The latest CompTIA PT1-002 exam questions can help you pass the exam! All questions are corrected
to ensure authenticity and effectiveness! Download the Pass4itsure CompTIA PT1-002 dumps https://www.pass4itsure.com/pt1-002.html (Q&As: 132).
[Latest PDF] Free CompTIA PT1-002 pdf dumps download from Google Drive: https://drive.google.com/file/d/1ue2zO7svDrex83v1LGBQuE2_fC3ZYXzq/view?usp=sharing
Share CompTIA PT1-002 practice test for free
QUESTION 1
When negotiating a penetration testing contract with a prospective client, which of the following disclaimers should be
included in order to mitigate liability in case of a future breach of the client\\’s systems?
A. The proposed mitigations and remediations in the final report do not include a cost-benefit analysis.
B. The NDA protects the consulting firm from future liabilities in the event of a breach.
C. The assessment reviewed the cyber key terrain and most critical assets of the client\\’s network.
D. The penetration test is based on the state of the system and its configuration at the time of assessment.
Correct Answer: D
QUESTION 2
A penetration tester is testing a web application and is logged in as a lower-privileged user. The tester runs arbitrary
JavaScript within an application, which sends an XMLHttpRequest, resulting in exploiting features to which only an
administrator should have access. Which of the following controls would BEST mitigate the vulnerability?
A. Implement authorization checks.
B. Sanitize all the user input.
C. Prevent directory traversal.
D. Add client-side security controls
Correct Answer: A
QUESTION 3
A client wants a security assessment company to perform a penetration test against its hot site. The purpose of the test
is to determine the effectiveness of the defenses that protect against disruptions to business continuity. Which of the
following is the MOST important action to take before starting this type of assessment?
A. Ensure the client has signed the SOW.
B. Verify the client has granted network access to the hot site.
C. Determine if the failover environment relies on resources not owned by the client.
D. Establish communication and escalation procedures with the client.
Correct Answer: C
QUESTION 4
A penetration tester was able to gain access successfully to a Windows workstation on a mobile client\\’s laptop. Which
of the following can be used to ensure the tester is able to maintain access to the system?
A. schtasks /create /sc /ONSTART /tr C:\Temp\WindowsUpdate.exe
B. wmic startup get caption,command
C. crontab –l; echo “@reboot sleep 200 andand ncat –lvp 4242 –e /bin/bash”) | crontab 2>/dev/null
D. sudo useradd –ou 0 –g 0 user
Correct Answer: B
QUESTION 5
A penetration tester has been given eight business hours to gain access to a client\\’s financial system. Which of the
following techniques will have the highest likelihood of success?
A. Attempting to tailgate an employee going into the client\\’s workplace
B. Dropping a malicious USB key with the company\\’s logo in the parking lot
C. Using a brute-force attack against the external perimeter to gain a foothold
D. Performing spear phishing against employees by posing as senior management
Correct Answer: C
QUESTION 6
A company is concerned that its cloud service provider is not adequately protecting the VMs housing its software
development. The VMs are housed in a datacenter with other companies sharing physical resources. Which of the
following attack types is MOST concerning to the company?
A. Data flooding
B. Session riding
C. Cybersquatting
D. Side channel
Correct Answer: B
Reference: https://www.iotcentral.io/blog/the-top-cloud-computing-vulnerabilities-and-threats
QUESTION 7
A penetration tester is exploring a client\\’s website. The tester performs a curl command and obtains the following:
*
Connected to 10.2.11.144 (::1) port 80 (#0)
> GET /readmine.html HTTP/1.1
> Host: 10.2.11.144
> User-Agent: curl/7.67.0
> Accept: */*
>
*
Mark bundle as not supporting multiuse
Which of the following tools would be BEST for the penetration tester to use to explore this site further?
A. Burp Suite
B. DirBuster
C. WPScan
D. OWASP ZAP
Correct Answer: A
Reference: https://tools.kali.org/web-applications/burpsuite
QUESTION 8
During a penetration-testing engagement, a consultant performs reconnaissance of a client to identify potential targets
for a phishing campaign. Which of the following would allow the consultant to retrieve email addresses for technical and
billing contacts quickly, without triggering any of the client\\’s cybersecurity tools? (Choose two.)
