ExamGecko
Search Search Login
Home Home / CompTIA / PT0-003

CompTIA PT0-003 Practice Test - Questions Answers, Page 9

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A penetration tester needs to evaluate the order in which the next systems will be selected for testing. Given the following output: Hostname | IP address | CVSS 2.0 | EPSS hrdatabase | 192.168.20.55 | 9.9 | 0.50 financesite | 192.168.15.99 | 8.0 | 0.01 legaldatabase | 192.168.10.2 | 8.2 | 0.60 fileserver | 192.168.125.7 | 7.6 | 0.90 Which of the following targets should the tester select next?
During a security assessment, a penetration tester needs to exploit a vulnerability in a wireless network's authentication mechanism to gain unauthorized access to the network. Which of the following attacks would the tester most likely perform to gain access?
A penetration tester gains initial access to a target system by exploiting a recent RCE vulnerability. The patch for the vulnerability will be deployed at the end of the week. Which of the following utilities would allow the tester to reenter the system remotely after the patch has been deployed? (Select two).
During a security audit, a penetration tester wants to run a process to gather information about a target network's domain structure and associated IP addresses. Which of the following tools should the tester use?
During a penetration test, a junior tester uses Hunter.io for an assessment and plans to review the information that will be collected. Which of the following describes the information the junior tester will receive from the Hunter.io tool?
A penetration tester needs to collect information over the network for further steps in an internal assessment. Which of the following would most likely accomplish this goal?
A penetration tester presents the following findings to stakeholders: Control | Number of findings | Risk | Notes Encryption | 1 | Low | Weak algorithm noted Patching | 8 | Medium | Unsupported systems System hardening | 2 | Low | Baseline drift observed Secure SDLC | 10 | High | Libraries have vulnerabilities Password policy | 0 | Low | No exceptions noted Based on the findings, which of the following recommendations should the tester make? (Select two).
Which of the following describes the process of determining why a vulnerability scanner is not providing results?
A penetration tester needs to launch an Nmap scan to find the state of the port for both TCP and UDP services. Which of the following commands should the tester use?
Which of the following tasks would ensure the key outputs from a penetration test are not lost as part of the cleanup and restoration activities?

Question 81

Report
Export
Collapse

A penetration tester gains access to a Windows machine and wants to further enumerate users with native operating system credentials. Which of the following should the tester use?

A.
route.exe print
A.
route.exe print
Answers
B.
netstat.exe -ntp
B.
netstat.exe -ntp
Answers
C.
net.exe commands
C.
net.exe commands
Answers
D.
strings.exe -a
D.
strings.exe -a
Answers
Suggested answer: C

Explanation:

To further enumerate users on a Windows machine using native operating system commands, the tester should use net.exe commands. The net command is a versatile tool that provides various network functionalities, including user enumeration.

net.exe:

net user: This command displays a list of user accounts on the local machine.

net user

net localgroup: This command lists all local groups, and by specifying a group name, it can list the members of that group.

net localgroup administrators

Enumerating Users:

List All Users: The net user command provides a comprehensive list of all user accounts configured on the system.

Group Memberships: The net localgroup command can be used to see which users belong to specific groups, such as administrators.

Pentest

Reference:

Post-Exploitation: After gaining initial access, enumerating user accounts helps understand the structure and potential targets for privilege escalation.

Windows Commands: Leveraging built-in commands like net for enumeration ensures that no additional tools need to be uploaded to the target system, reducing the risk of detection.

Using net.exe commands, the penetration tester can effectively enumerate user accounts and group memberships on the compromised Windows machine, aiding in further exploitation and privilege escalation.

Question 82

Report
Export
Collapse

Which of the following is a term used to describe a situation in which a penetration tester bypasses physical access controls and gains access to a facility by entering at the same time as an employee?

