CompTIA PenTest+ PT0-001 Study Guide 2021/2022

A security analyst was provided with a detailed penetration report, which was performed against the organization's DMZ environment. It was noted on the report that a finding has a CVSS base score of 100. Which of the following levels of difficulty would be required to exploit this vulnerability? A. Very difficult; perimeter systems are usually behind a firewall B. Somewhat difficult, would require significant processing power to exploit C. Trivial, little effort is required to exploit this finding D. Impossible; external hosts are hardened to protect against attacks Correct answer- C. Trivial, little effort is required to exploit this finding A penetration tester has gained access to a marketing employee's device. The penetration tester wants to ensure that if the access is discovered, control of the device can be regained. Which of the actions should the penetration tester use to maintain persistence to the device? (Select TWO) A. Place an entry in HKLMSoftware MicrosoftCurrentVersionRun to call 1. B. Place an entry in C:windowssystem32driversetchosts for 12.17.20.10 C. Place a script in C:users%usernamelocalappdataroaming1 D. Create a fake service in Windows called RTAudio to execute manually E. Place an entry for RTAudio in HKLMCurrentControlSetServicesRTAudio. F. Create a schedule task to call C:wwindowssystem32driversetchosts Correct answer- A. Place an entry in HKLMSoftware MicrosoftCurrentVersionRun to call 1. B. Place an entry in C:windowssystem32driversetchosts for 12.17.20.10 Which of the following tools is used to perform a credential brute force attack? A. Hydra B. John the Ripper C. Hashcat D. Peach Correct answer- A. Hydra Which of the following situations would cause a penetration tester to communicate with a system owner/client during the course of a test? (Select Two) A. The tester discovers personally identifiable data on the system. B. The system shows evidence of prior unauthorized compromise C. The system shows a lack of hardening throughout D. The system becomes unavailable following an attempted exploit E. The tester discovers a finding on an out-of-scope system Correct answer- B. The system shows evidence of prior unauthorized compromise E. The tester discovers a finding on an out-of-scope system A penetration tester has performed a security assessment for a startup firm. The report lists a total of ten vulnerabilities, with five identified as critical. The client does not have the remediate to immediately remediate all vulnerabilities. Under such circumstances which of the following would be the BEST suggestion for the client? A. Apply easy compensating controls for critical vulnerabilities to minimize the risk, and then reprioritize remediation B. Identify the issues that can be remediated most quickly and address them first. C. Implement the least impactful of the critical vulnerabilities' remediations first, and then address other critical vulnerabilities D. Fix the most critical vulnerability first, even if it means fixing the other vulnerabilities may take a very long time. Correct answer- D. Fix the most critical vulnerability first, even if it means fixing the other vulnerabilities may take a very long time. Which of the following is the reason why a penetration tester would run the chkconfig -- del servicename command at the end of an engagement? A. To remove the persistence B. To enable persistence C. To report persistence D. To check for persistence Correct answer- A. To remove the persistence A penetration tester wants to target NETBIOS name service. Which of the following is the MOST likely command to exploit the NETBIOS name service? A. arpspoof B. nmap C. responder D. burpsuite Correct answer- C. responder A security consultant receives a document outlining the scope of an upcoming penetration test. This document contains IP addresses and times that each can be scanned. Which of the following would contain this information? A. Rules of engagement B. Request for proposal C. Master service agreement D. Business impact analysis Correct answer- A. Rules of engagement A penetration tester executes the following commands: C: userprofile%jtr exe This program has been blocked by group policy. C: -w -s -q -u Users C:Windows rw C:WindowsTracing C:copy %userprofile C:WindowsTracing C:WindowsTracing jtr version 3.2... jtr Which of the following is a local host vulnerability that the attacker is exploiting? A. Insecure file permissions B. Application whitelisting C. Shell escape D. Writable service Correct answer- A. Insecure file permissions A penetration tester reviews the scan results of a web application. Which of the following vulnerabilities is MOST critical and should be prioritized for exploitation? A. Stored XSS B. Full path disclosure C. Expired certificate D. Clickjacking Correct answer- A. Stored XSS