PrepAway - Latest Free Exam Questions & Answers

Category: PT0-001

Exam PT0-001: CompTIA PenTest+ Certification

A penetration tester was able to enter an SQL injection command into a text box and gain access to the informa

A penetration tester was able to enter an SQL injection command into a text box and gain access to the information store on the database. Which of the following is the BEST recommendation that would mitigate the vulnerability? A. Randomize the credentials used to log in. B. Install host-based intrusion detection. C. Implement input normalization. […]

A penetration tester observes that several high-numbered ports are listening on a public web server. However,

A penetration tester observes that several high-numbered ports are listening on a public web server. However, the system owner says the application only uses port 443. Which of the following would be BEST to recommend? A. Transition the application to another port. B. Filter port 443 to specific IP addresses. C. Implement a web application […]

A penetration tester reviews the scan results of a web application. Which of the following vulnera-bilities is

A penetration tester reviews the scan results of a web application. Which of the following vulnera-bilities is MOST critical and should be prioritized for exploitation? A. Stored XSS B. Fill path disclosure C. Expired certificate D. Clickjacking References https://www.owasp.org/index.php/Top_10_2010-A2-Cross-Site_Scripting_(XSS)

A security consultant receives a document outlining the scope of an upcoming penetration test. This document c

A security consultant receives a document outlining the scope of an upcoming penetration test. This document contains IP addresses and times that each can be scanned. Which of the following would contain this information? A. Rules of engagement B. Request for proposal C. Master service agreement D. Business impact analysis


Page 1 of 212