Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home CompTIA PT1-002

CompTIA PT1-002 Exam Practice Questions (P. 4)

  • Full Access (110 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #16
A security professional wants to test an IoT device by sending an invalid packet to a proprietary service listening on TCP port 3011. Which of the following would allow the security professional to easily and programmatically manipulate the TCP header length and checksum using arbitrary numbers and to observe how the proprietary service responds?
  1. A
    Nmap
  2. B
    tcpdump
  3. C
    Scapy
  4. D
    hping3

Correct Answer:
A
Reference:
https://www.mn.uio.no/ifi/english/research/groups/psy/completedmasters/2017/Kim_Jonatan_Wessel_Bjorneset/ kim_jonatan_wessel_bjorneset_testing_security_for_internet_of_things_a_survey_on_vulnerabilities_in_ip_cameras.pdf
(24)

Question #17
A penetration tester is reviewing the following SOW prior to engaging with a client:
`Network diagrams, logical and physical asset inventory, and employees' names are to be treated as client confidential. Upon completion of the engagement, the penetration tester will submit findings to the client's Chief Information Security Officer (CISO) via encrypted protocols and subsequently dispose of all findings by erasing them in a secure manner.`
Based on the information in the SOW, which of the following behaviors would be considered unethical? (Choose two.)
  1. A
    Utilizing proprietary penetration-testing tools that are not available to the public or to the client for auditing and inspection
  2. B
    Utilizing public-key cryptography to ensure findings are delivered to the CISO upon completion of the engagement
  3. C
    Failing to share with the client critical vulnerabilities that exist within the client architecture to appease the client's senior leadership team
  4. D
    Seeking help with the engagement in underground hacker forums by sharing the client's public IP address
  5. E
    Using a software-based erase tool to wipe the client's findings from the penetration tester's laptop
  6. F
    Retaining the SOW within the penetration tester's company for future use so the sales team can plan future engagements

Correct Answer:
CE

Question #18
A company recruited a penetration tester to configure wireless IDS over the network. Which of the following tools would BEST test the effectiveness of the wireless
IDS solutions?
  1. A
    Aircrack-ng
  2. B
    Wireshark
  3. C
    Wifite
  4. D
    Kismet

Correct Answer:
A
Reference:
https://purplesec.us/perform-wireless-penetration-test/

Question #19
A penetration tester gains access to a system and establishes persistence, and then runs the following commands: cat /dev/null > temp touch `"r .bash_history temp mv temp .bash_history
Which of the following actions is the tester MOST likely performing?
  1. A
    Redirecting Bash history to /dev/null
  2. B
    Making a copy of the user's Bash history for further enumeration
  3. C
    Covering tracks by clearing the Bash history
  4. D
    Making decoy files on the system to confuse incident responders

Correct Answer:
C
Reference:
https://null-byte.wonderhowto.com/how-to/clear-logs-bash-history-hacked-linux-systems-cover-your-tracks-remain-undetected-0244768/

Question #20
Which of the following web-application security risks are part of the OWASP Top 10 v2017? (Choose two.)
  1. A
    Buffer overflows
  2. B
    Cross-site scripting
  3. C
    Race-condition attacks
  4. D
    Zero-day attacks
  5. E
    Injection flaws
  6. F
    Ransomware attacks

Correct Answer:
AB
Reference:
https://owasp.org/www-pdf-archive/OWASP_Top_10_2017_RC2_Final.pdf

Previous Questions Next Questions

All Pages