CompTIA PenTest+ v1.0

During an assessment, a penetration tester runs the following command: setspn.exe -Q */*
Which of the following attacks is the penetration tester preparing for?

While conducting an assessment, a penetration tester identifies the details for several unreleased products announced at a company-wide meeting. Which of the following attacks did the tester most likely use to discover this information?

A penetration tester wants to attack a server, exhausting its resources and making it unavailable to legitimate users. Which of the following attacks would be best to achieve this result?

During an internal penetration test, a tester compromises a Windows OS-based endpoint and bypasses the defensive mechanism on that system. The tester also discovers the endpoint is part of an Active Directory local domain. The tester’s main goal is to leverage credentials to authenticate into other systems within the Active Directory environment. Which of the following steps should the tester take to complete the goal?

A penetration tester is conducting a wireless security assessment for a client with 2.4GHz and 5GHz access points. The tester places a wireless USB dongle in the laptop to start capturing WPA2 handshakes. Which of the following steps should the tester take next?

A tester performs a vulnerability scan and identifies several outdated libraries used within the customer SaaS product offering. Which of the following types of scans did the tester use to identify the libraries?

A penetration tester reviews a SAST vulnerability scan report. The following vulnerability has been reported as high severity:

The tester inspects the source file and finds the variable response is defined as a constant and is not referred to or used in other sections of the code. Which of the following describes how the tester should classify this reported vulnerability?

A penetration tester would like to leverage a CSRF vulnerability to gather sensitive details from an application's end users. Which of the following tools should the tester use for this task?

A penetration tester gains access to a Linux computer system. The tester then attempts to enumerate user accounts, including the directories and user default shell. Which of the following commands should the tester use to enumerate user accounts?

A client warns the assessment team that an ICS application is maintained by the manufacturer. Any tampering of the host could void the enterprise support terms of use. Which of the following techniques would be most effective to validate whether the application encrypts communications in transit?

While performing a penetration testing exercise, a tester executes the following command:
PS c:\tools> c:\hacks\PsExec.exe \\server01.comptia.org -accepteula cmd.exe
Which of the following best explains what the tester is trying to do?

During an assessment, a penetration tester obtains a low-privilege shell and then runs the following command: findstr /SIM /C:"pass” *.txt *.cfg *.xml
Which of the following is the penetration tester trying to enumerate?

A penetration tester finished a security scan and uncovered numerous vulnerabilities on several hosts. Based on the targets' EPSS and CVSS scores, which of the following targets is the most likely to get attacked?

During a discussion of a penetration test final report, the consultant shows the following payload used to attack a system:
?/<sCRitP>aLeRt("pwned")</ScriPt>
Based on the code, which of the following options represents the attack executed by the tester and the associated countermeasure?