Free Access CompTIA.PT0-001.v2022-06-28.q222 Practice Test (Page 32)

Question 151

A penetration tester is required to perform OSINT on staff at a target company after completing the infrastructure aspect. Which of the following would be the BEST step for penetration?

A.Obtain staff information by calling the company and using social engineering techniques.

B.Visit the client and use impersonation to obtain information from staff.

C.Send spoofed emails to staff to see if staff will respond with sensitive information.

D.Search the internet for information on staff such as social networking sites.

Question 152

A penetration tester wants to launch a graphic console window from a remotely compromised host with IP 10.0.0.20 and display the terminal on the local computer with IP
192.168.1.10. Which of the following would accomplish this task?

A.From the remote computer, run the following commands:
Export IHOST 192.168.1.10:0.0
xhost+
Terminal

B.From the local computer, run the following command
Nc -1 -p 6000
Then, from the remote computer, run the following command
Xterm | nc 192.168.1.10 6000

C.From the local computer, run the following command
ssh -r6000 : 127.0.01:4444 -p 6000 [email protected] "xhost+; xterm"

D.From the local computer, run the following command
ssh -L4444 : 127.0.01:6000 -% [email protected] xterm

Question 153

DRAG DROP
A manager calls upon a tester to assist with diagnosing an issue within the following Python script:
#!/usr/bin/python
s = "Administrator"
The tester suspects it is an issue with string slicing and manipulation Analyze the following code segment and drag and drop the correct output for each string manipulation to its corresponding code segment Options may be used once or not at all

Question 154

A recently concluded penetration test revealed that a legacy web application is vulnerable lo SQL injection Research indicates that completely remediating the vulnerability would require an architectural change, and the stakeholders are not m a position to risk the availability of the application Under such circumstances, which of the following controls are low-effort, short-term solutions to minimize the SQL injection risk?
(Select TWO).

A.Use a whitelist approach for SQL statements.

B.Identify and eliminate dynamic SQL from stored procedures.

C.Identify the source of malicious input and block the IP address.

D.Use a blacklist approach for SQL statements.

E.Identity and eliminate inline SQL statements from the code.

F.Identify and sanitize all user inputs.

Question 155

A client requests that a penetration tester emulate a help desk technician who was recently laid off. Which of the following BEST describes the abilities of the threat actor?

A.Advanced persistent threat

B.Script kiddie

C.Hacktivist

D.Organized crime

Other Version: 5210CompTIA.PT0-001.v2022-01-15.q208; 55CompTIA.Ipassleader.PT0-001.v2021-11-19.by.hardy.149q.pdf

Latest Upload: 105OCEG.GRCP.v2025-09-11.q211; 104HP.HPE0-V27.v2025-09-11.q78; 118Oracle.1Z0-1057-23.v2025-09-10.q47; 150Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 131SAP.C-S4EWM-2023.v2025-09-08.q83; 165TheSecOpsGroup.CNSP.v2025-09-08.q20; 223CFAInstitute.ESG-Investing.v2025-09-08.q173; 158PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 150Salesforce.Data-Architect.v2025-09-05.q216; 144Adobe.AD0-E605.v2025-09-05.q50

Question 151

Question 152

Question 153

Question 154

Question 155

Download PDF File