PassLeader released the NEWEST CompTIA PT0-001 exam dumps recently! Both PT0-001 VCE dumps and PT0-001 PDF dumps are available on PassLeader, either PT0-001 VCE dumps or PT0-001 PDF dumps have the NEWEST PT0-001 exam questions in it, they will help you passing CompTIA PT0-001 exam easily! You can download the valid PT0-001 dumps VCE and PDF from PassLeader here: https://www.passleader.com/pt0-001.html (258 Q&As Dumps)
Also, previewing the NEWEST PassLeader PT0-001 dumps online for free on Google Drive: https://drive.google.com/open?id=1Xvl7jQbsLhLfR0jZSB8jZLBFffBsoW1g
NEW QUESTION 236
A client needs to be PCI compliant and has external-facing web servers. Which of the following CVSS vulnerability scores would automatically bring the client out of compliance standards such as PCI 3.x?
A. 2.9
B. 3.0
C. 4.0
D. 5.9
Answer: C
Explanation:
https://qualysguard.qg2.apps.qualys.com/qwebhelp/fo_portal/knowledgebase/pci_exceptions.htm
NEW QUESTION 237
A MITM attack is being planned. The first step is to get information flowing through a controlled device. Which of the following should be used to accomplish this?
A. Repeating.
B. War driving.
C. Evil twin.
D. Bluejacking.
E. Replay attack.
Answer: C
Explanation:
https://www.veracode.com/security/man-middle-attack
NEW QUESTION 238
During a vulnerability assessment, the security consultant finds an XP legacy system that is running a criticalmbusiness function. Which of the following mitigations is BEST for the consultant to conduct?
A. Update to the latest Microsoft Windows OS.
B. Put the machine behind the WAF.
C. Segment the machine from the main network.
D. Disconnect the machine.
Answer: B
Explanation:
https://ocio.wa.gov/sites/default/files/public/ModernizationOfLegacyITSystems2014.pdf (page 40)
NEW QUESTION 239
A penetration tester has discovered through automated scanning that a Tomcat server allows for the use of default credentials. Using default credentials, the tester is able to upload WAR files to the server. Which of the following is the MOST likely post-exploitation step?
A. Upload a customized /etc/shadow file.
B. Monitor network traffic.
C. Connect via SSH using default credentials.
D. Install web shell on the server.
Answer: D
Explanation:
https://pentestlab.blog/2012/03/22/apache-tomcat-exploitation/
NEW QUESTION 240
A penetration tester directly connects to an internal network. Which of the following exploits would work BEST for quick lateral movement within an internal network?
A. Crack password hashes in /etc/shadow for network authentication.
B. Launch dictionary attacks on RDP.
C. Conduct a whaling campaign.
D. Poison LLMNR and NBNS requests.
Answer: A
NEW QUESTION 241
A penetration tester is planning to conduct a distributed dictionary attack on a government domain against the login portal. The tester will leverage multiple proxies to mask the origin IPs of the attack. Which of the following threat actors will be emulated?
A. APT.
B. Hacktivist.
C. Script kiddie.
D. Insider threat.
Answer: A
Explanation:
https://www.imperva.com/learn/application-security/apt-advanced-persistent-threat/
NEW QUESTION 242
At the information gathering stage, a penetration tester is trying to passively identify the technology running on a client’s website. Which of the following approached should the penetration tester take?
A. Run a spider scan in Burp Suite.
B. Use web aggregators such as BuiltWith and Netcraft.
C. Run a web scraper and pull the website’s content.
D. Use Nmap to fingerprint the website’s technology.
Answer: A
Explanation:
https://relevant.software/blog/penetration-testing-for-web-applications/
NEW QUESTION 243
Which of the following BEST protects against a rainbow table attack?
A. Increased password complexity.
B. Symmetric encryption.
C. Cryptographic salting.
D. Hardened OS configurations.
Answer: A
Explanation:
https://www.sciencedirect.com/topics/computer-science/rainbow-table
NEW QUESTION 244
A penetration tester is connected to a client’s local network and wants to passively identify cleartext protocols and potentially sensitive data being communicated across the network. Which of the following is the BEST approach to take?
A. Run a network vulnerability scan.
B. Run a stress test.
C. Run an MITM attack.
D. Run a port scan.
Answer: C
Explanation:
https://www.sciencedirect.com/topics/computer-science/encrypted-protocol
NEW QUESTION 245
Which of the following is the MOST comprehensive type of penetration test on a network?
