PenTest+ Practice Exam
A PenTest team reports an issue to a client that may have legal ramifications. What does the team leader report?
An incorrect network scan
A PenTest team considers which issue as part of the lessons learned phase?
New vulnerabilities
While performing a PenTest at a customer site, engineers configure MAC address spoofing on a Windows system while trying to find vulnerabilities on a network. What will result from the engineer's actions?
Traffic will be directed to both the real system and the spoofed system.
A security team plans a lateral move within a client's Windows network. The intent is to exploit a flaw in the Distributed Component Object Model (DCOM) during the move. How does the team achieve this?
Use RPC as a transport mechanism
An engineer scans a network for information that can be used in a mock exploit and discovers that all traffic is not visible on a switch. How can the engineer fix this issue? (Select all that apply.)
Use port monitoring Use switched port analysis Use promiscuous mode
A security team performs post-engagement activities after a PenTest exercise. The team addresses which area?
User accounts
A PenTest team prepares for an engagement at a customer site. Which assets does the team inventory as being in-scope for the test? (Select all that apply.)
Users Domains Service Set Identifiers (SSID)
A security engineer walks through a shopping plaza with a mobile device searching for insecure wireless access points. Which method of reconnaissance does the engineer practice?
War driving
A rogue system is suspected to be on a large network. A PenTester uses the -sY option and should expect what process to happen?
A SCTP Initiation Ping Occurs
A PenTester succeeds with a brute force attack to crack a server password. How did the system become vulnerable to such an attack?
A business logic flaw
A PenTest team must have a strong ethical background. Which issue is ethics related?
A failed background check
A PenTester uses the Nmap utility to scan for a particular host on the network. Without using any options, what does Nmap provide as a result to the PenTester? (Select all that apply.)
ARP requests ICMP type 13
PenTesters submit a report to a client after a successful engagement exercise. The report contains suggestions on improving business continuity. Which control type does the report address?
Administrative
A business hires a PenTest team with a concern that wireless access points (AP) are vulnerable to an insider attack. Which tool do the testers use to gain access to an AP?
Aireplay-ng
A PenTester simulates an attack on a wireless network by capturing frames and then using the information to further an attack on a discovered Basic Service Set (ID) of an access point. What specific tool has the PenTester used to initiate the attack?
Airodump-ng
PenTesters report that a firewall that is being tested is allowing for malicious data to be passed through. The target system on the internal side of the firewall is an email server and all related inbound email ports are scanned. Why does the malicious data pass through undetected? (Select all that apply.)
An ACL is not configured properly The packet matches a permit rule The payload is not scanned
Steganography requires three basic elements to work. Which elements are valid? (Select all that apply.)
Carrier Payload Tool
How is a PenTest report tracked while it passes through many hands before delivery?
Chain of custody
An organization hosts a sensitive presentation within its offices. For security purposes, spectators are asked to comply with which of the following rules? (Select all that apply.)
Checking in all mobile devices with the front desk. Remaining in designated areas only.
After completing a PenTest engagement at a client location, a formal hand-off process to the client is initiated. What can be expected after this action?
Client acceptance
An organization installs an access control vestibule with a card reader at the recommendation of a PenTest report. What vulnerability does the organization need to keep in mind?
Cloning
A PenTester performs a Nmap scan on a host and concludes that a port is not in use and is not responding to a probe. Which status does Nmap return to convince the tester of this fact?
Closed
In a cloud environment, what does the combination of infrastructure, platform services, and software represent?
Cloud Federation
A PenTester bypasses a network access control (NAC) system by using an authenticated device. How might the tester accomplish this?
Configure a rogue access point
An organization utilizes a few dozen voice assistants throughout its offices. The devices are made and branded by an obscure manufacturer. What technological security issue might the organization encounter with these devices?
Lack of automated updates
A PenTester looks to stealthily scan a network server from across a network. What does the tester know is true about scanning this way with Nmap? (Select all that apply.)
Limited effectiveness Incomplete TCP three-way handshake
A security expert uses a tool to scan and exploit a system from the command line while using a default Kali Linux install. Which tool does the expert use?
Metasploit Framework
A systems administrator tells security engineers that a recent server breach succeeded without warning. The engineers explain that the attack was a Living off the Land (LoTL) attack and the system did not throw any alerts for what reason?
Native OS tools were used in the attack
A PenTester provides a client a high level of details on the company and its employees in a report. The PenTester mentions the use of Twitter, Facebook, and the company's website as its sources. What category of intelligence does the PenTester utilize during research?
