PDF PT0-001 Study Guide

CompTIA PenTest+ Exam Questions and Answers

Question 9

A penetration tester discovers Heartbleed vulnerabilities in a target network Which of the following impacts would be a result of exploiting this vulnerability?

Options:

Code execution can be achieved on the affected systems

Man-in-the-middle attacks can be used to eavesdrop cookie contents.

The attacker can steal session IDs to impersonate other users

Public certificate contents can be used lo decrypt traffic

Question 10

A penetration tester has obtained access to an IP network subnet that contains ICS equipment intercommunication. Which of the following attacks is MOST likely to succeed in creating a physical effect?

Options:

DNS cache poisoning

Record and replay

Supervisory server SMB

Blind SQL injection

Question 11

While engaging clients for a penetration test from highly regulated industries, which of the following is usually the MOST important to the clients from a business perspective?

Options:

Letter of engagement and attestation of findings

NDA and MSA

SOW and final report

Risk summary and executive summary

Question 12

A penetration tester observes that several high numbered ports are listening on a public web server. However, the system owner says the application only uses port 443. Which of the following would be BEST to recommend?

Options:

Transition the application to another port

Filter port 443 to specific IP addresses

Implement a web application firewall

Disable unneeded services.

New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

CompTIA PenTest+ Exam Questions and Answers

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

CompTIA

Fortinet

Microsoft

Salesforce