CompTIA PenTest+ Certification Exam v1.0

Page:    1 / 22   
Exam contains 326 questions

A penetration tester logs in as a user in the cloud environment of a company.
Which of the following Pacu modules will enable the tester to determine the level of access of the existing user?

  • A. iam_enum_permissions
  • B. iam_prive_sc_scan
  • C. iam_backdoor_assume_role
  • D. iam_bruteforce_permissions


Answer : A

A company becomes concerned when the security alarms are triggered during a penetration test.
Which of the following should the company do NEXT?

  • A. Halt the penetration test.
  • B. Conduct an incident response.
  • C. Deconflict with the penetration tester.
  • D. Assume the alert is from the penetration test.


Answer : B

A penetration tester has been hired to perform a physical penetration test to gain access to a secure room within a client's building. Exterior reconnaissance identifies two entrances, a WiFi guest network, and multiple security cameras connected to the Internet.
Which of the following tools or techniques would BEST support additional reconnaissance?

  • A. Wardriving
  • B. Shodan
  • C. Recon-ng
  • D. Aircrack-ng


Answer : C

A red team gained access to the internal network of a client during an engagement and used the Responder tool to capture important data.
Which of the following was captured by the testing team?

  • A. Multiple handshakes
  • B. IP addresses
  • C. Encrypted file transfers
  • D. User hashes sent over SMB


Answer : D

A penetration tester conducts an Nmap scan against a target and receives the following results:

Which of the following should the tester use to redirect the scanning tools using TCP port 1080 on the target?

  • A. Nessus
  • B. ProxyChains
  • C. OWASP ZAP
  • D. Empire


Answer : B

Reference:
https://www.codeproject.com/Tips/634228/How-to-Use-Proxychains-Forwarding-Ports

A penetration tester who is doing a security assessment discovers that a critical vulnerability is being actively exploited by cybercriminals.
Which of the following should the tester do NEXT?

  • A. Reach out to the primary point of contact.
  • B. Try to take down the attackers.
  • C. Call law enforcement officials immediately.
  • D. Collect the proper evidence and add to the final report.


Answer : A

A penetration tester received a .pcap file to look for credentials to use in an engagement.
Which of the following tools should the tester utilize to open and read the .pcap file?

  • A. Nmap
  • B. Wireshark
  • C. Metasploit
  • D. Netcat


Answer : B

A penetration tester ran an Nmap scan on an Internet-facing network device with the -F option and found a few open ports. To further enumerate, the tester ran another scan using the following command: nmap -O -A -sS -p- 100.100.100.50
Nmap returned that all 65,535 ports were filtered
Which of the following MOST likely occurred on the second scan?

  • A. A firewall or IPS blocked the scan.
  • B. The penetration tester used unsupported flags.
  • C. The edge network device was disconnected.
  • D. The scan returned ICMP echo replies.


Answer : A

A penetration tester is looking for a vulnerability that enables attackers to open doors via a specialized TCP service that is used for a physical access control system. The service exists on more than 100 different hosts, so the tester would like to automate the assessment. Identification requires the penetration tester to:
✑ Have a full TCP connection
✑ Send a `hello` payload
✑ Wait for a response
✑ Send a string of characters longer than 16 bytes
Which of the following approaches would BEST support the objective?

  • A. Run nmap -Pn -sV --script vuln <IP address>.
  • B. Employ an OpenVAS simple scan against the TCP port of the host.
  • C. Create a script in the Lua language and use it with NSE.
  • D. Perform a credentialed scan with Nessus.


Answer : D

Performing a penetration test against an environment with SCADA devices brings an additional safety risk because the:

  • A. devices produce more heat and consume more power.
  • B. devices are obsolete and are no longer available for replacement.
  • C. protocols are more difficult to understand.
  • D. devices may cause physical world effects.


Answer : C

A penetration tester has been given an assignment to attack a series of targets in the 192.168.1.0/24 range, triggering as few alarms and countermeasures as possible.
Which of the following Nmap scan syntaxes would BEST accomplish this objective?

  • A. nmap -sT -vvv -O 192.168.1.2/24 -PO
  • B. nmap -sV 192.168.1.2/24 -PO
  • C. nmap -sA -v -O 192.168.1.2/24
  • D. nmap -sS -O 192.168.1.2/24 -T1


Answer : D

Reference:
https://nmap.org/book/man-port-scanning-techniques.html

A penetration tester has gained access to a network device that has a previously unknown IP range on an interface. Further research determines this is an always-on VPN tunnel to a third-party supplier.
Which of the following is the BEST action for the penetration tester to take?

  • A. Utilize the tunnel as a means of pivoting to other internal devices.
  • B. Disregard the IP range, as it is out of scope.
  • C. Stop the assessment and inform the emergency contact.
  • D. Scan the IP range for additional systems to exploit.


Answer : D

A penetration tester recently performed a social-engineering attack in which the tester found an employee of the target company at a local coffee shop and over time built a relationship with the employee. On the employee's birthday, the tester gave the employee an external hard drive as a gift.
Which of the following social-engineering attacks was the tester utilizing?

  • A. Phishing
  • B. Tailgating
  • C. Baiting
  • D. Shoulder surfing


Answer : C

Reference:
https://phoenixnap.com/blog/what-is-social-engineering-types-of-threats

A security company has been contracted to perform a scoped insider-threat assessment to try to gain access to the human resources server that houses PII and salary data. The penetration testers have been given an internal network starting position.
Which of the following actions, if performed, would be ethical within the scope of the assessment?

  • A. Exploiting a configuration weakness in the SQL database
  • B. Intercepting outbound TLS traffic
  • C. Gaining access to hosts by injecting malware into the enterprise-wide update server
  • D. Leveraging a vulnerability on the internal CA to issue fraudulent client certificates
  • E. Establishing and maintaining persistence on the domain controller


Answer : B

A penetration tester is able to capture the NTLM challenge-response traffic between a client and a server.
Which of the following can be done with the pcap to gain access to the server?

  • A. Perform vertical privilege escalation.
  • B. Replay the captured traffic to the server to recreate the session.
  • C. Use John the Ripper to crack the password.
  • D. Utilize a pass-the-hash attack.


Answer : D

Page:    1 / 22   
Exam contains 326 questions

Talk to us!


Have any questions or issues ? Please dont hesitate to contact us

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy