ExamGecko
Login
Home / CompTIA / PT0-002 / List of questions
Ask Question

CompTIA PT0-002 Practice Test - Questions Answers, Page 37

Add to Whishlist

List of questions

Question 361

Report Export Collapse

A penetration tester issues the following command after obtaining a low-privilege reverse shell: wmic service get name,pathname,startmode

Which of the following is the most likely reason the penetration tester ran this command?

Become a Premium Member for full access
  Unlock Premium Member

Question 362

Report Export Collapse

Which of the following tools can a penetration tester use to brute force a user password over SSH using multiple threads?

Become a Premium Member for full access
  Unlock Premium Member

Question 363

Report Export Collapse

A penetration tester is taking screen captures of hashes obtained from a domain controller. Which of the following best explains why the penetration tester should immediately obscure portions of the images before saving?

Become a Premium Member for full access
  Unlock Premium Member

Question 364

Report Export Collapse

Which of the following types of information would most likely be included in an application security assessment report addressed to developers? (Select two).

Become a Premium Member for full access
  Unlock Premium Member

Question 365

Report Export Collapse

A penetration tester is conducting an assessment for an e-commerce company and successfully copies the user database to the local machine. After a closer review, the penetration tester identifies several high-profile celebrities who have active user accounts with the online service. Which of the following is the most appropriate next step?

Become a Premium Member for full access
  Unlock Premium Member

Question 366

Report Export Collapse

A penetration tester is reviewing the logs of a proxy server and discovers the following URLs:

https://test.comptia.com/profile.php?userid=1546

https://test.cpmptia.com/profile.php?userid=5482

https://test.comptia.com/profile.php?userid=3618

Which of the following types of vulnerabilities should be remediated?

Become a Premium Member for full access
  Unlock Premium Member

Question 367

Report Export Collapse

Given the following user-supplied data:

www.comptia.com/info.php?id=1 AND 1=1

Which of the following attack techniques is the penetration tester likely implementing?

Become a Premium Member for full access
  Unlock Premium Member

Question 368

Report Export Collapse

A penetration tester is conducting an assessment of an organization that has both a web and mobile application. While testing the user profile page, the penetration tester notices that additional data is returned in the API response, which is not displayed in the web user interface. Which of the following is the most effective technique to extract sensitive user data?

Become a Premium Member for full access
  Unlock Premium Member

Question 369

Report Export Collapse

During an assessment, a penetration tester discovers the following code sample in a web application:

'(&(userid=*)(userid=*))(I(userid=*)(userPwd=(SHAl}a9993e364706816aba3e25717850c26c9cd0d89d==))

Which of the following injections is being performed?

Become a Premium Member for full access
  Unlock Premium Member

Question 370

Report Export Collapse

Which of the following tools would be best to use to conceal data in various kinds of image files?

Become a Premium Member for full access
  Unlock Premium Member
Total 464 questions
Go to page: of 47
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A penetration tester gains access to a system and is able to migrate to a user process: Given the output above, which of the following actions is the penetration tester performing? (Choose two.)
After successfully compromising a remote host, a security consultant notices an endpoint protection software is running on the host. Which of the following commands would be best for the consultant to use to terminate the protection software and its child processes?
A penetration tester is conducting an assessment against a group of publicly available web servers and notices a number of TCP resets returning from one of the web servers. Which of the following is MOST likely causing the TCP resets to occur during the assessment?
When accessing the URL http://192.168.0-1/validate/user.php , a penetration tester obtained the following output: ..d index: eid in /apache/www/validate/user.php line 12 ..d index: uid in /apache/www/validate/user.php line 13 ..d index: pw in /apache/www/validate/user.php line 14 ..d index: acl in /apache/www/validate/user.php line 15
A Chief Information Security Officer wants a penetration tester to evaluate the security awareness level of the company's employees. Which of the following tools can help the tester achieve this goal?
An organization is using Android mobile devices but does not use MDM services. Which of the following describes an existing risk present in this scenario?
A penetration tester is conducting an unknown environment test and gathering additional information that can be used for later stages of an assessment. Which of the following would most likely produce useful information for additional testing?
Which of the following components should a penetration tester most likely include in a report at the end of an assessment?
A penetration tester was hired to test Wi-Fi equipment. Which of the following tools should be used to gather information about the wireless network?
A consulting company is completing the ROE during scoping. Which of the following should be included in the ROE?