← Back to exam page

PT0-001 CompTIA PenTest+ Certification Exam

Loading demo links...

Showing 7–9 of 15 questions

Question 7

A tester was able to retrieve domain users’ hashes. Which of the following tools can be used to uncover the users’ passwords? (Choose two.)

Select all that apply, then click Submit answer.

  • Hydra

  • Mimikatz

  • Hashcat

  • John the Ripper

  • PSExec

  • Nessus
Question 8

A recently concluded penetration test revealed that a legacy web application is vulnerable to SQL injection. Research indicates that completely remediating the vulnerability would require an architectural change, and the stakeholders are not in a position to risk the availability on the application. Under such circumstances, which of the following controls are low-effort, short-term solutions to minimize the SQL injection risk? (Choose two.)

Select all that apply, then click Submit answer.

  • Identity and eliminate inline SQL statements from the code.

  • Identify and eliminate dynamic SQL from stored procedures.

  • Identify and sanitize all user inputs.

  • Use a whitelist approach for SQL statements.

  • Use a blacklist approach for SQL statements.

  • Identify the source of malicious input and block the IP address.
Question 9

Which of the following CPU registers does the penetration tester need to overwrite in order to exploit a simple buffer overflow?

Select an option, then click Submit answer.

  • Stack pointer register

  • Index pointer register

  • Stack base pointer

  • Destination index register