1. Home
  2. CompTIA
  3. PT1-002

CompTIA PenTest+ Certification Exam

Exam Details

  • Exam Code
    :PT1-002
  • Exam Name
    :CompTIA PenTest+ Certification Exam
  • Certification
    :CompTIA PenTest+
  • Vendor
    :CompTIA
  • Total Questions
    :131 Q&As
  • Last Updated
    :Oct 28, 2024

CompTIA CompTIA PenTest+ PT1-002 Questions & Answers

  • Question 61:

    A penetration tester discovers that a web server within the scope of the engagement has already been compromised with a backdoor. Which of the following should the penetration tester do NEXT?

    A. Forensically acquire the backdoor Trojan and perform attribution

    B. Utilize the backdoor in support of the engagement

    C. Continue the engagement and include the backdoor finding in the final report

    D. Inform the customer immediately about the backdoor

  • Question 62:

    Which of the following are the MOST important items to include in the final report for a penetration test? (Choose two.)

    A. The CVSS score of the finding

    B. The network location of the vulnerable device

    C. The vulnerability identifier

    D. The client acceptance form

    E. The name of the person who found the flaw

    F. The tool used to find the issue

  • Question 63:

    A company that requires minimal disruption to its daily activities needs a penetration tester to perform information gathering around the company's web presence. Which of the following would the tester find MOST helpful in the initial information-gathering steps? (Choose two.)

    A. IP addresses and subdomains

    B. Zone transfers

    C. DNS forward and reverse lookups

    D. Internet search engines

    E. Externally facing open ports

    F. Shodan results

  • Question 64:

    A penetration tester who is conducting a web-application test discovers a clickjacking vulnerability associated with a login page to financial data. Which of the following should the tester do with this information to make this a successful exploit?

    A. Perform XSS.

    B. Conduct a watering-hole attack.

    C. Use BeEF.

    D. Use browser autopwn.

  • Question 65:

    A penetration tester writes the following script:

    Which of the following objectives is the tester attempting to achieve?

    A. Determine active hosts on the network.

    B. Set the TTL of ping packets for stealth.

    C. Fill the ARP table of the networked devices.

    D. Scan the system on the most used ports.

  • Question 66:

    Which of the following should a penetration tester consider FIRST when engaging in a penetration test in a cloud environment?

    A. Whether the cloud service provider allows the penetration tester to test the environment

    B. Whether the specific cloud services are being used by the application

    C. The geographical location where the cloud services are running

    D. Whether the country where the cloud service is based has any impeding laws

  • Question 67:

    A red-team tester has been contracted to emulate the threat posed by a malicious insider on a company's network, with the constrained objective of gaining access to sensitive personnel files. During the assessment, the red-team tester identifies an artifact indicating possible prior compromise within the target environment. Which of the following actions should the tester take?

    A. Perform forensic analysis to isolate the means of compromise and determine attribution.

    B. Incorporate the newly identified method of compromise into the red team's approach.

    C. Create a detailed document of findings before continuing with the assessment.

    D. Halt the assessment and follow the reporting procedures as outlined in the contract.

  • Question 68:

    When preparing for an engagement with an enterprise organization, which of the following is one of the MOST important items to develop fully prior to beginning the penetration testing activities?

    A. Clarify the statement of work.

    B. Obtain an asset inventory from the client.

    C. Interview all stakeholders.

    D. Identify all third parties involved.

  • Question 69:

    A penetration tester is testing a web application that is hosted by a public cloud provider. The tester is able to query the provider's metadata and get the credentials used by the instance to authenticate itself. Which of the following vulnerabilities has the tester exploited?

    A. Cross-site request forgery

    B. Server-side request forgery

    C. Remote file inclusion

    D. Local file inclusion

  • Question 70:

    A penetration tester logs in as a user in the cloud environment of a company. Which of the following Pacu modules will enable the tester to determine the level of access of the existing user?

    A. iam_enum_permissions

    B. iam_privesc_scan

    C. iam_backdoor_assume_role

    D. iam_bruteforce_permissions

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PT1-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.