CompTIA PenTest+ - PT0-003 模擬練習

A penetration tester is preparing a password-spraying attack against a known list of users for the company " example " . The tester is using the following list of commands:
pw-inspector -i sailwords -t 8 -S pass
spray365.py spray -ep plan
users= " ~/user.txt " ; allwords= " ~/words.txt " ; pass= " ~/passwords.txt " ; plan= " ~/spray.plan " spray365.py generate --password-file $pass --userfile $user --domain " example.com " --execution-plan $plan cew -m 5 " http://www.example.com " -w sailwords Which of the following is the correct order for the list of the commands?

正解: A
解説: (PassTest メンバーにのみ表示されます)
A penetration tester obtains a reverse shell on a server and executes the following command on the compromised server:
echo ' < ?php system($_GET[ " c " ]); ? > ' > > /var/www/public/index.php Which of the following best explains what the penetration tester is trying to do?

正解: A
解説: (PassTest メンバーにのみ表示されます)
Which of the following is the most efficient way to exfiltrate a file containing data that could be sensitive?

正解: B
解説: (PassTest メンバーにのみ表示されます)
A penetration tester is researching a path to escalate privileges. While enumerating current user privileges, the tester observes the following output:
mathematica
Copy code
SeAssignPrimaryTokenPrivilege Disabled
SeIncreaseQuotaPrivilege Disabled
SeChangeNotifyPrivilege Enabled
SeManageVolumePrivilege Enabled
SeImpersonatePrivilege Enabled
SeCreateGlobalPrivilege Enabled
SeIncreaseWorkingSetPrivilege Disabled
Which of the following privileges should the tester use to achieve the goal?

正解: D
解説: (PassTest メンバーにのみ表示されます)
A company hires a penetration tester to perform an external attack surface review as part of a security engagement. The company informs the tester that the main company domain to investigate is comptia.org.
Which of the following should the tester do to accomplish the assessment objective?

正解: C
解説: (PassTest メンバーにのみ表示されます)
In a file stored in an unprotected source code repository, a penetration tester discovers the following line of code:
sshpass -p donotchange ssh [email protected]
Which of the following should the tester attempt to do next to take advantage of this information? (Select two).

正解: C,D
解説: (PassTest メンバーにのみ表示されます)
A penetration tester is trying to execute a post-exploitation activity and creates the follow script:

Which of the following best describes the tester ' s objective?

正解: D
解説: (PassTest メンバーにのみ表示されます)
During an engagement, a penetration tester wants to enumerate users from Linux systems by using finger and rwho commands. However, the tester realizes these commands alone will not achieve the desired result.
Which of the following is the best tool to use for this task?

正解: C
解説: (PassTest メンバーにのみ表示されます)
Given the following findings from a network penetration test:
* Insecure file-sharing settings allowed for host impersonation.
* Confidential information in a shared file was sent in cleartext over the network.
* A denial of service was possible due to outdated file-sharing protocols.
Which of the following should the penetration tester recommend?

正解: C
解説: (PassTest メンバーにのみ表示されます)
A penetration tester successfully clones a source code repository and then runs the following command:
find . -type f -exec egrep -i " token|key|login " {} \;
Which of the following is the penetration tester conducting?

正解: C
解説: (PassTest メンバーにのみ表示されます)
A company ' s incident response team determines that a breach occurred because a penetration tester left a web shell. Which of the following should the penetration tester have done after the engagement?

正解: A
解説: (PassTest メンバーにのみ表示されます)
A company wants to perform a BAS (Breach and Attack Simu-lation) to measure the efficiency of the corporate security controls. Which of the following would most likely help the tester with simple command examples?

正解: B
解説: (PassTest メンバーにのみ表示されます)
During a red-team exercise, a penetration tester obtains an employee ' s access badge. The tester uses the badge ' s information to create a duplicate for unauthorized entry. Which of the following best describes this action?

正解: B
解説: (PassTest メンバーにのみ表示されます)