A.
Badge cloning
A.
Badge cloning
Answers
B.
Shoulder surfing
B.
Shoulder surfing
Answers
C.
Tailgating
C.
Tailgating
Answers
D.
Site survey
D.
Site survey
Answers
Suggested answer: C

Explanation:

Tailgating is the term used to describe a situation where a penetration tester bypasses physical access controls and gains access to a facility by entering at the same time as an employee.

Tailgating:

Definition: Tailgating occurs when an unauthorized person follows an authorized person into a restricted area without the latter's consent or knowledge. The authorized person typically opens a door or checkpoint, and the unauthorized person slips in behind them.

Example: An attacker waits near the entrance of a building and enters right after an employee, bypassing security measures.

Physical Security:

Importance: Physical security is a crucial aspect of overall security posture. Tailgating exploits human factors and weaknesses in physical security controls.

Prevention: Security measures such as turnstiles, mantraps, and security personnel can help prevent tailgating.

Pentest

Reference:

Physical Penetration Testing: Tailgating is a common technique used in physical penetration tests to assess the effectiveness of an organization's physical security controls.

Social Engineering: Tailgating often involves social engineering, where the attacker relies on the politeness or unawareness of the employee to gain unauthorized access.

By understanding and using tailgating, penetration testers can evaluate the effectiveness of an organization's physical security measures and identify potential vulnerabilities that could be exploited by malicious actors.

Question 83

Report
Export
Collapse

A penetration tester wants to check the security awareness of specific workers in the company with targeted attacks. Which of the following attacks should the penetration tester perform?

A.
Phishing
A.
Phishing
Answers
B.
Tailgating
B.
Tailgating
Answers
C.
Whaling
C.
Whaling
Answers
D.
Spear phishing
D.
Spear phishing
Answers
Suggested answer: D

Explanation:

Spear phishing is a targeted email attack aimed at specific individuals within an organization. Unlike general phishing, spear phishing is personalized and often involves extensive reconnaissance to increase the likelihood of success.

Step-by-Step Explanation

Understanding Spear Phishing:

Targeted Attack: Focuses on specific individuals or groups within an organization.

Customization: Emails are customized based on the recipient's role, interests, or recent activities.

Purpose:

Testing Security Awareness: Evaluates how well individuals recognize and respond to phishing attempts.

Information Gathering: Attempts to collect sensitive information such as credentials, financial data, or personal details.

Process:

Reconnaissance: Gather information about the target through social media, public records, and other sources.

Email Crafting: Create a convincing email that appears to come from a trusted source.

Delivery and Monitoring: Send the email and monitor for responses or actions taken by the recipient.

Reference from Pentesting Literature:

Spear phishing is highlighted in penetration testing methodologies for testing security awareness and the effectiveness of email filtering systems.

HTB write-ups and phishing simulation exercises often detail the use of spear phishing to assess organizational security.

Penetration Testing - A Hands-on Introduction to Hacking

HTB Official Writeups

Question 84

Report
Export
Collapse

A penetration tester wants to create a malicious QR code to assist with a physical security assessment. Which of the following tools has the built-in functionality most likely needed for this task?

A.
BeEF
A.
BeEF
Answers
B.
John the Ripper
B.
John the Ripper
Answers
C.
ZAP
C.
ZAP
Answers
D.
Evilginx
D.
Evilginx
Answers
Suggested answer: A

Explanation:

BeEF (Browser Exploitation Framework) is a penetration testing tool that focuses on web browsers. It has built-in functionality for generating malicious QR codes, which can be used to direct users to malicious websites, execute browser-based attacks, or gather information.

Step-by-Step Explanation

Understanding BeEF:

Purpose: BeEF is designed to exploit vulnerabilities in web browsers and gather information from compromised browsers.

Features: Includes tools for generating malicious payloads, QR codes, and social engineering techniques.

Creating Malicious QR Codes:

Functionality: BeEF has a feature to generate QR codes that, when scanned, redirect the user to a malicious URL controlled by the attacker.

