← Back to exam page

PT1-002 CompTIA PenTest+

Loading demo links...

Showing 7–9 of 10 questions

Question 7

A penetration tester runs a scan against a server and obtains the following output:

21/tcp open ftp Microsoft ftpd

| ftp-anon: Anonymous FTP login allowed (FTP code 230) | 03-12-20 09:23AM 331 index.aspx

| ftp-syst:

135/tcp open msrpc Microsoft Windows RPC

139/tcp open netbios-ssn Microsoft Windows netbios-ssn

445/tcp open microsoft-ds Microsoft Windows Server 2012 Std 3389/tcp open ssl/ms-wbt-server

| rdp-ntlm-info:

| Target Name: WEB3

| NetBIOS_Computer_Name: WEB3

| Product_Version: 6.3.9600

|_ System_Time: 2021-01-15T11:32:06+00:00

8443/tcp open http Microsoft IIS httpd 8.5

| http-methods:

|_ Potentially risky methods: TRACE

|_http-server-header: Microsoft-IIS/8.5 |_http-title: IIS Windows Server

Which of the following command sequences should the penetration tester try NEXT?

Select an option, then click Submit answer.

  • ftp 192.168.53.23

  • smbclient \\\\WEB3\\IPC$ -I 192.168.53.23 –U guest

  • ncrack –u Administrator –P 15worst_passwords.txt –p rdp 192.168.53.23

  • curl –X TRACE https://192.168.53.23:8443/index.aspx

  • nmap –-script vuln –sV 192.168.53.23
Question 8

A penetration tester would like to obtain FTP credentials by deploying a workstation as an on-path attack between the target and the server that has the FTP protocol. Which of the following methods would be the BEST to accomplish this objective?

Select an option, then click Submit answer.

  • Wait for the next login and perform a downgrade attack on the server.

  • Capture traffic using Wireshark.

  • Perform a brute-force attack over the server.

  • Use an FTP exploit against the server.
Question 9

A penetration tester has been hired to configure and conduct authenticated scans of all the servers on a software company’s network. Which of the following accounts should the tester use to return the MOST results?

Select an option, then click Submit answer.

  • Root user

  • Local administrator

  • Service

  • Network administrator