Which of the following is the BEST resource for obtaining payloads against specific network infrastructure products?
A. Exploit-DB
B. Retina
C. Shodan
D. Metasploit
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 2:
Which of the following can be used to store alphanumeric data that can be fed into scripts or programs as input to penetration-testing tools?
A. For-loop
B. Catalog
C. Symlink
D. Directory
E. Dictionary
正解:E
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
Which of the following is the MOST common vulnerability associated with IoT devices that are directly connected to the Internet?
A. Inability to network
B. Unsupported operating systems
C. The existence of default passwords
D. Susceptibility to DDoS attacks
正解:B
質問 4:
A penetration tester issues the following command after obtaining a low-privilege reverse shell: wmic service get name,pathname,startmode Which of the following is the most likely reason the penetration tester ran this command?
A. To list scheduled tasks that may be exploitable
B. To find services that have unquoted service paths
C. To register a service to run as System
D. To search for passwords in the service directory
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
A penetration tester has completed an analysis of the various software products produced by the company under assessment. The tester found that over the past several years the company has been including vulnerable third-party modules in multiple products, even though the quality of the organic code being developed is very good. Which of the following recommendations should the penetration tester include in the report?
A. Add a dependency checker into the tool chain.
B. Perform fuzz testing of compiled binaries.
C. Validate API security settings before deployment.
D. Perform routine static and dynamic analysis of committed code.
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 6:
A penetration tester exploited a vulnerability on a server and remotely ran a payload to gain a shell. However, a connection was not established, and no errors were shown on the payload execution. The penetration tester suspected that a network device, like an IPS or next-generation firewall, was dropping the connection. Which of the following payloads are MOST likely to establish a shell successfully?
A. windows/x64/shell_reverse_tcp
B. windows/x64/meterpreter/reverse_https
C. windows/x64/meterpreter/reverse_http
D. windows/x64/meterpreter/reverse_tcp
E. windows/x64/powershell_reverse_tcp
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 7:
A penetration tester was brute forcing an internal web server and ran a command that produced the following output:
However, when the penetration tester tried to browse the URL http://172.16.100.10:3000/profile, a blank page was displayed.
Which of the following is the MOST likely reason for the lack of output?
A. This URI returned a server error.
B. The HTTP port is not open on the firewall.
C. The tester did not run sudo before the command.
D. The web server is using HTTPS instead of HTTP.
正解:B
質問 8:
A customer adds a requirement to the scope of a penetration test that states activities can only occur during normal business hours. Which of the following BEST describes why this would be necessary?
A. Because of concerns regarding bandwidth limitations
B. For testing of the customer's SLA with the ISP
C. To ensure someone is available if something goes wrong
D. To meet PCI DSS testing requirements
正解:C
質問 9:
In the process of active service enumeration, a penetration tester identifies an SMTP daemon running on one of the target company's servers. Which of the following actions would BEST enable the tester to perform phishing in a later stage of the assessment?
A. Check for an open relay configuration.
B. Test for RFC-defined protocol conformance.
C. Attempt to brute force authentication to the service.
D. Perform a reverse DNS query and match to the service banner.
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
河野** -
CompTIAの問題集は、短時間内に受験したい人におすすめだな。すべての問題を暗記して言ったら絶対合格すると思うよ。だって試験問題のほとんどがこの問題集に収めたんだもん。