Command: Generate a QR code that directs to a BeEF hook URL.

beef -x --qr

Usage in Physical Security Assessments:

Deployment: Place QR codes in strategic locations to test whether individuals scan them and subsequently compromise their browsers.

Exploitation: Once scanned, the QR code can lead to browser exploitation, information gathering, or other payload execution.

Reference from Pentesting Literature:

BeEF is commonly discussed in penetration testing guides for its browser exploitation capabilities.

HTB write-ups and social engineering exercises often mention the use of BeEF for creating malicious QR codes and exploiting browser vulnerabilities.

Penetration Testing - A Hands-on Introduction to Hacking

HTB Official Writeups

Question 85

Report
Export
Collapse

A penetration tester needs to help create a threat model of a custom application. Which of the following is the most likely framework the tester will use?

A.
MITRE ATT&CK
A.
MITRE ATT&CK
Answers
B.
OSSTMM
B.
OSSTMM
Answers
C.
CI/CD
C.
CI/CD
Answers
D.
DREAD
D.
DREAD
Answers
Suggested answer: D

Explanation:

The DREAD model is a risk assessment framework used to evaluate and prioritize the security risks of an application. It stands for Damage potential, Reproducibility, Exploitability, Affected users, and Discoverability.

Step-by-Step Explanation

Understanding DREAD:

Purpose: Provides a structured way to assess and prioritize risks based on their potential impact and likelihood.

Components:

Damage Potential: The extent of harm that an exploit could cause.

Reproducibility: How easily the exploit can be reproduced.

Exploitability: The ease with which the vulnerability can be exploited.

Affected Users: The number of users affected by the exploit.

Discoverability: The likelihood that the vulnerability will be discovered.

Usage in Threat Modeling:

Evaluation: Assign scores to each DREAD component to assess the overall risk.

Prioritization: Higher scores indicate higher risks, helping prioritize remediation efforts.

Process:

Identify Threats: Enumerate potential threats to the application.

Assess Risks: Use the DREAD model to evaluate each threat.

Prioritize: Focus on addressing the highest-scoring threats first.

Reference from Pentesting Literature:

The DREAD model is widely discussed in threat modeling and risk assessment sections of penetration testing guides.

HTB write-ups often include references to DREAD when explaining how to assess and prioritize vulnerabilities in applications.

Penetration Testing - A Hands-on Introduction to Hacking

HTB Official Writeups

Question 86

Report
Export
Collapse

During a penetration test, a tester attempts to pivot from one Windows 10 system to another Windows system. The penetration tester thinks a local firewall is blocking connections. Which of the following command-line utilities built into Windows is most likely to disable the firewall?

A.
certutil.exe
A.
certutil.exe
Answers
B.
bitsadmin.exe
B.
bitsadmin.exe
Answers
C.
msconfig.exe
C.
msconfig.exe
Answers
D.
netsh.exe
D.
netsh.exe
Answers
Suggested answer: D

Explanation:

Understanding netsh.exe:

Purpose: Configures network settings, including IP addresses, DNS, and firewall settings.

Firewall Management: Can enable, disable, or modify firewall rules.

Disabling the Firewall:

Command: Use netsh.exe to disable the firewall.

netsh advfirewall set allprofiles state off

Usage in Penetration Testing:

Pivoting: Disabling the firewall can help the penetration tester pivot from one system to another by removing network restrictions.

Command Execution: Ensure the command is executed with appropriate privileges.

Reference from Pentesting Literature:

netsh.exe is commonly mentioned in penetration testing guides for configuring network settings and managing firewalls.

HTB write-ups often reference the use of netsh.exe for managing firewall settings during network-based penetration tests.

Penetration Testing - A Hands-on Introduction to Hacking

HTB Official Writeups

Question 87

Report
Export
Collapse

A penetration tester is performing network reconnaissance. The tester wants to gather information about the network without causing detection mechanisms to flag the reconnaissance activities. Which of the following techniques should the tester use?

