Free Access CompTIA.PT0-001.v2022-06-28.q222 Practice Test (Page 23)

Question 106

A penetration tester ran an Nmap scan against a target and received the following output:

Which of the following commands would be best for the penetration tester to execute NEXT to discover any weaknesses or vulnerabilities?

A.onesixtyone -d 192.168.121.1

B.enum4linux -w 192.168.121.1

C.medusa -h 192.168.121.1 -U users.txt -P passwords.txt -M ssh

D.snmpwalk -c public 192.168.121.1

Question 107

A penetration tester is exploiting the use of default public and private community strings Which of the following protocols is being exploited?

A.SMTP

B.SNMP

C.HTTP

D.DNS

Question 108

A tester has determined that null sessions are enabled on a domain controller. Which of the following attacks can be performed to leverage this vulnerability?

A.Session hijacking to impersonate a system account

B.Password brute forcing to log into the host

C.RID cycling to enumerate users and groups

D.Pass the hash to relay credentials

Question 109

A penetration tester was able to retrieve the initial VPN user domain credentials by phishing a member of the IT department. Afterward, the penetration tester obtained hashes over the VPN and easily cracked them using a dictionary attack Which of the following remediation steps should be recommended? (Select THREE)

A.Install a security information event monitoring solution.

B.Install an intrusion prevention system

C.Prevent members of the IT department from interactively logging in as administrators

D.Increase password complexity requirements

E.Upgrade the cipher suite used for the VPN solution

F.Mandate all employees take security awareness training

G.Implement two-factor authentication for remote access

Question 110

A penetration tester identifies the following findings during an external vulnerability scan:

Which of the following attack strategies should be prioritized from the scan results above?

A.Cryptographically weak protocols may be intercepted.

B.Web server configurations may reveal sensitive information.

C.Obsolete software may contain exploitable components.

D.Weak password management practices may be employed.

Other Version: 5223CompTIA.PT0-001.v2022-01-15.q208; 55CompTIA.Ipassleader.PT0-001.v2021-11-19.by.hardy.149q.pdf

Latest Upload: 105OCEG.GRCP.v2025-09-11.q211; 104HP.HPE0-V27.v2025-09-11.q78; 118Oracle.1Z0-1057-23.v2025-09-10.q47; 152Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 131SAP.C-S4EWM-2023.v2025-09-08.q83; 165TheSecOpsGroup.CNSP.v2025-09-08.q20; 224CFAInstitute.ESG-Investing.v2025-09-08.q173; 175PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 151Salesforce.Data-Architect.v2025-09-05.q216; 148Adobe.AD0-E605.v2025-09-05.q50

Question 106

Question 107

Question 108

Question 109

Question 110

Download PDF File