最新的CompTIA PenTest+ - PT0-003免費考試真題

問題1
During a penetration testing engagement, a tester targets the internet-facing services used by the client. Which of the following describes the type of assessment that should be considered in this scope of work?

正確答案: A
說明:(僅 VCESoft 成員可見)
問題2
A penetration tester obtains a reverse shell on a server and executes the following command on the compromised server:
echo ' < ?php system($_GET[ " c " ]); ? > ' > > /var/www/public/index.php Which of the following best explains what the penetration tester is trying to do?

正確答案: A
說明:(僅 VCESoft 成員可見)
問題3
During an engagement, a penetration tester decides to use social engineering to capture MFA. Which of the following tools or configuration commands should the tester use?

正確答案: D
說明:(僅 VCESoft 成員可見)
問題4
A penetration tester gains access to a Windows machine and wants to further enumerate users with native operating system credentials. Which of the following should the tester use?

正確答案: B
說明:(僅 VCESoft 成員可見)
問題5
A penetration tester is testing a power plant ' s network and needs to avoid disruption to the grid. Which of the following methods is most appropriate to identify vulnerabilities in the network?

正確答案: A
說明:(僅 VCESoft 成員可見)
問題6
Which of the following tasks would ensure the key outputs from a penetration test are not lost as part of the cleanup and restoration activities?

正確答案: B
說明:(僅 VCESoft 成員可見)
問題7
Which of the following is the most likely LOLBin to be used to perform an exfiltration on a Microsoft Windows environment?

正確答案: C
說明:(僅 VCESoft 成員可見)
問題8
A penetration tester needs to exploit a vulnerability in a wireless network that has weak encryption to perform traffic analysis and decrypt sensitive information. Which of the following techniques would best allow the penetration tester to have access to the sensitive information?

正確答案: A
說明:(僅 VCESoft 成員可見)
問題9
A penetration tester must gain entry to a client ' s office building without raising attention. Which of the following should be the tester ' s first step?

正確答案: C
說明:(僅 VCESoft 成員可見)
問題10
Which of the following frameworks can be used to classify threats?

正確答案: C
說明:(僅 VCESoft 成員可見)
問題11
As part of an engagement, a penetration tester wants to maintain access to a compromised system after rebooting. Which of the following techniques would be best for the tester to use?

正確答案: C
說明:(僅 VCESoft 成員可見)
問題12
A penetration tester wants to send a specific network packet with custom flags and sequence numbers to a vulnerable target. Which of the following should the tester use?

正確答案: B
說明:(僅 VCESoft 成員可見)
問題13
A penetration tester needs to evaluate the order in which the next systems will be selected for testing. Given the following output:
Hostname | IP address | CVSS 2.0 | EPSS
hrdatabase | 192.168.20.55 | 9.9 | 0.50
financesite | 192.168.15.99 | 8.0 | 0.01
legaldatabase | 192.168.10.2 | 8.2 | 0.60
fileserver | 192.168.125.7 | 7.6 | 0.90
Which of the following targets should the tester select next?

正確答案: B
說明:(僅 VCESoft 成員可見)
問題14
A company hires a penetration tester to test the security implementation of its wireless networks. The main goal for this assessment is to intercept and get access to sensitive data from the company ' s employees.
Which of the following tools should the security professional use to best accomplish this task?

正確答案: D
說明:(僅 VCESoft 成員可見)