual fingerprint without exploitation. Which of the following is the MOST likely of what happened?
A. The biometric device is tuned more toward false positives
B. The biometric device is configured more toward true negatives
C. The biometric device is set to fail closed
D. The biometric device duplicated a valid user\\’s fingerprint.
Correct Answer: A
QUESTION 10
A penetration tester wants to target the NETBIOS name service. Which of the following is the most likely command to
exploit the NETBIOS name service?
A. arPspoof
B. Nmap
C. responder
D. burp suite
Correct Answer: B
Reference: http://www.hackingarticles.in/netbios-and-smb-penetration-testing-on-windows/
QUESTION 11
A penetration tester is utilizing social media to gather information about employees at a company. The tester has
created a list of popular words used in employee profile s. For which of the following types of attack would this
information be used?
A. Exploit chaining
B. Session hijacking
C. Dictionary
D. Karma
Correct Answer: C
QUESTION 12
A security consultant found a SCADA device in one of the VLANs in scope. Which of the following actions would BEST
create a potentially destructive outcome against the device?
A. Launch an SNMP password brute force attack against the device.
B. Lunch a Nessus vulnerability scan against the device.
C. Launch a DNS cache poisoning attack against the device.
D. Launch an SMB exploit against the device.
Correct Answer: A
QUESTION 13
Consumer-based IoT devices are often less secure than systems built for traditional desktop computers.
Which of the following BEST describes the reasoning for this?
A. Manufacturers developing IoT devices are less concerned with security.
B. It is difficult for administrators to implement the same security standards across the board.
C. IoT systems often lack the hardware power required by more secure solutions.
D. Regulatory authorities often have lower security requirements for IoT systems.
Correct Answer: A
latest updated CompTIA PT0-001 exam questions from the Lead4Pass PT0-001 dumps! 100% pass the PT0-001 exam! Download Lead4Pass PT0-001 VCE and PDF dumps: https://www.leads4pass.com/pt0-001.html (Q&As: 156 dumps)
Get free CompTIA PT0-001 dumps PDF online: https://drive.google.com/file/d/1hono1WDO24n2ZiT8HsuCLmnL7Z9yMUhl/