Vendor: CompTIA
Certifications: CompTIA PenTest+
Exam Name: CompTIA PenTest+ Exam
Exam Code: PT0-001
Total Questions: 306 Q&As ( View Details)
Last Updated:
Note: Product instant download. Please sign in and click My account to download your product.
VCE
CompTIA PT0-001 Last Month Results
PT0-001 Q&A's Detail
Exam Code: | PT0-001 |
Total Questions: | 306 |
Single & Multiple Choice | 299 |
Drag Drop | 5 |
Hotspot | 1 |
Simulation Labs | 1 |
CertBus Has the Latest PT0-001 Exam Dumps in Both PDF and VCE Format
PT0-001 Online Practice Questions and Answers
A penetration tester has performed a security assessment for a startup firm. The report lists a total of ten vulnerabilities, with five identified as critical. The client does not have the resources to immediately remediate all vulnerabilities. Under such circumstances, which of the following would be the BEST suggestion for the client?
A. Apply easy compensating controls for critical vulnerabilities to minimize the risk, and then reprioritize remediation.
B. Identify the issues that can be remediated most quickly and address them first.
C. Implement the least impactful of the critical vulnerabilities' remediations first, and then address other critical vulnerabilities
D. Fix the most critical vulnerability first, even if it means fixing the other vulnerabilities may take a very long lime.
During an internal penetration test, several multicast and broadcast name resolution requests are observed traversing the network. Which of the following tools could be used to impersonate network resources and collect authentication requests?
A. Ettercap
B. Tcpdump
C. Responder
D. Medusa
A system security engineer is preparing to conduct a security assessment of some new applications. The applications were provided to the engineer as a set that contains only JAR files. Which of the following would be the MOST detailed method to gather information on the inner working of these applications?
A. Launch the applications and use dynamic software analysis tools, including fuzz testing
B. Use a static code analyzer on the JAR filet to look for code Quality deficiencies
C. Decompile the applications to approximate source code and then conduct a manual review
D. Review the details and extensions of the certificate used to digitally sign the code and the application
A penetration tester is performing a wireless penetration test. Which of the following are some vulnerabilities that might allow the penetration tester to easily and quickly access a WPA2-protected access point?
A. Deauthentication attacks against an access point can allow an opportunity to capture the four-way handshake, which can be used to obtain and crack the encrypted password.
B. Injection of customized ARP packets can generate many initialization vectors quickly, making it faster to crack the password, which can then be used to connect to the WPA2-protected access point.
C. Weak implementations of the WEP can allow pin numbers to be guessed quickly, which can then be used to retrieve the password, which can then be used to connect to the WEP-protected access point.
D. Rainbow tables contain all possible password combinations, which can be used to perform a brute-force password attack to retrieve the password, which can then be used to connect to the WPA2-protected access point.
Which of the following is the BEST way to deploy vulnerability scanners with many networks segmented by firewalls with active IPS rules?
A. Deploy a single scanner inside each network segment.
B. Deploy many scanners inside one segment and allow any rules.
C. Deploy one internal scanner and one external scanner.
D. Deploy one internal scanner with heavy server resources.
Add Comments
This dump is valid, but there are some new questions in my exam. passed today.
CompTIA PT0-001 exam official information: The PenTest+ certification validates skills in penetration testing and vulnerability management. Learn about the certification, available training and the exam.