Summer Certification Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

CompTIA PT0-003 Actual Questions

Page: 6 / 25
Total 336 questions

CompTIA PenTest+ Exam Questions and Answers

Question 21

A penetration tester gains initial access to a target system by exploiting a recent RCE vulnerability. The patch for the vulnerability will be deployed at the end of the week. Which of the following utilities would allow the tester to reenter the system remotely after the patch has been deployed? (Select two).

Options:

A.

schtasks.exe

B.

rundll.exe

C.

cmd.exe

D.

chgusr.exe

E.

sc.exe

F.

netsh.exe

Question 22

During a discussion of a penetration test final report, the consultant shows the following payload used to attack a system:

html

Copy code

7/ < sCRitP > aLeRt( ' pwned ' ) < /ScriPt >

Based on the code, which of the following options represents the attack executed by the tester and the associated countermeasure?

Options:

A.

Arbitrary code execution: the affected computer should be placed on a perimeter network

B.

SQL injection attack: should be detected and prevented by a web application firewall

C.

Cross-site request forgery: should be detected and prevented by a firewall

D.

XSS obfuscated: should be prevented by input sanitization

Question 23

A penetration tester wants to verify whether passwords from a leaked password list can be used to access an SSH server as a legitimate user. Which of the following is the most appropriate tool for this task?

Options:

A.

BloodHound

B.

Responder

C.

Burp Suite

D.

Hydra

Question 24

A penetration tester has found a web application that is running on a cloud virtual machine instance. Vulnerability scans show a potential SSRF for the same application URL path with an injectable parameter. Which of the following commands should the tester run to successfully test for secrets exposure exploitability?

Options:

A.

curl < url > ?param=http://169.254.169.254/latest/meta-data/

B.

curl ' < url > ?param=http://127.0.0.1/etc/passwd '

C.

curl ' < url > ?param= < script > alert(1) < script > / '

D.

curl < url > ?param=http://127.0.0.1/

Page: 6 / 25
Total 336 questions