A.
Sniffing
A.
Sniffing
Answers
B.
Banner grabbing
B.
Banner grabbing
Answers
C.
TCP/UDP scanning
C.
TCP/UDP scanning
Answers
D.
Ping sweeps
D.
Ping sweeps
Answers
Suggested answer: A

Explanation:

To gather information about the network without causing detection mechanisms to flag the reconnaissance activities, the penetration tester should use sniffing.

Sniffing:

Definition: Sniffing involves capturing and analyzing network traffic passing through the network. It is a passive reconnaissance technique that does not generate detectable traffic on the network.

Tools: Tools like Wireshark and tcpdump are commonly used for sniffing. They capture packets and provide insights into network communications, protocols in use, devices, and potential vulnerabilities.

Advantages:

Stealthy: Since sniffing is passive, it does not generate additional traffic that could be detected by intrusion detection systems (IDS) or other monitoring tools.

Information Gathered: Sniffing can reveal IP addresses, MAC addresses, open ports, running services, and potentially sensitive information transmitted in plaintext.

Comparison with Other Techniques:

Banner Grabbing: Active technique that sends requests to a target service to gather information from banners, which can be detected.

TCP/UDP Scanning: Active technique that sends packets to probe open ports and services, easily detected by network monitoring tools.

Ping Sweeps: Active technique that sends ICMP echo requests to determine live hosts, also detectable by network monitoring.

Pentest

Reference:

Reconnaissance Phase: Using passive techniques like sniffing during the initial reconnaissance phase helps gather information without alerting the target.

Network Analysis: Understanding the network topology and identifying key assets and vulnerabilities without generating traffic that could trigger alarms.

By using sniffing, the penetration tester can gather detailed information about the network in a stealthy manner, minimizing the risk of detection.

Question 88

Report
Export
Collapse

A penetration tester established an initial compromise on a host. The tester wants to pivot to other targets and set up an appropriate relay. The tester needs to enumerate through the compromised host as a relay from the tester's machine. Which of the following commands should the tester use to do this task from the tester's host?

A.
attacker_host$ nmap -sT <target_cidr> | nc -n <compromised_host> 22
A.
attacker_host$ nmap -sT <target_cidr> | nc -n <compromised_host> 22
Answers
B.
attacker_host$ mknod backpipe p attacker_host$ nc -l -p 8000 | 0<backpipe | nc <target_cidr> 80 | tee backpipe
B.
attacker_host$ mknod backpipe p attacker_host$ nc -l -p 8000 | 0<backpipe | nc <target_cidr> 80 | tee backpipe
Answers
C.
attacker_host$ nc -nlp 8000 | nc -n <target_cidr> attacker_host$ nmap -sT 127.0.0.1 8000
C.
attacker_host$ nc -nlp 8000 | nc -n <target_cidr> attacker_host$ nmap -sT 127.0.0.1 8000
Answers
D.
attacker_host$ proxychains nmap -sT <target_cidr>
D.
attacker_host$ proxychains nmap -sT <target_cidr>
Answers
Suggested answer: D

Explanation:

ProxyChains is a tool that allows you to route your traffic through a chain of proxy servers, which can be used to anonymize your network activity. In this context, it is being used to route Nmap scan traffic through the compromised host, allowing the penetration tester to pivot and enumerate other targets within the network.

Step-by-Step Explanation

Understanding ProxyChains:

Purpose: ProxyChains allows you to force any TCP connection made by any given application to follow through proxies like TOR, SOCKS4, SOCKS5, and HTTP(S).

Usage: It's commonly used to anonymize network traffic and perform actions through an intermediate proxy.

Command Breakdown:

proxychains nmap -sT <target_cidr>: This command uses ProxyChains to route the Nmap scan traffic through the configured proxies.

Nmap Scan (-sT): This option specifies a TCP connect scan.

