Podcast
Questions and Answers
Which of the following commands will allow a penetration tester to permit a shell script to be executed by the file owner?
Which of the following commands will allow a penetration tester to permit a shell script to be executed by the file owner?
- chmod u+e script.sh
- chmod o+x script.sh
- chmod u+x script.sh (correct)
- chmod o+e script.sh
Which of the following actions is the tester MOST likely performing?
Which of the following actions is the tester MOST likely performing?
- Making a copy of the user’s Bash history to further enumeration
- Covering tracks by clearing the Bash history (correct)
- Redirecting Bash history to /dev/null
- Making decoy files on the system to confuse incident responders
A compliance-based penetration test is primarily concerned with:
A compliance-based penetration test is primarily concerned with:
- Obtaining specific information from the protected network.
- Determining the efficacy of a specific set of security standards. (correct)
- Bypassing protection on edge devices.
- Obtaining PII from the protected network.
Which of the following would the tester MOST likely describe as a benefit of the MITRE ATT&CK framework?
Which of the following would the tester MOST likely describe as a benefit of the MITRE ATT&CK framework?
Which of the following BEST describes the OWASP Top 10?
Which of the following BEST describes the OWASP Top 10?
Which of the following is the BEST method to help an attacker gain internal access to the affected machine?
Which of the following is the BEST method to help an attacker gain internal access to the affected machine?
Which of the following should the tester verify FIRST to assess risk?
Which of the following should the tester verify FIRST to assess risk?
Which of the following commands could be used to download a file named exploit to a target machine for execution?
Which of the following commands could be used to download a file named exploit to a target machine for execution?
Which of the following commands should the penetration tester run post-engagement?
Which of the following commands should the penetration tester run post-engagement?
Flashcards are hidden until you start studying
Study Notes
CompTIA PenTest+ Exam Overview
- Exam code: PT0-002
- Total questions: 68
- Focus: Practical skills in pentesting
Key Commands in Penetration Testing
chmod u+x script.sh
: Grants execution permission to the file owner for a shell script.- To obscure activity, penetration testers may redirect or clear Bash history.
Persistence and Covering Tracks
- Covering tracks is critical; most likely actions include clearing Bash history after gaining system access.
Compliance-Based Penetration Testing
- Primarily concerns assessing the effectiveness of security standards rather than bypassing protections or obtaining sensitive information.
MITRE ATT&CK Framework
- Useful for understanding security intrusion tactics, helping to disrupt existing intrusions and improve security posture.
OWASP Top 10
- Represents the most critical risks in web applications.
- Does not list all risks or provide compliance guidelines; focuses on the most significant vulnerabilities.
Vulnerability Discovery and Exploitation
- Path traversal vulnerabilities can allow file uploads; editing critical configuration files (like smb.conf) may provide internal access to attackers.
Cloud Security Testing
- Initial assessment of security should verify if sensitive client data is publicly accessible before exploring other security measures.
File Transfer via HTTP Server
python -m SimpleHTTPServer 9891
can be used to host files; thewget
command allows for file download from this server.
Post-Engagement Actions
- When access has been gained, removing evidence (like temporary files created during the exploitation) is crucial for operational security.
Reporting in Static Application-Security Testing
- Final reports should include a summary of methods and action points relevant for developers, ensuring they understand both vulnerabilities and remediation strategies.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.