1. Home
  2. CompTIA
  3. PT0-002

CompTIA PenTest+ Certification Exam

Exam Details

  • Exam Code
    :PT0-002
  • Exam Name
    :CompTIA PenTest+ Certification Exam
  • Certification
    :CompTIA PenTest+
  • Vendor
    :CompTIA
  • Total Questions
    :392 Q&As
  • Last Updated
    :May 10, 2024

CompTIA CompTIA PenTest+ PT0-002 Questions & Answers

  • Question 21:

    Given the following output:

    User-agent:*

    Disallow: /author/

    Disallow: /xmlrpc.php

    Disallow: /wp-admin

    Disallow: /page/

    During which of the following activities was this output MOST likely obtained?

    A. Website scraping

    B. Website cloning

    C. Domain enumeration

    D. URL enumeration

  • Question 22:

    A penetration tester would like to obtain FTP credentials by deploying a workstation as an on-path attack between the target and the server that has the FTP protocol. Which of the following methods would be the BEST to accomplish this objective?

    A. Wait for the next login and perform a downgrade attack on the server.

    B. Capture traffic using Wireshark.

    C. Perform a brute-force attack over the server.

    D. Use an FTP exploit against the server.

  • Question 23:

    A penetration tester is starting an assessment but only has publicly available information about the target company. The client is aware of this exercise and is preparing for the test. Which of the following describes the scope of the assessment?

    A. Partially known environment testing

    B. Known environment testing

    C. Unknown environment testing

    D. Physical environment testing

  • Question 24:

    A penetration tester found the following valid URL while doing a manual assessment of a web application: http://www.example.com/product.php?id=123987.

    Which of the following automated tools would be best to use NEXT to try to identify a vulnerability in this URL?

    A. SQLmap

    B. Nessus

    C. Nikto

    D. DirBuster

  • Question 25:

    A penetration tester is examining a Class C network to identify active systems quickly. Which of the following commands should the penetration tester use?

    A. nmap sn 192.168.0.1/16

    B. nmap sn 192.168.0.1-254

    C. nmap sn 192.168.0.1 192.168.0.1.254

    D. nmap sN 192.168.0.0/24

  • Question 26:

    A penetration tester finds a PHP script used by a web application in an unprotected internal source code repository. After reviewing the code, the tester identifies the following:

    Which of the following tools will help the tester prepare an attack for this scenario?

    A. Hydra and crunch

    B. Netcat and cURL

    C. Burp Suite and DIRB

    D. Nmap and OWASP ZAP

  • Question 27:

    Which of the following would assist a penetration tester the MOST when evaluating the susceptibility of top-level executives to social engineering attacks?

    A. Scraping social media for personal details

    B. Registering domain names that are similar to the target company's

    C. Identifying technical contacts at the company

    D. Crawling the company's website for company information

  • Question 28:

    When planning a penetration-testing effort, clearly expressing the rules surrounding the optimal time of day for test execution is important because:

    A. security compliance regulations or laws may be violated.

    B. testing can make detecting actual APT more challenging.

    C. testing adds to the workload of defensive cyber- and threat-hunting teams.

    D. business and network operations may be impacted.

  • Question 29:

    During the scoping phase of an assessment, a client requested that any remote code exploits discovered during testing would be reported immediately so the vulnerability could be fixed as soon as possible. The penetration tester did not agree with this request, and after testing began, the tester discovered a vulnerability and gained internal access to the system. Additionally, this scenario led to a loss of confidential credit card data and a hole in the system. At the end of the test, the penetration tester willfully failed to report this information and left the vulnerability in place. A few months later, the client was breached and credit card data was stolen. After being notified about the breach, which of the following steps should the company take NEXT?

    A. Deny that the vulnerability existed

    B. Investigate the penetration tester.

    C. Accept that the client was right.

    D. Fire the penetration tester.

  • Question 30:

    During an engagement, a penetration tester found the following list of strings inside a file:

    Which of the following is the BEST technique to determine the known plaintext of the strings?

    A. Dictionary attack

    B. Rainbow table attack

    C. Brute-force attack

    D. Credential-stuffing attack

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PT0-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.