CompTIA PenTest+ Certification Exam - PT0-001 Exam Practice Test

A penetration test was performed by an on-staff junior technician. During the test, the technician discovered the web application could disclose an SQL table with user account and password information. Which of the following is the MOST effective way to notify management of this finding and its importance?
Correct Answer: C
The following command is run on a Linux file system:
Chmod 4111 /usr/bin/sudo
Which of the following issues may be exploited now?
Correct Answer: A
A penetration tester is assessing the security of a web form for a client and enters ";id" in one of the fields.
The penetration tester observes the following response:

Based on the response, which of the following vulnerabilities exists?
Correct Answer: D
A penetration tester is performing ARP spoofing against a switch. Which of the following should the penetration tester spoof to get the MOST information?
Correct Answer: A
A penetration tester is scanning a network for SSH and has a list of provided targets. Which of the following Nmap commands should the tester use?
Correct Answer: C
While engaging clients for a penetration test from highly regulated industries, which of the following is usually the MOST important to the clients from a business perspective?
Correct Answer: D
After successfully enumerating users on an Active Directory domain controller using enum4linux a penetration tester wants to conduct a password-guessing attack Given the below output:

Which of the following can be used to extract usernames from the above output prior to conducting the attack?
Correct Answer: C
Consumer-based IoT devices are often less secure than systems built for traditional desktop computers.
Which of the following BEST describes the reasoning for this?
Correct Answer: B
An attacker is attempting to gain unauthorized access to a WiR network that uses WPA2-PSK Which of the following attack vectors would the attacker MOST likely use?
Correct Answer: B
A penetration tester generates a report for a host-based vulnerability management agent that is running on a production web server to gather a list of running processes. The tester receives the following information.

Which of the following processes MOST likely demonstrates a lack of best practices?
Correct Answer: C
A penetration tester has been asked to conduct OS fingering with Nmap using a company-provided text file that contains a list of IP addresses. Which of the following are needed to conduct this scan? (Choose two.).
Correct Answer: B,C
Explanation: (Only visible to PassTestking members)
Place each of the following passwords in order of complexity from least complex (1) to most complex (4), based on the character sets represented Each password may be used only once
Correct Answer:
A company requested a penetration tester review the security of an in-house-developed Android application. The penetration tester received an APK file to support the assessment. The penetration tester wants to run SAST on the APK file. Which of the following preparatory steps must the penetration tester do FIRST? (Select TWO)
Correct Answer: E