CompTIA PenTest+ Certification Exam (PT0-001) Free Practice Test

Question 1

A malicious user wants to perform an MITM attack on a computer. The computer network configuration is given below:
IP: 192.168.1.20
NETMASK: 255.255.255.0
DEFAULT GATEWAY: 192.168.1.254
DHCP: 192.168.1.253
DNS: 192.168.10.10, 192.168.20.10
Which of the following commands should the malicious user execute to perform the MITM attack?

A. arpspoof -c both -t 192.168.1.20 192.168.1.253

B. arpspoof -r -t 192 .168.1.253 192.168.1.20

C. arpspoof -c both -r -t 192.168.1.1 192.168.1.20

D. arpspoof -t 192.168.1.20 192.168.1.254

Correct Answer: D

Question 2

During a penetration test, a host is discovered that appears to have been previously compromised and has an active outbound connection. After verifying the network activity is malicious, which of the following should the tester do?

A. Take action and shut it down immediately.

B. Inform the client to shut it down and investigate.

C. Inform the client and allow them to respond.

D. Note the finding and continue the assessment.

Correct Answer: C

Question 3

Joe, a penetration tester, is asked to assess a company's physical security by gaining access to its corporate office. Joe ism looking for a method that will enable him to enter the building during business hours or when there are no employee on-site. Which of the following would be MOST effective in accomplishing this?

A. Lock picking

B. Badge cloning

C. Tailgating

D. Piggybacking

Correct Answer: B

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 4

A penetration tester has gained a root shell on a target Linux server and wants to have the server "check in" over HTTP using a GET request to the penetration tester's laptop once every hour, even after system reboots. The penetration tester wrote a bash script to perform this. Which of the following represents the BEST method to persist the script?

A. Configure a systemd service at default run level to launch the script.

B. Modify .bash_profile to launch the script in the background.

C. Execute the script to run in a screen session.

D. Use the nohup command to launch the script immune to logouts.

Correct Answer: A

Question 5

An email sent from the Chief Executive Officer (CEO) to the Chief Financial Officer (CFO) states a wire transfer is needed to pay a new vendor. Neither is aware of the vendor, and the CEO denies ever sending the email. Which of the following types of motivation was used m this attack?

A. Principle of likeness

B. Principle of fear

C. Principle of scarcity

D. Principle of authority

E. Principle of social proof

Correct Answer: D

Question 6

A company performed an annual penetration test of its environment. In addition to several new findings, all of the previously identified findings persisted on the latest report. Which of the following is the MOST likely reason?

A. The organization is not taking action to remediate identified findings.

B. Systems administrators are applying the wrong patches.

C. Infrastructure is being replaced with similar hardware and software.

D. The penetration testing tools were misconfigured.

Correct Answer: A

Question 7

A security team is switching firewall vendors. The director of security wants to scope a penetration test to satisfy requirements to perform the test after major architectural changes. Which of the following is the BEST way to approach the project?

A. Perform a discovery scan to identify changes in the network.

B. Design a penetration test approach, focusing on publicly released firewall DoS vulnerabilities.

C. Review the firewall configuration, followed by a targeted attack by a read team.

D. Focus on an objective-based approach to assess network assets with a red team.

Correct Answer: D

Question 8

A penetration tester obtained access to an internal host of a given target. Which of the following is the BEST tool to retrieve the passwords of users of the machine exploiting a well-knows architecture flaw of the Windows OS?

A. RainCrack

B. John the Ripper

C. Mimikatz

D. Hashcat

Correct Answer: C

Question 9

Which of the following is the BEST initial attack against an identified FTP server on the remote network?

A. Use a MITM to sniff transferred credentials in cleartext.

B. Attempt to log in as anonymous.

C. Perform fuzzing against a username field.

D. Perform a dictionary attack.

Correct Answer: B

Question 10

Which of the following tools would a penetration tester leverage to conduct OSINT? (Select TWO).

A. Maltego

B. SET

C. Shodan

D. BeEF

E. Dynamo

F. Wireshark

Correct Answer: A,C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 11

A penetration tester has successfully exploited a Windows host with low privileges and found directories with the following permissions:

Which of the following should be performed to escalate the privileges?

A. Kerberoasting

B. Writable services

C. Migration of the shell to another process

D. Retrieval of the SAM database

Correct Answer: C

Question 12

The following command is run on a Linux file system:
Chmod 4111 /usr/bin/sudo
Which of the following issues may be exploited now?

A. Misconfigured sudo

B. Kernel vulnerabilities

C. Sticky bits

D. Unquoted service path

Correct Answer: C

Question 13

A security assessor completed a comprehensive penetration test of a company and its networks and systems.
During the assessment, the tester identified a vulnerability in the crypto library used for TLS on the company's intranet-wide payroll web application. However, the vulnerability has not yet been patched by the vendor, although a patch is expected within days. Which of the following strategies would BEST mitigate the risk of impact?

A. Modify the web server crypto configuration to use a stronger cipher-suite for encryption, hashing, and digital signing.

B. Require payroll users to change the passwords used to authenticate to the application. Following the patching of the vulnerability, implement another required password change.

C. Implement an ACL to restrict access to the application exclusively to the finance department. Reopen the application to company staff after the vulnerability is patched.

D. Implement new training to be aware of the risks in accessing the application. This training can be decommissioned after the vulnerability is patched.

Correct Answer: C

Question 14

A web server is running PHP, and a penetration tester is using LFI to execute commands by passing parameters through the URL. This is possible because server logs were poisoned to execute the PHP system ( ) function. Which of the following would retrieve the contents of the passwd file?

A. ''&CMD_cat /etc/passwd--&id-34''

B. ''&CMD=cat ../../../../etc/passwd7id=34'

C. ''&CMD=cat / etc/passwd%&id= 34''

D. ''&system(CMD) ''cat /etc/passed&id=34''

Correct Answer: A

Welcome to TestSimulate

CompTIA PenTest+ Certification (PT0-001) Free Practice Test