CompTIA PT0-003 Practice Test - Questions Answers, Page 15

A penetration tester reviews a SAST vulnerability scan report. The following vulnerability has been reported as high severity:

Source file: components.ts

Issue 2 of 12: Command injection

Severity: High

Call: .innerHTML = response

The tester inspects the source file and finds the variable response is defined as a constant and is not referred to or used in other sections of the code. Which of the following describes how the tester should classify this reported vulnerability?

Which of the following technologies is most likely used with badge cloning? (Select two).

A penetration tester attempts unauthorized entry to the company's server room as part of a security assessment. Which of the following is the best technique to manipulate the lock pins and open the door without the original key?

A penetration tester completes a scan and sees the following output on a host:

bash

Copy code

Nmap scan report for victim (10.10.10.10)

Host is up (0.0001s latency)

PORT STATE SERVICE

161/udp open|filtered snmp

445/tcp open microsoft-ds

3389/tcp open microsoft-ds

Running Microsoft Windows 7

OS CPE: cpe:/o:microsoft:windows_7_sp0

The tester wants to obtain shell access. Which of the following related exploits should the tester try first?

A client warns the assessment team that an ICS application is maintained by the manufacturer. Any tampering of the host could void the enterprise support terms of use. Which of the following techniques would be most effective to validate whether the application encrypts communications in transit?

A penetration tester finds that an application responds with the contents of the /etc/passwd file when the following payload is sent:

xml

Copy code

<?xml version='1.0'?>

<!DOCTYPE data [

<!ENTITY foo SYSTEM 'file:///etc/passwd' >

]>

<test>&foo;</test>

Which of the following should the tester recommend in the report to best prevent this type of vulnerability?

A penetration tester gains shell access to a Windows host. The tester needs to permanently turn off protections in order to install additional payload. Which of the following commands is most appropriate?

A penetration tester is performing a cloud-based penetration test against a company. Stakeholders have indicated the priority is to see if the tester can get into privileged systems that are not directly accessible from the internet. Given the following scanner information:

Server-side request forgery (SSRF) vulnerability in test.comptia.org

Reflected cross-site scripting (XSS) vulnerability in test2.comptia.org

Publicly accessible storage system named static_comptia_assets

SSH port 22 open to the internet on test3.comptia.org

Open redirect vulnerability in test4.comptia.org

Which of the following attack paths should the tester prioritize first?

A penetration testing team needs to determine whether it is possible to disrupt the wireless communications for PCs deployed in the client's offices. Which of the following techniques should the penetration tester leverage?