CompTIA PenTest+ PT1-002 Dumps in PDF

Free CompTIA PT1-002 Real Questions (page: 10)

A security professional wants to test an IoT device by sending an invalid packet to a proprietary service listening on TCP port 3011.
Which of the following would allow the security professional to easily and programmatically manipulate the TCP header length and checksum using arbitrary numbers and to observe how the proprietary service responds?

  1. Nmap
  2. tcpdump
  3. Scapy
  4. hping3

Answer(s): A


Reference:

https://www.mn.uio.no/i /english/research/groups/psy/completedmasters/2017/Kim_Jonatan_Wessel_Bjorneset/ kim_jonatan_wessel_bjorneset_testing_security_for_internet_of_things_a_survey_on_vulnerabilities_in_ip_cameras.pdf (24)



A penetration tester is reviewing the following SOW prior to engaging with a client:
`Network diagrams, logical and physical asset inventory, and employees' names are to be treated as client con dential. Upon completion of the engagement, the penetration tester will submit ndings to the client's Chief Information Security O cer (CISO) via encrypted protocols and subsequently dispose of all ndings by erasing them in a secure manner.`
Based on the information in the SOW, which of the following behaviors would be considered unethical? (Choose two.)

  1. Utilizing proprietary penetration-testing tools that are not available to the public or to the client for auditing and inspection
  2. Utilizing public-key cryptography to ensure ndings are delivered to the CISO upon completion of the engagement
  3. Failing to share with the client critical vulnerabilities that exist within the client architecture to appease the client's senior leadership team
  4. Seeking help with the engagement in underground hacker forums by sharing the client's public IP address
  5. Using a software-based erase tool to wipe the client's ndings from the penetration tester's laptop
  6. Retaining the SOW within the penetration tester's company for future use so the sales team can plan future engagements

Answer(s): C,E



A company recruited a penetration tester to con gure wireless IDS over the network.
Which of the following tools would BEST test the effectiveness of the wireless
IDS solutions?

  1. Aircrack-ng
  2. Wireshark
  3. Wi te
  4. Kismet

Answer(s): A


Reference:

https://purplesec.us/perform-wireless-penetration-test/



A penetration tester gains access to a system and establishes persistence, and then runs the following commands: cat /dev/null > temp touch `"r .bash_history temp mv temp .bash_history
Which of the following actions is the tester MOST likely performing?

  1. Redirecting Bash history to /dev/null
  2. Making a copy of the user's Bash history for further enumeration
  3. Covering tracks by clearing the Bash history
  4. Making decoy les on the system to confuse incident responders

Answer(s): C


Reference:

https://null-byte.wonderhowto.com/how-to/clear-logs-bash-history-hacked-linux-systems-cover-your-tracks-remain-undetected-0244768/



Which of the following web-application security risks are part of the OWASP Top 10 v2017? (Choose two.)

  1. Buffer over ows
  2. Cross-site scripting
  3. Race-condition attacks
  4. Zero-day attacks
  5. Injection aws
  6. Ransomware attacks

Answer(s): A,B


Reference:

https://owasp.org/www-pdf-archive/OWASP_Top_10_2017_RC2_Final.pdf



Share your comments for CompTIA PT1-002 exam with other users:

S
susan sandivore
8/28/2023 1:00:00 AM

thanks for the dump

A
Aderonke
10/31/2023 12:51:00 AM

fantastic assessments

P
Priscila
7/22/2022 9:59:00 AM

i find the xengine test engine simulator to be more fun than reading from pdf.

S
suresh
12/16/2023 10:54:00 PM

nice document

W
Wali
6/4/2023 10:07:00 PM

thank you for making the questions and answers intractive and selectable.

N
Nawaz
7/18/2023 1:10:00 AM

answers are correct?

D
das
6/23/2023 7:57:00 AM

can i belive this dump

S
Sanjay
10/15/2023 1:34:00 PM

great site to practice for sitecore exam

J
jaya
12/17/2023 8:36:00 AM

good for students

B
Bsmaind
8/20/2023 9:23:00 AM

nice practice dumps

K
kumar
11/15/2023 11:24:00 AM

nokia 4a0-114 dumps

V
Vetri
10/3/2023 12:59:00 AM

great content and wonderful to have the answers with explanation

R
Ranjith
8/21/2023 3:39:00 PM

for question #118, the answer is option c. the screen shot is showing the drop down, but the answer is marked incorrectly please update . thanks for sharing such nice questions.

E
Eduardo Ramírez
12/11/2023 9:55:00 PM

the correct answer for the question 29 is d.

D
Dass
11/2/2023 7:43:00 AM

question no 22: correct answers: bc, 1 per session 1 per page 1 per component always

R
Reddy
12/14/2023 2:42:00 AM

these are pretty useful

D
Daisy Delgado
1/9/2023 1:05:00 PM

awesome

A
Atif
6/13/2023 4:09:00 AM

yes please upload

X
Xunil
6/12/2023 3:04:00 PM

great job whoever put this together, for the greater good! thanks!

L
Lakshmi
10/2/2023 5:26:00 AM

just started to view all questions for the exam

R
rani
1/19/2024 11:52:00 AM

helpful material

G
Greg
11/16/2023 6:59:00 AM

hope for the best

H
hi
10/5/2023 4:00:00 AM

will post exam has finished

V
Vmotu
8/24/2023 11:14:00 AM

really correct and good analyze!

H
hicham
5/30/2023 8:57:00 AM

excellent thanks a lot

S
Suman C
7/7/2023 8:13:00 AM

will post once pass the cka exam

R
Ram
11/3/2023 5:10:00 AM

good content

N
Nagendra Pedipina
7/13/2023 2:12:00 AM

q:32 answer has to be option c

T
Tamer Barakat
12/7/2023 5:17:00 PM

nice questions

D
Daryl
8/1/2022 11:33:00 PM

i really like the support team in this website. they are fast in communication and very helpful.

C
Curtis Nakawaki
6/29/2023 9:13:00 PM

a good contemporary exam review

X
x-men
5/23/2023 1:02:00 AM

q23, its an array, isnt it? starts with [ and end with ]. its an array of objects, not object.

A
abuti
7/21/2023 6:24:00 PM

cool very helpfull

K
Krishneel
3/17/2023 10:34:00 AM

i just passed. this exam dumps is the same one from prepaway and examcollection. it has all the real test questions.

AI Tutor 👋 I’m here to help!