A. Black box.
B. White box.
C. Gray box.
D. Red team.
E. Architecture review.
Answer: A
Explanation:
https://purplesec.us/types-penetration-testing/
NEW QUESTION 246
A company decides to remediate issues identified from a third-party penetration test done to its infrastructure. Management should instruct the IT team to do what?
A. execute the hot fixes immediately to all vulnerabilities found
B. execute the hot fixes immediately to some vulnerabilities
C. execute the hot fixes during the routine quarterly patching
D. evaluate the vulnerabilities found and execute the hot fixes
Answer: D
NEW QUESTION 247
While performing privilege escalation on a Windows 7 workstation, a penetration tester identifies a service that imports a DLL by name rather than an absolute path. To exploit this vulnerability, which of the following criteria must be met?
A. Permissions not disabled in the DLL.
B. Weak folder permissions of a directory in the DLL search path.
C. Write permissions in the C:\Windows\System32\imports directory.
D. DLL not cryptographically signed by the vendor.
Answer: B
Explanation:
https://itm4n.github.io/windows-dll-hijacking-clarified/
NEW QUESTION 248
The scope of a penetration test requires the tester to be stealthy when performing port scans. Which of the following commands with Nmap BEST supports stealthy scanning?
A. ––min-rate
B. ––max-length
C. ––host-timeout
D. ––max-rate
Answer: C
Explanation:
https://nmap.org/book/man-port-scanning-techniques.html
NEW QUESTION 249
A penetration tester needs to provide the code used to exploit a DNS server in the final report. In which of the following parts of the report should the penetration tester place the code?
A. Executive summary.
B. Remediation.
C. Conclusion.
D. Technical summary.
Answer: A
Explanation:
https://phoenixnap.com/blog/penetration-testing
NEW QUESTION 250
A penetration tester successfully exploits a system, receiving a reverse shell. Which of the following is a Meterpreter command that is used to harvest locally stored credentials?
A. background
B. hashdump
C. session
D. getuid
E. psexec
Answer: B
Explanation:
https://www.sciencedirect.com/topics/computer-science/meterpreter-shell
NEW QUESTION 251
A tester was able to retrieve domain users’ hashes. Which of the following tools can be used to uncover the users’ passwords? (Choose two.)
A. Hydra
B. Mimikatz
C. Hashcat
D. John the Ripper
E. PSExec
F. Nessus
Answer: BE
Explanation:
https://pentestlab.blog/2018/07/04/dumping-domain-password-hashes/
NEW QUESTION 252
During an engagement, a consultant identifies a number of areas that need further investigation and require an extension of the engagement. Which of the following is the MOST likely reason why the engagement may not be able to continue?
A. The consultant did not sign an NDA.
B. The consultant was not provided with the appropriate testing tools.
C. The company did not properly scope the project.
D. The initial findings were not communicated to senior leadership.
Answer: C
NEW QUESTION 253
An individual has been hired by an organization after passing a background check. The individual has been passing information to a competitor over a period of time. Which of the following classifications BEST describes the individual?
A. APT.
B. Insider threat.
C. Script kiddie.
D. Hacktivist.
Answer: B
Explanation:
https://en.wikipedia.org/wiki/Insider_threat
NEW QUESTION 254
A senior employee received a suspicious email from another executive requesting an urgent wire transfer. Which of the following types of attacks is likely occurring?
A. Spear phishing.
B. Business email compromise.
C. Vishing.
D. Whaling.
Answer: A
Explanation:
https://www.welivesecurity.com/2020/03/13/415pm-urgent-message-ceo-fraud/
NEW QUESTION 255
Drag and Drop
Analyze the code segments to determine which sections are needed to complete a port scanning script. Drag the appropriate elements into the correct locations to complete the script. If at any time you would like to bring back the initial state of the simulation, please click the reset all button. During a penetration test, you gain access to a system with a limited user interface. This machine appears to have access to an isolated network that you would like to port scan.
Answer:
NEW QUESTION 256
Drag and Drop
A technician is reviewing the following report. Given this information, identify which vulnerability can be definitively confirmed to be a false positive by dragging the “false positive” token to the “Confirmed” column for each vulnerability that is a false positive.
Answer:
NEW QUESTION 257
……
Welcome to choose PassLeader PT0-001 dumps for 100% passing CompTIA PT0-001 exam: https://www.passleader.com/pt0-001.html (258 Q&As VCE Dumps and PDF Dumps)
Also, previewing the NEWEST PassLeader PT0-001 dumps online for free on Google Drive: https://drive.google.com/open?id=1Xvl7jQbsLhLfR0jZSB8jZLBFffBsoW1g