PT0-001 Online Practice Questions and Answers
A penetration tester notices that the X-Frame-Optjons header on a web application is not set. Which of the following would a malicious actor do to exploit this configuration setting?
A. Use path modification to escape the application's framework.
B. Create a frame that overlays the application.
C. Inject a malicious iframe containing JavaScript.
D. Pass an iframe attribute that is malicious.
Click the exhibit button.
Given the Nikto vulnerability, scan output shown in the exhibit, which of the following exploitation techniques might be used to exploit the target system? (Choose two.)
A. Arbitrary code execution
B. Session hijacking
C. SQL injection
D. Login credential brute-forcing
E. Cross-site request forgery
Which of the following commands will allow a tester to enumerate potential unquoted services paths on a host?
A. wmic environment get name, variablevalue, username / findstr /i "Path" | findstr /i "service"
B. wmic service get /format:hform > c:\temp\services.html
C. wmic startup get caption, location, command | findstr /i "service" | findstr /v /i "%"
D. wmic service get name, displayname, patchname, startmode | findstr /i "auto" | findstr /i /v "c:\windows\\" | findstr /i /v """
A penetration tester is exploiting the use of default public and private community strings Which of the following protocols is being exploited?
A. SMTP
B. DNS
C. SNMP
D. HTTP
A penetration tester is reviewing a Zigbee Implementation for security issues. Which of the following device types is the tester MOST likely testing?
A. Router
B. loT
C. WAF
D. PoS
A penetration tester delivers a web application vulnerability scan report to a client. The penetration tester rates a vulnerability as medium severity. The same vulnerability was reported as a critical severity finding on the previous report.
Which of the following is the MOST likely reason for the reduced severity?
A. The client has applied a hot fix without updating the version.
B. The threat landscape has significantly changed.
C. The client has updated their codebase with new features.
D. Thera are currently no known exploits for this vulnerability.
A penetration test was performed by an on-staff junior technician. During the test, the technician discovered the web application could disclose an SQL table with user account and password information.
Which of the following is the MOST effective way to notify management of this finding and its importance?
A. Document the findings with an executive summary, recommendations, and screenshots of the web application disclosure.
B. Connect to the SQL server using this information and change the password to one or two non-critical accounts to demonstrate a proof--of-concept to management.
C. Notify the development team of the discovery and suggest that input validation be implemented with a professional penetration testing company.
D. Request that management create an RFP to begin a formal engagement with a professional penetration testing company.
A company hires a penetration tester to determine if there are any vulnerabilities in its new VPN concentrator installation with an external IP of 100.170.60.5.
Which of the following commands will test if the VPN is available?
A. fpipe.exe -1 8080 -r 80 100.170.60.5
B. ike-scan -A -t 1 --sourceip=apoof_ip 100.170.60.5
C. nmap -sS -A -f 100.170.60.5
D. nc 100.170.60.5 8080 /bin/sh
A penetration tester, who is not on the client's network. is using Nmap to scan the network for hosts that are in scope. The penetration tester is not receiving any response on the command:
nmap 100.100/1/0-125
Which of the following commands would be BEST to return results?
A. nmap -Pn -sT 100.100.1.0-125
B. nmap -sF -p 100.100.1.0-125
C. nmap -sV -oA output 100.100.10-125
D. nmap 100.100.1.0-125 -T4
An attacker performed a MITM attack against a mobile application. The attacker is attempting to manipulate the application's network traffic via a proxy tool. The attacker only sees limited traffic as cleartext. The application log files indicate secure SSL/TLS connections are failing. Which of the following is MOST likely preventing proxying of all traffic?
A. Misconfigured routes
B. Certificate pinning
C. Strong cipher suites
D. Closed ports
What Makes leads4pass.com Differ From Others?
There are tens of thousands of certification exam dumps provided on the internet. To keep the exam dumps valid, the exam questions latest and the exam answers accurate should be the first aim. Also, to make the exam PDF and exam VCE simulator easy to use is very important. Besides, leads4pass.com has 100% pass guarantee policy. Free exam demo is available. Customer support team is ready to help at any time when required.
All rights are reserved by leads4pass.com. Any changes, copy or trademarks abuse will be regarded as infringement. leads4pass.com will reserve the right to pursue accountability.
Copyright © 2004-2024 leads4pass.com.