Open-source
A PenTest technician sanitizes systems from a completed engagement. When overwriting data on disks, which statements are true regarding SSD drives? (Select all that apply.)
Overwriting an HDD is more reliable than with an SSD An SSD uses a write algorithm to reduce wear
A Pentester crafts a packet to test vulnerabilities on a hardware firewall. Packets are fragmented so that a malicious signature is not recognized by an IDS. Considering the packet crafting stages, how does the Pentester evaluate the outcome of the test?
Decode
An employee loses a smartphone while on vacation. The device is used in a BYOD program and contains sensitive data related to the business. Which vulnerability does the company face with the loss of the phone?
Deperimeterization
A PenTester plans to use Telnet to exploit a system during an exercise. The PenTest Supervisor suggests using an alternative that supports encryption. Which tool will provide the encryption the supervisor suggests?
Secure Shell
A PenTester performs active reconnaissance as part of an exercise. The goal is to identify possible query formats for a web app that uses SQL. What method does the PenTester use when using a select query?
Single quote
A PenTester uses Nmap to scan a network. In an effort to evade an intrusion detection system, the tester uses a timing option. Which option works best in this situation?
T1
An organization experiences no network interruptions or systems impact during a PenTest. The PenTest team has been using Nmap with a default timing setting and decides to increase the scan timing to a recommended but stable level. Which timing option does the team use?
T4
A PenTest team prepares a test for a global company with offices in several countries. What procedural information should the PenTest team include in the documented scope before starting?
The regulation and use of tools
A PenTest team discovers that a DNS server responds to dynamic DNS updates without authentication. What causes this action?
The server uses recursion
A Jr. PenTester has difficulty using a Bash script. The script contains the following line $my_str = "Password" which keeps throwing an error. What does a senior PenTester identify as the problem? (Select all that apply.)
The use of $ The use of =
A security engineer uses Google hacking to gain knowledge about an organization's employees. What search results does the engineer retrieve by using the syntax: link:comptia.org about while practicing the command?
To search for any pages that lead to the website with the text "about" on the page
A reconnaissance technique used to identify a client website returns the response <address>Apache/2.4.29 (Ubuntu) Server at comptia.org Port 8080</address>. How does a PenTester focus any testing efforts? (Select all that apply.)
Using Linux tools On a non-standard HTTP port
A PenTest team prepares to perform an attack on an organization to test employee diligence. When spoofing a call, how might the team appear to be trusted?
Utilizing caller ID
A PenTester looks to automate some scanning that is required at a client site. What will the Nmap options -sV --script vulners accomplish? (Select all that apply.)
Version detection on open ports Look for common vulnerabilities and exposures
A PenTester initiates a testing exercise by enumerating network hosts. Which Windows-native tool will provide the tester with valid operating system information for Windows computers?
PowerShell
How does the Penetration Testing Execution Standard (PTES) benefit a PenTest team post-engagement?
Presentation of findings
A PenTest manager drafts multiple contact lists for a pending engagement. Which list does the lead finalize?
Primary contact: CIO, Technical contact: IT manager, Emergency contact: IT Manager
A small shop that sells novelty items begins taking credit card payments. An IT contractor configures the internal network to comply with cardholder data protection policies. What would the contractor consider as a questionable configuration?
Read/write share access
A new receptionist at a financial firm answers a call from someone that claims to be a remote employee. The caller tries to obtain user account information of another employee with a claim that such information is allowed to be given to a Vice President of the firm. Which social engineering techniques does the caller use? (Select all that apply.)
Request Interrogation
An executive at an organization informs a PenTest team that users have started complaining about receiving numerous text messages throughout the day. The executive believes the organization has been hacked. What does a member of the team attribute the activity as?
SMiShing
PenTest results recommend a change to passwords for a server system. One suggestion to harden the system is to add a randomly generated string to a password. What is the technique referred to as?
Salting
Which technical control removes user-supplied unwanted or untrusted data?
Sanitization
A script enumerates details on a network so PenTesters can pivot within a LAN segment during an engagement. What details were enumerated? (Select all that apply.)
host names usernames
A PenTester shows a client how a cleartext password and other information can be extracted from system memory. Which tool does the PenTester demonstrate?
mimikatz
A PenTester remotely adds a user to a Windows system on one box and elevates a Linux user account to root on another. Which approach does the tester use? (Select all that apply.)
net user jjones /add editing a file and changing the user's user ID (UID) and group ID
PenTesters finish performing an exercise for a software development team. What might the testers mention in a final report? (Select all that apply.)
