DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Comprehensive CompTIA PT0-002 Exam Test Questions & Answers, CompTIA PenTest+ Certification | SPOTO

Prepare comprehensively for your CompTIA PenTest+ (PT0-002) certification with our Comprehensive CompTIA PT0-002 Exam Test Questions & Answers. The best way to excel in the exam is by practicing the latest exam questions. Our study materials include practice tests, sample questions, exam dumps, and exam questions and answers to enhance your preparation. The CompTIA PenTest+ certification is tailored for cybersecurity professionals responsible for penetration testing and vulnerability management. Utilize our mock exams and exam simulator to simulate real exam scenarios and boost your confidence. Access our exam materials and exam answers to reinforce your understanding of key concepts. Prepare with confidence and achieve success in your PT0-002 exam with our comprehensive study resources and exam preparation tools.

Take other online exams
Question #1
A company hired a penetration tester to do a social-engineering test against its employees. Although the tester did not find any employees’ phone numbers on the company’s website, the tester has learned the complete phone catalog was published there a few months ago. In which of the following places should the penetration tester look FIRST for the employees’ numbers?
A. Web archive
B. GitHub
C. File metadata
D. Underground forums
View answer
Correct Answer: B
Question #2
The provision that defines the level of responsibility between the penetration tester and the client for preventing unauthorized disclosure is found in the:
A. NDA
B. SLA
C. MSA
D. SOW
View answer
Correct Answer: A
Question #3
A penetration tester, who is doing an assessment, discovers an administrator has been exfiltrating proprietary company information. The administrator offers to pay the tester to keep quiet. Which of the following is the BEST action for the tester to take?
A. Check the scoping document to determine if exfiltration is within scope
B. Stop the penetration test
C. Escalate the issue
D. Include the discovery and interaction in the daily report
View answer
Correct Answer: A
Question #4
Which of the following commands will allow a penetration tester to permit a shell script to be executed by the file owner?
A. chmod u+x script
B. chmod u+e script
C. chmod o+e script
D. chmod o+x script
View answer
Correct Answer: A
Question #5
A penetration tester who is conducting a web-application test discovers a clickjacking vulnerability associated with a login page to financial data. Which of the following should the tester do with this information to make this a successful exploit?
A. Perform XSS
B. Conduct a watering-hole attack
C. Use BeEF
D. Use browser autopwn
View answer
Correct Answer: C
Question #6
A penetration tester is scanning a corporate lab network for potentially vulnerable services. Which of the following Nmap commands will return vulnerable ports that might be interesting to a potential attacker?
A. nmap192
B. nmap192
C. nmap192
D. nmap192
View answer
Correct Answer: D
Question #7
A penetration tester was able to gain access successfully to a Windows workstation on a mobile client’s laptop. Which of the following can be used to ensure the tester is able to maintain access to the system?
A. schtasks /create /sc /ONSTART /tr C:\Temp\WindowsUpdate
B. wmic startup get caption,command
C. crontab –l; echo “@reboot sleep 200 && ncat –lvp 4242 –e /bin/bash”) | crontab 2>/dev/null
D. sudo useradd –ou 0 –g 0 user
View answer
Correct Answer: C
Question #8
During the scoping phase of an assessment, a client requested that any remote code exploits discovered during testing would be reported immediately so the vulnerability could be fixed as soon as possible. The penetration tester did not agree with this request, and after testing began, the tester discovered a vulnerability and gained internal access to the system. Additionally, this scenario led to a loss of confidential credit card data and a hole in the system. At the end of the test, the penetration teste
A. Deny that the vulnerability existed
B. Investigate the penetration tester
C. Accept that the client was right
D. Fire the penetration tester
View answer
Correct Answer: B
Question #9
A company that developers embedded software for the automobile industry has hired a penetration-testing team to evaluate the security of its products prior to delivery. The penetration-testing team has stated its intent to subcontract to a reverse-engineering team capable of analyzing binaries to develop proof-of-concept exploits. The software company has requested additional background investigations on the reverse- engineering team prior to approval of the subcontract. Which of the following concerns woul
A. The reverse-engineering team may have a history of selling exploits to third parties
B. The reverse-engineering team may use closed-source or other non-public information feeds for its analysis
C. The reverse-engineering team may not instill safety protocols sufficient for the automobile industry
D. The reverse-engineering team will be given access to source code for analysis
View answer
Correct Answer: C
Question #10
A penetration tester has gained access to a network device that has a previously unknown IP range on an interface. Further research determines this is an always- on VPN tunnel to a third-party supplier. Which of the following is the BEST action for the penetration tester to take?
A. Utilize the tunnel as a means of pivoting to other internal devices
B. Disregard the IP range, as it is out of scope
C. Stop the assessment and inform the emergency contact
D. Scan the IP range for additional systems to exploit
View answer
Correct Answer: A
Question #11
A penetration tester opened a reverse shell on a Linux web server and successfully escalated privileges to root. During the engagement, the tester noticed that another user logged in frequently as root to perform work tasks. To avoid disrupting this user’s work, which of the following is the BEST option for the penetration tester to maintain root-level persistence on this server during the test?
A. Add a web shell to the root of the website
B. Upgrade the reverse shell to a true TTY terminal
C. Add a new user with ID 0 to the /etc/passwd file
D. Change the password of the root user and revert after the test
View answer
Correct Answer: A
Question #12
A red team completed an engagement and provided the following example in the report to describe how the team gained access to a web server: x’ OR role LIKE '%admin% Which of the following should be recommended to remediate this vulnerability?
A. Multifactor authentication
B. Encrypted communications
C. Secure software development life cycle
D. Parameterized queries
View answer
Correct Answer: B
Question #13
A penetration tester has completed an analysis of the various software products produced by the company under assessment. The tester found that over the past several years the company has been including vulnerable third-party modules in multiple products, even though the quality of the organic code being developed is very good. Which of the following recommendations should the penetration tester include in the report?
A. Add a dependency checker into the tool chain
B. Perform routine static and dynamic analysis of committed code
C. Validate API security settings before deployment
D. Perform fuzz testing of compiled binaries
View answer
Correct Answer: A
Question #14
During an internal penetration test against a company, a penetration tester was able to navigate to another part of the network and locate a folder containing customer information such as addresses, phone numbers, and credit card numbers. To be PCI compliant, which of the following should the company have implemented to BEST protect this data?
A. Vulnerability scanning
B. Network segmentation
C. System hardening
D. Intrusion detection
View answer
Correct Answer: B

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.