Comptia certsexpert download Full Version Pt0-002 Exam by Belle q25 vce pdf

Page: 10 / 29

Exam Name:	CompTIA PenTest+ Certification Exam
Exam Code:	PT0-002 Dumps
Vendor:	CompTIA	Certification:	PenTest+
Questions:	400 Q&A's	Shared By:	belle

Question 40

A penetration tester is conducting an assessment of an organization that has both a web and mobile application. While testing the user profile page, the penetration tester notices that additional data is returned in the API response, which is not displayed in the web user interface. Which of the following is the most effective technique to extract sensitive user data?

Options:

Compare PI I from data leaks to publicly exposed user profiles.

Target the user profile page with a denial-of-service attack.

Target the user profile page with a reflected XSS attack.

Compare the API response fields to GUI fields looking for PH.

Discussion

Annabel

I recently used them for my exam and I passed it with excellent score. I am impressed.

Amirah (not set)

I passed too. The questions I saw in the actual exam were exactly the same as the ones in the Cramkey Dumps. I was able to answer the questions confidently because I had already seen and studied them.

Andrew

Are these dumps helpful?

Jeremiah (not set)

Yes, Don’t worry!!! I'm confident you'll find them to be just as helpful as I did. Good luck with your exam!

Reeva

Wow what a success I achieved today. Thank you so much Cramkey for amazing Dumps. All students must try it.

Amari (not set)

Wow, that's impressive. I'll definitely keep Cramkey in mind for my next exam.

Faye

Yayyyy. I passed my exam. I think all students give these dumps a try.

Emmeline (not set)

Definitely! I have no doubt new students will find them to be just as helpful as I did.

Syeda

I passed, Thank you Cramkey for your precious Dumps.

Stella (not set)

That's great. I think I'll give Cramkey Dumps a try.

Question 41

A penetration tester opened a shell on a laptop at a client's office but is unable to pivot because of restrictive ACLs on the wireless subnet. The tester is also aware that all laptop users have a hard-wired connection available at their desks. Which of the following is the BEST method available to pivot and gain additional access to the network?

Options:

Set up a captive portal with embedded malicious code.

Capture handshakes from wireless clients to crack.

Span deauthentication packets to the wireless clients.

Set up another access point and perform an evil twin attack.

Discussion

Question 42

A security analyst needs to perform a scan for SMB port 445 over a/16 network. Which of the following commands would be the BEST option when stealth is not a concern and the task is time sensitive?

Options:

Nmap -s 445 -Pn -T5 172.21.0.0/16

Nmap -p 445 -n -T4 -open 172.21.0.0/16

Nmap -sV --script=smb* 172.21.0.0/16

Nmap -p 445 -max -sT 172. 21.0.0/16

Discussion

Question 43

During the scoping phase of an assessment, a client requested that any remote code exploits discovered during testing would be reported immediately so the vulnerability could be fixed as soon as possible. The penetration tester did not agree with this request, and after testing began, the tester discovered a vulnerability and gained internal access to the system. Additionally, this scenario led to a loss of confidential credit card data and a hole in the system. At the end of the test, the penetration tester willfully failed to report this information and left the vulnerability in place. A few months later, the client was breached and credit card data was stolen. After being notified about the breach, which of the following steps should the company take NEXT?

Options:

Deny that the vulnerability existed

Investigate the penetration tester.

Accept that the client was right.

Fire the penetration tester.