Free Access CompTIA.PT0-001.v2022-01-15.q208 Practice Test (Page 38)

Question 181

A security consultant receives a document outlining the scope of an upcoming penetration test. This document contains IP addresses and times that each can be scanned. Which of the following would contain this information?

A.Master service agreement

B.Business impact analysis

C.Rules of engagement

D.Request for proposal

Question 182

A penetration tester is required to perform OSINT on staff at a target company after completing the infrastructure aspect. Which of the following would be the BEST step for penetration?

A.Obtain staff information by calling the company and using social engineering techniques.

B.Visit the client and use impersonation to obtain information from staff.

C.Send spoofed emails to staff to see if staff will respond with sensitive information.

D.Search the internet for information on staff such as social networking sites.

Question 183

During an engagement, a consultant identifies a number of areas that need further investigation and require an extension of the engagement.
Which of the following is the MOST likely reason why the engagement may not be able to continue?

A.The consultant did not sign an NDA.

B.The initial findings were not communicated to senior leadership.

C.The company did not properly scope the project.

D.The consultant was not provided with the appropriate testing tools.

Question 184

A penetration test was performed by an on-staff technicians junior technician. During the test, the technician discovered the application could disclose an SQL table with user account and password information. Which of the following is the MOST effective way to notify management of this finding and its importance?

A.Connect to the SQL server using this information and change the password to one or two non-critical accounts to demonstrate a proof-of-concept to management.

B.Notify the development team of the discovery and suggest that input validation be implemented on the web application's SQL query strings.

C.Request that management create an RFP to begin a formal engagement with a professional penetration testing company.

D.Document Ihe findtngs with an executive summary, recommendations, and screenshots of the web apphcation disclosure.

Question 185

A security analyst was provided with a detailed penetration report, which was performed against the organization's DMZ environment. It was noted on the report that a finding has a CVSS base score of 10.0.
Which of the following levels of difficulty would be required to exploit this vulnerability?

A.Very difficult; perimeter systems are usually behind a firewall.

B.Somewhat difficult; would require significant processing power to exploit.

C.Trivial; little effort is required to exploit this finding.

D.Impossible; external hosts are hardened to protect against attacks.

Premium Bundle

Newest PT0-001 Exam PDF Dumps shared by BraindumpsPass.com for Helping Passing PT0-001 Exam! BraindumpsPass.com now offer the updated PT0-001 exam dumps, the BraindumpsPass.com PT0-001 exam questions have been updated and answers have been corrected get the latest BraindumpsPass.com PT0-001 pdf dumps with Exam Engine here:

Access PT0-001 Premium Version

(295 Q&As Dumps, 40%OFF Special Discount: Exam-Tests)

Other Version: 4566CompTIA.PT0-001.v2022-06-28.q222; 55CompTIA.Ipassleader.PT0-001.v2021-11-19.by.hardy.149q.pdf

Latest Upload: 103OCEG.GRCP.v2025-09-11.q211; 102HP.HPE0-V27.v2025-09-11.q78; 118Oracle.1Z0-1057-23.v2025-09-10.q47; 150Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 131SAP.C-S4EWM-2023.v2025-09-08.q83; 164TheSecOpsGroup.CNSP.v2025-09-08.q20; 222CFAInstitute.ESG-Investing.v2025-09-08.q173; 157PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 147Salesforce.Data-Architect.v2025-09-05.q216; 141Adobe.AD0-E605.v2025-09-05.q50