A. Scraping social media sites
B. Using the WHOIS lookup tool
C. Crawling the client\\’s website
D. Phishing company employees
E. Utilizing DNS lookup tools
F. Conducting wardriving near the client facility
Correct Answer: BC
QUESTION 9
Place each of the following passwords in order of complexity from least complex (1) to most complex (4), based on the
character sets represented Each password may be used only once.
Select and Place:
Correct Answer:
QUESTION 10
During an internal network penetration test the tester is able to compromise a Windows system and recover the NTLM
hash for a local wrltsrnAdrain account Attempting to recover the plaintext password by cracking the hash has proved to
be unsuccessful, and the tester has decided to try a pass-the-hash attack to see if the credentials are reused on other inscope systems Using the Medusa tool the tester attempts to authenticate to a list of systems, including the originally
compromised host, with no success Given the output below:
Which of the following Medusa commands would potentially provide better results?
A. #medusa -h hosts.txt -U usera.txt -P hashes, txt -M smbnt. -m GROP:LOCAL -O out.txt -m PASS:HASH
B. #medusa -H hosts.txt -U users, txt -P hashes, txt -M smbnt -m PASS:HASH -o out. txt
C. #medusa -H hosts.txt -u WrkStnAdmin
-paa3b435b51404eeaa3b435b51404ee:4e63c1b137e274dda214154b349fe316 -M smbnt -m GROUP:DOMAIN -o
out.txt
D. #medusa -H hosts.txt -C creds.txt -M mssq1 -m GROUP: DOMAIN -o out.txt
Correct Answer: A
Which of the following Medusa commands would potentially provide better results?
A. #medusa -h hosts.txt -U usera.txt -P hashes, txt -M smbnt. -m GROP:LOCAL -O out.txt -m PASS:HASH
B. #medusa -H hosts.txt -U users, txt -P hashes, txt -M smbnt -m PASS:HASH -o out. txt
C. #medusa -H hosts.txt -u WrkStnAdmin
-paa3b435b51404eeaa3b435b51404ee:4e63c1b137e274dda214154b349fe316 -M smbnt -m GROUP:DOMAIN -o
out.txt
D. #medusa -H hosts.txt -C creds.txt -M mssq1 -m GROUP: DOMAIN -o out.txt
Correct Answer: A
QUESTION 11
A penetration tester discovers that a web server within the scope of the engagement has already been compromised
with a backdoor. Which of the following should the penetration tester do NEXT?
A. Forensically acquire the backdoor Trojan and perform attribution
B. Utilize the backdoor in support of the engagement
C. Continue the engagement and include the backdoor finding in the final report
D. Inform the customer immediately about the backdoor
Correct Answer: C
QUESTION 12
A penetration tester conducted an assessment on a web server. The logs from this session show the following:
http://www.thecompanydomain.com/servicestatus.php?serviceID=892andserviceID=892 ` ; DROP TABLE SERVICES; –
Which of the following attacks is being attempted?
A. Clickjacking
B. Session hijacking
C. Parameter pollution
D. Cookie hijacking
E. Cross-site scripting
Correct Answer: C
QUESTION 13
Which of the following should a penetration tester attack to gain control of the state in the HTTP protocol after the user
is logged in?
A. HTTPS communication
B. Public and private keys
C. Password encryption
D. Sessions and cookies
Correct Answer: D
Latest CompTIA PT1-002 google drive
CompTIA PT1-002 pdf https://drive.google.com/file/d/1ue2zO7svDrex83v1LGBQuE2_fC3ZYXzq/view?usp=sharing
Pass4itSure CompTIA PenTest+ Exams
PT0-001 :CompTIA PenTest+ Exam
258 Q&As Updated: Jul 08, 2021
PT1-002 :CompTIA PenTest+ Certification Exam
131 Q&As Updated: Jul 03, 2021
Free PT0-001 practice test https://www.downloadzpdf.com/share-free-comptia-pt0-001-exam-questions-and-comptia-pt0-001-dumps-pdf/
Summarize:
This blog shares the latest CompTIA PT1-002 exam questions, and answers! CompTIA PT1-002 pdf!
You can also practice the test online! Pass4itsure is the industry leader! Go https://www.pass4itsure.com/pt1-002.html Help you successfully pass the CompTIA PT1-002 exam.
ps.
Free CompTIA PT1-002 dumps pdf download: https://drive.google.com/file/d/1ue2zO7svDrex83v1LGBQuE2_fC3ZYXzq/view?usp=sharing