最新的CompTIA PenTest+ Certification - PT0-002免費考試真題
問題1
During an assessment, a penetration tester manages to exploit an LFI vulnerability and browse the web log for a target Apache server. Which of the following steps would the penetration tester most likely try NEXT to further exploit the web server? (Choose two.)
正確答案: B,D
說明:(僅 VCESoft 成員可見)
問題2
A penetration tester would like to crack a hash using a list of hashes and a predefined set of rules. The tester runs the following command: hashcat.exe -a 0 .\hash.txt .\rockyou.txt -r .\rules\replace.rule
Which of the following is the penetration tester using to crack the hash?
Which of the following is the penetration tester using to crack the hash?
正確答案: B
說明:(僅 VCESoft 成員可見)
問題3
A penetration tester examines a web-based shopping catalog and discovers the following URL when viewing a product in the catalog:
http://company.com/catalog.asp?productid=22
The penetration tester alters the URL in the browser to the following and notices a delay when the page refreshes:
http://company.com/catalog.asp?productid=22;WAITFOR DELAY'00:00:05'
Which of the following should the penetration tester attempt NEXT?
http://company.com/catalog.asp?productid=22
The penetration tester alters the URL in the browser to the following and notices a delay when the page refreshes:
http://company.com/catalog.asp?productid=22;WAITFOR DELAY'00:00:05'
Which of the following should the penetration tester attempt NEXT?
正確答案: C
說明:(僅 VCESoft 成員可見)
問題4
A penetration tester has been hired to configure and conduct authenticated scans of all the servers on a software company's network. Which of the following accounts should the tester use to return the MOST results?
正確答案: A
問題5
Which of the following is the most secure way to protect a final report file when delivering the report to the client/customer?
正確答案: B
說明:(僅 VCESoft 成員可見)
問題6
A penetration tester writes the following script:
Which of the following is the tester performing?
Which of the following is the tester performing?
正確答案: A
說明:(僅 VCESoft 成員可見)
問題7
A penetration tester has been given eight business hours to gain access to a client's financial system. Which of the following techniques will have the highest likelihood of success?
正確答案: C
問題8
Penetration tester is developing exploits to attack multiple versions of a common software package. The versions have different menus and )ut.. they have a common log-in screen that the exploit must use. The penetration tester develops code to perform the log-in that can be each of the exploits targeted to a specific version. Which of the following terms is used to describe this common log-in code example?
正確答案: A
說明:(僅 VCESoft 成員可見)
問題9
Which of the following types of information would most likely be included in an application security assessment report addressed to developers? (Select two).
正確答案: A,B
說明:(僅 VCESoft 成員可見)
問題10
Which of the following would a company's hunt team be MOST interested in seeing in a final report?
正確答案: A
問題11
For a penetration test engagement, a security engineer decides to impersonate the IT help desk. The security engineer sends a phishing email containing an urgent request for users to change their passwords and a link to https://example.com/index.html. The engineer has designed the attack so that once the users enter the credentials, the index.html page takes the credentials and then forwards them to another server that the security engineer is controlling. Given the following information:
Which of the following lines of code should the security engineer add to make the attack successful?
Which of the following lines of code should the security engineer add to make the attack successful?
正確答案: C
問題12
A penetration tester conducted an assessment on a web server. The logs from this session show the following:
http://www.thecompanydomain.com/servicestatus.php?serviceID=892&serviceID=892 ' ; DROP TABLE SERVICES; --
Which of the following attacks is being attempted?
http://www.thecompanydomain.com/servicestatus.php?serviceID=892&serviceID=892 ' ; DROP TABLE SERVICES; --
Which of the following attacks is being attempted?
正確答案: B
問題13
Appending string values onto another string is called:
正確答案: C
說明:(僅 VCESoft 成員可見)
問題14
A security analyst is conducting an unknown environment test from 192.168 3.3. The analyst wants to limit observation of the penetration tester's activities and lower the probability of detection by intrusion protection and detection systems. Which of the following Nmap commands should the analyst use to achieve This objective?
正確答案: C
說明:(僅 VCESoft 成員可見)
問題15
A penetration tester captures SMB network traffic and discovers that users are mistyping the name of a fileshare server. This causes the workstations to send out requests attempting to resolve the fileshare server's name. Which of the following is the best way for a penetration tester to exploit this situation?
正確答案: A
說明:(僅 VCESoft 成員可見)
