Summer Certification Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Complete PT0-003 CompTIA Materials

Page: 17 / 25
Total 336 questions

CompTIA PenTest+ Exam Questions and Answers

Question 65

A penetration tester aims to exploit a vulnerability in a wireless network that lacks proper encryption. The lack of proper encryption allows malicious content to infiltrate the network. Which of the following techniques would most likely achieve the goal?

Options:

A.

Packet injection

B.

Bluejacking

C.

Beacon flooding

D.

Signal jamming

Question 66

During a penetration testing exercise, a team decides to use a watering hole strategy. Which of the following is the most effective approach for executing this attack?

Options:

A.

Compromise a website frequently visited by the organization ' s employees.

B.

Launch a DDoS attack on the organization ' s website.

C.

Create fake social media profiles to befriend employees.

D.

Send phishing emails to the organization ' s employees.

Question 67

During an assessment of a company, a penetration tester sends the following email to the company’s Chief Financial Officer (CFO):

Dear CFO,

As we talked about during a recent meeting, please open the following attachment that contains the invoice for an existing vendor. If you do not pay this now, we will suspend the licenses for your billing system in three days.

GoPay CMS Systems Services

Which of the following techniques is this attack an example of?

Options:

A.

Whaling

B.

Phishing

C.

Spear phishing

D.

Vishing

Question 68

During a penetration test, the tester uses a vulnerability scanner to collect information about any possible vulnerabilities that could be used to compromise the network. The tester receives the results and then executes the following command:

snmpwalk -v 2c -c public 192.168.1.23

Which of the following is the tester trying to do based on the command they used?

Options:

A.

Bypass defensive systems to collect more information.

B.

Use an automation tool to perform the attacks.

C.

Script exploits to gain access to the systems and host.

D.

Validate the results and remove false positives.

Page: 17 / 25
Total 336 questions