1. Home
  2. CompTIA
  3. PT1-002

CompTIA PenTest+ Certification Exam

Exam Details

  • Exam Code
    :PT1-002
  • Exam Name
    :CompTIA PenTest+ Certification Exam
  • Certification
    :CompTIA PenTest+
  • Vendor
    :CompTIA
  • Total Questions
    :131 Q&As
  • Last Updated
    :May 12, 2024

CompTIA CompTIA PenTest+ PT1-002 Questions & Answers

  • Question 121:

    A new security firm is onboarding its first client. The client only allowed testing over the weekend and needed the results Monday morning. However, the assessment team was not able to access the environment as expected until Monday. Which of the following should the security company have acquired BEFORE the start of the assessment?

    A. A signed statement of work

    B. The correct user accounts and associated passwords

    C. The expected time frame of the assessment

    D. The proper emergency contacts for the client

  • Question 122:

    A company hired a penetration-testing team to review the cyber-physical systems in a manufacturing plant. The team immediately discovered the supervisory systems and PLCs are both connected to the company intranet. Which of the following assumptions, if made by the penetration-testing team, is MOST likely to be valid?

    A. PLCs will not act upon commands injected over the network.

    B. Supervisors and controllers are on a separate virtual network by default.

    C. Controllers will not validate the origin of commands.

    D. Supervisory systems will detect a malicious injection of code/commands.

  • Question 123:

    Which of the following documents describes specific activities, deliverables, and schedules for a penetration tester?

    A. NDA

    B. MSA

    C. SOW

    D. MOU

  • Question 124:

    Performing a penetration test against an environment with SCADA devices brings additional safety risk because the:

    A. devices produce more heat and consume more power.

    B. devices are obsolete and are no longer available for replacement.

    C. protocols are more difficult to understand.

    D. devices may cause physical world effects.

  • Question 125:

    A client wants a security assessment company to perform a penetration test against its hot site. The purpose of the test is to determine the effectiveness of the defenses that protect against disruptions to business continuity. Which of the following is the MOST important action to take before starting this type of assessment?

    A. Ensure the client has signed the SOW.

    B. Verify the client has granted network access to the hot site.

    C. Determine if the failover environment relies on resources not owned by the client.

    D. Establish communication and escalation procedures with the client.

  • Question 126:

    DRAG DROP

    You are a penetration tester reviewing a client's website through a web browser.

    INSTRUCTIONS

    Review all components of the website through the browser to determine if vulnerabilities are present.

    Remediate ONLY the highest vulnerability from either the certificate, source, or cookies.

    If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

    Select and Place:

  • Question 127:

    HOTSPOT

    You are a security analyst tasked with hardening a web server.

    You have been given a list of HTTP payloads that were flagged as malicious.

    INSTRUCTIONS

    Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future.

    If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

    Hot Area:

  • Question 128:

    SIMULATION

    You are a penetration tester running port scans on a server.

    INSTRUCTIONS

    Part 1: Given the output, construct the command that was used to generate this output from the available options.

    Part 2: Once the command is appropriately constructed, use the given output to identify the potential attack vectors that should be investigated further.

    If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

    A.

  • Question 129:

    DRAG DROP

    Place each of the following passwords in order of complexity from least complex (1) to most complex (4), based on the character sets represented Each password may be used only once.

    Select and Place:

  • Question 130:

    DRAG DROP

    A manager calls upon a tester to assist with diagnosing an issue within the following:

    Python script: #!/usr/bin/python s = “Administrator”

    The tester suspects it is an issue with string slicing and manipulation Analyze the following code segment and drag and drop the correct output for each string manipulation to its corresponding code segment Options may be used once or not at all.

    Select and Place:

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PT1-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.