Setting Up ProxyChains:

Configuration File: ProxyChains configuration is typically found at /etc/proxychains.conf.

Adding Proxy: Add the compromised host as a SOCKS proxy.

plaintext

Copy code

socks4 127.0.0.1 1080

Execution:

Start Proxy Server: On the compromised host, run a SOCKS proxy (e.g., using ssh -D 1080 user@compromised_host).

Run ProxyChains with Nmap: Execute the command on the attacker's host.

proxychains nmap -sT <target_cidr>

Reference from Pentesting Literature:

ProxyChains is commonly discussed in penetration testing guides for scenarios involving pivoting through a compromised host.

HTB write-ups frequently illustrate the use of ProxyChains for routing traffic through intermediate systems.

Penetration Testing - A Hands-on Introduction to Hacking

HTB Official Writeups

Question 89

Report
Export
Collapse

A penetration tester needs to confirm the version number of a client's web application server. Which of the following techniques should the penetration tester use?

A.
SSL certificate inspection
A.
SSL certificate inspection
Answers
B.
URL spidering
B.
URL spidering
Answers
C.
Banner grabbing
C.
Banner grabbing
Answers
D.
Directory brute forcing
D.
Directory brute forcing
Answers
Suggested answer: C

Explanation:

Banner grabbing is a technique used to obtain information about a network service, including its version number, by connecting to the service and reading the response.

Step-by-Step Explanation

Understanding Banner Grabbing:

Purpose: Identify the software version running on a service by reading the initial response banner.

Methods: Can be performed manually using tools like Telnet or automatically using tools like Nmap.

Manual Banner Grabbing:

telnet target_ip 80

Netcat: Another tool for banner grabbing.

nc target_ip 80

Automated Banner Grabbing:

Nmap: Use Nmap's version detection feature to grab banners.

nmap -sV target_ip

Benefits:

Information Disclosure: Quickly identify the version and sometimes configuration details of the service.

Targeted Exploits: Helps in selecting appropriate exploits based on the identified version.

Reference from Pentesting Literature:

Banner grabbing is a fundamental technique in reconnaissance, discussed in various penetration testing guides.

HTB write-ups often include banner grabbing as a step in identifying the version of services.

Penetration Testing - A Hands-on Introduction to Hacking

HTB Official Writeups

Question 90

Report
Export
Collapse

While conducting a peer review for a recent assessment, a penetration tester finds the debugging mode is still enabled for the production system. Which of the following is most likely responsible for this observation?

A.
Configuration changes were not reverted.
A.
Configuration changes were not reverted.
Answers
B.
A full backup restoration is required for the server.
B.
A full backup restoration is required for the server.
Answers
C.
The penetration test was not completed on time.
C.
The penetration test was not completed on time.
Answers
D.
The penetration tester was locked out of the system.
D.
The penetration tester was locked out of the system.
Answers
Suggested answer: A

Explanation:

Debugging Mode:

Purpose: Debugging mode provides detailed error messages and debugging information, useful during development.

Risk: In a production environment, it exposes sensitive information and vulnerabilities, making the system more susceptible to attacks.

Common Causes:

Configuration Changes: During testing or penetration testing, configurations might be altered to facilitate debugging. If not reverted, these changes can leave the system in a vulnerable state.

Oversight: Configuration changes might be overlooked during deployment.

Best Practices:

Deployment Checklist: Ensure a checklist is followed that includes reverting any debug configurations before moving to production.

Configuration Management: Use configuration management tools to track and manage changes.

Reference from Pentesting Literature:

The importance of reverting configuration changes is highlighted in penetration testing guides to prevent leaving systems in a vulnerable state post-testing.

HTB write-ups often mention checking and ensuring debugging modes are disabled in production environments.

Penetration Testing - A Hands-on Introduction to Hacking

HTB Official Writeups

Total 120 questions
Go to page: of 12
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms