adplus-dvertising

Welcome to the Exploiting and Pivoting MCQs Page

Dive deep into the fascinating world of Exploiting and Pivoting with our comprehensive set of Multiple-Choice Questions (MCQs). This page is dedicated to exploring the fundamental concepts and intricacies of Exploiting and Pivoting, a crucial aspect of CompTIA PenTest+ Certification Exam PT0 002. In this section, you will encounter a diverse range of MCQs that cover various aspects of Exploiting and Pivoting, from the basic principles to advanced topics. Each question is thoughtfully crafted to challenge your knowledge and deepen your understanding of this critical subcategory within CompTIA PenTest+ Certification Exam PT0 002.

frame-decoration

Check out the MCQs below to embark on an enriching journey through Exploiting and Pivoting. Test your knowledge, expand your horizons, and solidify your grasp on this vital area of CompTIA PenTest+ Certification Exam PT0 002.

Note: Each MCQ comes with multiple answer choices. Select the most appropriate option and test your understanding of Exploiting and Pivoting. You can click on an option to test your knowledge before viewing the solution for a MCQ. Happy learning!

Exploiting and Pivoting MCQs | Page 6 of 13

Explore more Topics under CompTIA PenTest+ Certification Exam PT0 002

Q51.
What is the purpose of using a "call home" script in scheduled tasks?

a.

To execute a script that performs harmless actions on the compromised system.

b.

To schedule tasks that run only during the daytime.

c.

To retain access to systems by initiating connections to a controlled system on a regular basis.

d.

To automate the removal of malware from the compromised system.

Discuss
Answer: (c).To retain access to systems by initiating connections to a controlled system on a regular basis. Explanation:The purpose of using a "call home" script in scheduled tasks is to retain access to systems by initiating connections to a controlled system on a regular basis.
Q52.
What is the primary function of Responder in the context of SMB services?

a.

To scan for open shares and services.

b.

To brute-force logins for SMB.

c.

To reply to queries for resources and capture hashed credentials.

d.

To gather information about SMB implementations.

Discuss
Answer: (c).To reply to queries for resources and capture hashed credentials. Explanation:In the context of SMB services, the primary function of Responder is to reply to queries for resources and capture hashed credentials.
Q53.
What protocol is used by SMB for file-sharing, authentication, authorization, and print services?

a.

HTTP

b.

FTP

c.

SMTP

d.

SMB

Discuss
Answer: (d).SMB Explanation:SMB (Server Message Block) is used for file-sharing, authentication, authorization, and print services.
Q54.
What is the primary purpose of SecureAuth’s Impacket toolset?

a.

Registry manipulation on Windows systems

b.

Creating WMI persistence on remote machines

c.

Lightweight packet sniffing using raw sockets

d.

Capturing active hashes from authenticated sessions

Discuss
Answer: (b).Creating WMI persistence on remote machines Explanation:The primary purpose of SecureAuth’s Impacket toolset includes creating WMI persistence on remote machines.
Q55.
Which Impacket tool replicates the functionality of PsExec in Python?

a.

wmiexec.py

b.

smbclient.py

c.

sniff.py

d.

reg.py

Discuss
Answer: (a).wmiexec.py Explanation:The Impacket tool that replicates the functionality of PsExec in Python is wmiexec.py.
Q56.
What is the objective of pass-the-hash attacks in penetration testing?

a.

To capture active hashes from authenticated sessions

b.

To add arbitrary hosts to a system’s hosts files

c.

To perform on-path attacks by changing DNS configurations

d.

To replicate the functionality of PsExec

Discuss
Answer: (a).To capture active hashes from authenticated sessions Explanation:The objective of pass-the-hash attacks in penetration testing is to capture active hashes from authenticated sessions, allowing the attacker to impersonate the user.
Q57.
How can mitm6 be used in a DNS attack?

a.

By adding arbitrary hosts to a system's hosts files

b.

By performing on-path attacks with link-local IPv6 addresses

c.

By responding to DHCPv6 messages and directing traffic to chosen destinations

d.

By replicating the functionality of PsExec

Discuss
Answer: (c).By responding to DHCPv6 messages and directing traffic to chosen destinations Explanation:mitm6 can be used in a DNS attack by responding to DHCPv6 messages and giving them a link-local IPv6 address paired with a system controlled by the attacker as the default DNS server, allowing on-path attacks by directing targets to arbitrary destinations.
Q58.
What does LSASS.exe stand for in the context of pass-the-hash attacks?

a.

Local Security Assessment and System Service

b.

Local Service Authentication and Security Subsystem

c.

Local Security Authority Subsystem Service

d.

Local System Authentication and Security Service

Discuss
Answer: (c).Local Security Authority Subsystem Service Explanation:LSASS.exe stands for Local Security Authority Subsystem Service in the context of pass-the-hash attacks.
Q59.
Which port is commonly associated with Windows Remote Desktop Protocol (RDP)?

a.

22

b.

80

c.

3389

d.

443

Discuss
Answer: (c).3389 Explanation:Windows Remote Desktop Protocol (RDP) is commonly associated with port 3389.
Q60.
In the context of Apple's Remote Desktop (ARD), how do penetration testers often use ARD?

a.

By exploiting known vulnerabilities in modern Macs

b.

By using it as a remote access method for compromised macOS systems

c.

By delivering VNC payloads

d.

By targeting the Screen Sharing or Remote Management modes

Discuss
Answer: (b).By using it as a remote access method for compromised macOS systems Explanation:Penetration testers often use Apple's Remote Desktop (ARD) as a remote access method for compromised macOS systems.
Page 6 of 13

Suggested Topics

Are you eager to expand your knowledge beyond CompTIA PenTest+ Certification Exam PT0 002? We've curated a selection of related categories that you might find intriguing.

Click on the categories below to discover a wealth of MCQs and enrich your understanding of Computer Science. Happy exploring!

MS Office

Master the suite of productivity tools with our MS Office MCQs. From Word and Excel...

C# programming

Hone your skills in the C# language with our MCQs. Understand data types, operators,...

MongoDB

Learn the leading NoSQL database with our MongoDB MCQs. Understand everything from...

Internet of Things (IoT)

Discover how devices communicate with each other in the smart world with our IoT...

JavaScript

Strengthen your web development skills with our JavaScript MCQs. Understand core...

Management Information Systems

Discover how businesses leverage technology with our Management Information Systems...

PHP

Venture into server-side scripting with our PHP MCQs. Cover everything from syntax...

CompTIA PenTest+ Certification Exam PT0 002

Prepare for the CompTIA PenTest+ PT0-002 exam with our targeted MCQs. Covering...

Object Oriented Programming

Enhance your coding skills with our Object Oriented Programming MCQs. Understand...