Free Access CompTIA.PT0-001.v2022-06-28.q222 Practice Test (Page 44)

Question 211

A security analyst has uncovered a suspicious request in the logs for a web application.
Given the following URL:

A.Directory traversal

B.Remote file inclusion

C.Cross-site scripting

D.User enumeration

Question 212

A malicious user wants to perform an MITM attach on a computer. The computer network configuration is given below:
IP: 192.168.1.20
NETMASK: 255.255.255.0
DEFAULT GATEWAY: 192.168.1.254
DHCP: 192.168.1.253
DNS: 192.168.10.10, 192.168.20.10
Which of the following commands should the malicious user execute to perform the MITM attack?

A.arpspoof -r -t 192 .168.1.253 192.168.1.20

B.arpspoof -c both -t 192.168.1.20 192.168.1.253

C.arpspoof -c both -r -t 192.168.1.1 192.168.1.20

D.arpspoof -t 192.168.1.20 192.168.1.254

Question 213

Which of the following BEST explains why it is important to maintain confidentiality of any identified findings when performing a penetration test?

A.Penetration test findings could lead to consumer dissatisfaction if made pubic

B.Penetration test findings often contain company intellectual property

C.Penetration test findings are legal documents containing privileged information

D.Penetration test findings can assist an attacker in compromising a system

Question 214

During an internal network penetration test the tester is able to compromise a Windows system and recover the NTLM hash for a local wrltsrnAdrain account Attempting to recover the plaintext password by cracking the hash has proved to be unsuccessful, and the tester has decided to try a pass-the-hash attack to see if the credentials are reused on other in-scope systems Using the Medusa tool the tester attempts to authenticate to a list of systems, including the originally compromised host, with no success Given the output below:

Which of the following Medusa commands would potentially provide better results?

A.#medusa -h hosts.txt -U usera.txt -P hashes, txt -M smbnt. -m GROP:LOCAL -O out.txt -m PASS:HASH

B.#medusa -H hosts.txt -u WrkStnAdmin -p aa3b435b51404eeaa3b435b51404ee:4e63c1b137e274dda214154b349fe316 -M smbnt -m GROUP:DOMAIN -o out.txt

C.#medusa -H hosts.txt -C creds.txt -M mssq1 -m GROUP: DOMAIN -o out.txt

D.#medusa -H hosts.txt -U users, txt -P hashes, txt -M smbnt -m PASS:HASH -o out. txt

Question 215

A penetration tester is perform initial intelligence gathering on some remote hosts prior to conducting a vulnerability < The tester runs the following command nmap -D 192.168.1.1,192.168.1.2,192.168.1.3 -sV -o -max rate 2 192. 168.130 Which ol the following BEST describes why multiple IP addresses are specified?

A.The network is submitted as a /25 or greater and the tester needed to access hosts on two different subnets

B.The scanning machine has several interfaces to balance the scan request across at the specified rate

C.A discovery scan is run on the first set of addresses, whereas a deeper, more aggressive scan is run against the latter host.

D.The tester is trying to perform a more stealthy scan by including several bogus addresses

Other Version: 5205CompTIA.PT0-001.v2022-01-15.q208; 55CompTIA.Ipassleader.PT0-001.v2021-11-19.by.hardy.149q.pdf

Latest Upload: 105OCEG.GRCP.v2025-09-11.q211; 104HP.HPE0-V27.v2025-09-11.q78; 118Oracle.1Z0-1057-23.v2025-09-10.q47; 150Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 131SAP.C-S4EWM-2023.v2025-09-08.q83; 164TheSecOpsGroup.CNSP.v2025-09-08.q20; 223CFAInstitute.ESG-Investing.v2025-09-08.q173; 158PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 148Salesforce.Data-Architect.v2025-09-05.q216; 143Adobe.AD0-E605.v2025-09-05.q50

Question 211

Question 212

Question 213

Question 214

Question 215

Download PDF File