Strong hash functions Credential usage
A PenTest team discovers a new vulnerability in an application and reports the matter to the software developer. Considering the vulnerability lifecycle, in which phase will the developer create a software patch?
Mitigate
A new PenTester looks for a command and control (C2) tool that will work with Mac OS. Which tool does an experienced test suggest?
Mythic
A security engineer discovers that a malware injection attack has occurred on a server in a cloud infrastructure. What does the engineer discover has happened? (Select all that apply.)
Malicious code was concealed in a wrapper. A website experienced cross-site scripting.
An organization plans to apply numerous software patches to remedy vulnerabilities found during a recent PenTest exercise. The PenTest team returns to assist and test that systems are secure. Which vulnerability lifecycle phase does the team participate in?
Manage
A PenTest lead explains to a client that a PenTest is a fluid process. As such, what altering action may result during an exercise?
Goal reprioritization
A PenTest engagement focuses on a particular server at a host organization. The server contains critical information and is of the highest priority to harden. What engagement type do the PenTesters utilize? (Select all that apply.)
Goals Objectives
A PenTest group performs an assessment exercise for a small business. If the exercise targets a particular subnet that is for VIP use only, which assessment approach does the group use when planning an attack? (Select all that apply.)
Goals Objectives
A client comments on a PenTest report by stating the amazement of how much information was found by the team. The client asks which tool was used to find subdomains and their respective directories. Which tool does the PenTester explain?
Gobuster
An organization's legal team drafts a master service agreement (MSA) along with a PenTest team lead. What will the agreement include? (Select all that apply.)
Insurance information Safety guidelines Project scope
An organization that handles credit card payments must follow specific cardholder data environment (CDE) requirements to meet PCI DSS standards. Which approach would satisfy such requirements when it comes to cardholder data? (Select all that apply.)
Isolated subnets Network segmentation
While footprinting a system, a PenTester uses the finger command. What is true regarding this command? (Select all that apply.)
It is used on a Linux system It is used to view a user's home directory
A new business that processes credit card transactions must complete a report on compliance (RoC). What security rank does the business meet? (Select all that apply.)
Level 1 Level 2
What communication protocol does an IT manager establish for a PenTest team during a PenTest engagement?
A testing threshold
A security engineer uses Netcat to listen for connections on a particular port. Which command options does the engineer use to create a persistent listener on port 53 that triggers a script? (Select all that apply.)
-L -p -e
What is the Open Web Application Security Project (OWASP)?
A resource for security risk awareness
A Pentest team performs an exercise at a large financial firm. During the process, it is discovered that a risk exists due to missing firmware updates on several hardware-based firewalls. The team concludes a risk rating during which step of the Pentest process?
Analysis
An organization reviews a recommendations report after a successful PenTest exercise. The cost to mitigate the issue as outlined in the report will be costly. Which group is the report generated for?
C-Suite
An organization performs an analysis to determine its tolerance level for risk. What is this value known as?
Appetite
Security engineers lead a training session for employees on the safe use of mobile devices. During the training, an engineer is unknowingly able to connect to an employee's phone and read data. What attack type has the engineer exposed and explained to the group?
Bluesnarfing
A PenTest team enters a test with no knowledge of the environment. Where will the team focus most of their efforts? (Select all that apply.)
Footprinting Scanning Reconnaissance
An organization realizes the potential for an attack on their systems. As a result, a resiliency assessment takes place, and various controls are suggested to be put in place. If an access control list (ACL) is on a firewall, what type of control does the systems engineer implement?
Logical
A public school system looks to educate its student population with cybersecurity knowledge. Which resource will staff suggest is part of the curriculum?
OSSTMM
A team of Pentesters look to use a tool that can observe and interact with an API on an Android device. Which tool does the team utilize to test an HTTP API?
Postman
A security auditor reviews a small retailer's credit card data protection strategy. In which area would the auditor likely request more detailed information to see that industry recommendations are followed?
Password Policies
Which might a security engineer use to illustrate the logic and functions of a script in a generic way?
Pseudocode
A PenTest exercise has concluded. The team now addresses which area?
Shell Removal
A PenTest group performs an assessment exercise at a client location. If the exercise involves an attack and a response, which assessment approach does the group use when sending fragment data across the network?
Teams
A PenTest team creates a file on an organization with the goal of showing upper management how employees can be targeted. Which open-source intelligence (OSINT) resources does the team utilize to gather information? (Select all that apply.)
The organization's website Twitter feed
A PenTest team looks to map a network for a customer. Which tools would be useful in creating a map? (Select all that apply.)
WMI SNMP ARP
