PT0-001 exam questions for practice in 2022 Updated 295 Questions
Updated Oct-2022 Premium PT0-001 Exam Engine pdf - Download Free Updated 295 Questions
NEW QUESTION 38
A manager calls upon a tester to assist with diagnosing an issue within the following Python script:
#!/usr/bin/python
s = "Administrator"
The tester suspects it is an issue with string slicing and manipulation Analyze the following code segment and drag and drop the correct output for each string manipulation to its corresponding code segment Options may be used once or not at all
Answer:
Explanation:
NEW QUESTION 39
A company's corporate policies state that employees are able to scan any global network as long as it is done within working hours. Government laws prohibit unauthorized scanning. Which of the following should an employee abide by?
- A. Company policies must be followed in this situation
- B. Laws supersede corporate policies
- C. Industry standards receding scanning should be followed
- D. The employee must obtain written approval from the company's Chief Information Security Officer (ClSO) prior to scanning
Answer: B
NEW QUESTION 40
A penetration tester is performing a black-box test of a client web application, and the scan host is unable to access it. The client has sent screenshots showing the system is functioning correctly. Which of the following is MOST likely the issue?
- A. The penetration tester was not provided with a WSDL file.
- B. An IPS/WAF whitelist is in place to protect the environment.
- C. The tester has provided an incorrect password for the application.
- D. The penetration tester needs an OAuth bearer token.
Answer: D
NEW QUESTION 41
Performance based
You are a penetration Inter reviewing a client's website through a web browser.
Instructions:
Review all components of the website through the browser to determine if vulnerabilities are present.
Remediate ONLY the highest vulnerability from either the certificate source or cookies.
Answer:
Explanation:
Explanation
paypal tran
NEW QUESTION 42
Click the exhibit button.
Given the Nikto vulnerability, scan output shown in the exhibit, which of the following exploitation techniques might be used to exploit the target system? (Choose two.)
- A. SQL injection
- B. Cross-site request forgery
- C. Login credential brute-forcing
- D. Session hijacking
- E. Arbitrary code execution
Answer: C,D
NEW QUESTION 43
Instructions:
Analyze the code segments to determine which sections are needed to complete a port scanning script.
Drag the appropriate elements into the correct locations to complete the script.
If at any time you would like to bring back the initial state of the simulation, please click the reset all button.
During a penetration test, you gain access to a system with a limited user interface. This machine appears to have access to an isolated network that you would like to port scan.
Answer:
Explanation:
NEW QUESTION 44
HOTSPOT
You are a security analyst tasked with hardening a web server.
You have been given a list of HTTP payloads that were flagged as malicious.
Answer:
Explanation:
NEW QUESTION 45
A penetration tester reviews the scan results of a web application. Which of the following vulnerabilities is MOST critical and should be prioritized for exploitation?
- A. Stored XSS
- B. Fill path disclosure
- C. Expired certificate
- D. Clickjacking
Answer: A
Explanation:
Explanation
References https://www.owasp.org/index.php/Top_10_2010-A2-Cross-Site_Scripting_(XSS)
NEW QUESTION 46
A company contracted a firm specializing in penetration testing to assess the security of a core business application. The company provided the firm with a copy of the Java bytecode. Which of the following steps must the firm take before it can run a static code analyzer?
- A. Decompile the application.
- B. Run the application through a dynamic code analyzer.
- C. Employ a fuzzing utility.
- D. Check memory allocations.
Answer: D
Explanation:
Explanation
NEW QUESTION 47
During testing, a critical vulnerability is discovered on a client's core server. Which of the following should be the NEXT action?
- A. Disable the network port of the affected service.
- B. Promptly alert the client with details of the finding.
- C. Take the target offline so it cannot be exploited by an attacker.
- D. Complete all findings, and then submit them to the client.
Answer: A
NEW QUESTION 48
A technician is reviewing the following report. Given this information, identify which vulnerability can be definitively confirmed to be a false positive by dragging the "false positive" token to the "Confirmed" column for each vulnerability that is a false positive.
Answer:
Explanation:
NEW QUESTION 49
Which of the following tools is used to perform a credential brute force attack?
- A. Peach
- B. Hydra
- C. John the Ripper
- D. Hashcat
Answer: B
Explanation:
Explanation/Reference: https://www.greycampus.com/blog/information-security/brute-force-attacks-prominent-tools-to-tackle-such-attacks
NEW QUESTION 50
A file contains several hashes. Which of the following can be used in a pass-the-hash attack?
- A. Kerberos
- B. NTLM
- C. LMv2
- D. NTLMv2
- E. NTLMv1
Answer: A
NEW QUESTION 51
Performance based
You are a penetration Inter reviewing a client's website through a web browser.
Instructions:
Review all components of the website through the browser to determine if vulnerabilities are present.
Remediate ONLY the highest vulnerability from either the certificate source or cookies.
Answer:
Explanation:
NEW QUESTION 52
A static code analysis report of a web application can be leveraged to identify:
- A. business logic flaws.
- B. insufficient input sanitization.
- C. clickjacking.
- D. client-side data storage.
- E. session fixation issues.
Answer: C
NEW QUESTION 53
......
Authentic PT0-001 Dumps With 100% Passing Rate Practice Tests Dumps: https://www.itexamreview.com/PT0-001-exam-dumps.html
CompTIA PT0-001 Real Exam Questions Guaranteed Updated Dump from ITexamReview: https://drive.google.com/open?id=1j91FWwaijBw308ekvDBi5KIdHvFCLb6k
