PenTest+

Here you have the best CompTIA PT0-001 practice exam questions

  • You have 196 total questions to study from
  • Each page has 5 questions, making a total of 40 pages
  • You can navigate through the pages using the buttons at the bottom
  • This questions were last updated on November 28, 2024
Question 1 of 196

DRAG DROP -

Place each of the following passwords in order of complexity from least complex (1) to most complex (4), based on the character sets represented. Each password may be used only once.

Select and Place:

    Correct Answer:

Question 2 of 196

DRAG DROP -

A manager calls upon a tester to assist with diagnosing an issue within the following Python script:

#!/usr/bin/python

s = `Administrator`

The tester suspects it is an issue with string slicing and manipulation. Analyze the following code segment and drag and drop the correct output for each string manipulation to its corresponding code segment. Options may be used once or not at all.

Select and Place:

    Correct Answer:

Question 3 of 196

A penetration tester has compromised a Windows server and is attempting to achieve persistence. Which of the following would achieve that goal?

    Correct Answer: A

    A penetration tester attempting to achieve persistence on a compromised Windows server would likely use the Task Scheduler (schtasks.exe) to create a task that runs a script or executable at specific intervals or events, such as system startup or user logon. The command 'schtasks.exe /create' is used to set up such scheduled tasks. This method ensures that the malicious code will be executed repeatedly, thus maintaining persistence even after system reboots. While the option provided is not entirely correct, it indicates an intention to create a scheduled task, which is a common method for achieving persistence.

Question 4 of 196

A client has scheduled a wireless penetration test. Which of the following describes the scoping target information MOST likely needed before testing can begin?

    Correct Answer: A

    Before conducting a wireless penetration test, it is essential to know the physical location and the network ESSIDs to be tested. This ensures that the tester targets the correct network and avoids any legal issues that could arise from inadvertently accessing unauthorized or neighboring networks. Knowing the exact network ESSIDs helps in identifying the correct access points, especially in environments where multiple networks might be present.

Question 5 of 196

Which of the following BEST describes some significant security weaknesses with an ICS, such as those used in electrical utility facilities, natural gas facilities, dams, and nuclear facilities?

    Correct Answer: A

    ICS vendors are slow to implement adequate security controls. This aligns with well-documented issues in the field where vendors take a significant amount of time to address and patch vulnerabilities. Furthermore, security weaknesses in ICS often stem from inadequate input validation, poor access controls, and issues with security configuration, all of which fall under the purview of vendors. Therefore, the slow response by vendors in implementing necessary security measures represents a significant weakness.