CompTIA PT0-001 CompTIA PenTest+ (Plus) Exam Practice Test Questions

• Question 1

  A penetration tester notices that the X-Frame-Optjons header on a web application is not set. Which of the following would a malicious actor do to exploit this configuration setting?

  • Use path modification to escape the application's framework.
    
  • Create a frame that overlays the application.
    
  • Inject a malicious iframe containing JavaScript.
    
  • Pass an iframe attribute that is malicious.
    

  Show Answer Answer: 3 Next

• Question 2

  A penetration tester wants to target NETBIOS name service. Which of the following is the most likely command to exploit the NETBIOS name service?

  • arPspoof
    
  • nmap
    
  • responder
    
  • burpsuite
    

  Show Answer Answer: 1 Next

• Question 3

  A security consultant is trying to attack a device with a previously identified user account.Which of the following types of attacks is being executed?

  • Credential dump attack
    
  • DLL injection attack
    
  • Reverse shell attack
    
  • Pass the hash attack
    

  Show Answer Answer: 4 Next

• Question 4

  A penetration tester calls human resources and begins asking open-ended questions Which of the following social engineering techniques is the penetration tester using?

  • Interrogation
    
  • Elicitation
    
  • Impersonation
    
  • Spear phishing
    

  Show Answer Answer: 2 Next

• Question 5

  Which of the following actions BEST matches a script kiddie's threat actor?

  • Exfiltrate network diagrams to perform lateral movement
    
  • Steal credit cards from the database and sell them in the deep web
    
  • Install a rootkit to maintain access to the corporate network
    
  • Deface the website of a company in search of retribution
    

  Show Answer Answer: 2 Next