DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Latest CompTIA PT0-002 Practice Materials & Exam Questions 2024, CompTIA PenTest+ Certification | SPOTO

Prepare comprehensively for your CompTIA PenTest+ (PT0-002) certification with our Comprehensive CompTIA PT0-002 Exam Test Questions & Answers. The best way to excel in the exam is by practicing the latest exam questions. Our study materials include practice tests, sample questions, exam dumps, and exam questions and answers to enhance your preparation. The CompTIA PenTest+ certification is tailored for cybersecurity professionals responsible for penetration testing and vulnerability management. Utilize our mock exams and exam simulator to simulate real exam scenarios and boost your confidence. Access our exam materials and exam answers to reinforce your understanding of key concepts. Prepare with confidence and achieve success in your PT0-002 exam with our comprehensive study resources and exam preparation tools.

Take other online exams

Question #1
A penetration tester obtained the following results after scanning a web server using the dirb utility: ... GENERATED WORDS: 4612 --- Scanning URL: http://10.2.10.13/ --- + http://10.2.10.13/about (CODE:200|SIZE:1520) + http://10.2.10.13/home.html (CODE:200|SIZE:214) + http://10.2.10.13/index.html (CODE:200|SIZE:214) + http://10.2.10.13/info (CODE:200|SIZE:214) ... DOWNLOADED: 4612 – FOUND: 4 Which of the following elements is MOST likely to contain useful information for the penetration tester?
A. index
B. about
C. info
D. home
View answer
Correct Answer: B
Question #2
A penetration tester has obtained shell access to a Windows host and wants to run a specially crafted binary for later execution using the wmic.exe process call create function. Which of the following OS or filesystem mechanisms is MOST likely to support this objective?
A. Alternate data streams
B. PowerShell modules
C. MP4 steganography
D. PsExec
View answer
Correct Answer: D
Question #3
A penetration tester writes the following script: Which of the following objectives is the tester attempting to achieve?
A. Determine active hosts on the network
B. Set the TTL of ping packets for stealth
C. Fill the ARP table of the networked devices
D. Scan the system on the most used ports
View answer
Correct Answer: C
Question #4
A penetration tester ran a ping –A command during an unknown environment test, and it returned a 128 TTL packet. Which of the following OSs would MOST likely return a packet of this type?
A. Windows
B. Apple
C. Linux
D. Android
View answer
Correct Answer: E
Question #5
A penetration tester wants to scan a target network without being detected by the client’s IDS. Which of the following scans is MOST likely to avoid detection?
A. nmap –p0 –T0 –sS 192
B. nmap –sA –sV --host-timeout 60 192
C. nmap –f --badsum 192
D. nmap –A –n 192
View answer
Correct Answer: A
Question #6
A company obtained permission for a vulnerability scan from its cloud service provider and now wants to test the security of its hosted data. Which of the following should the tester verify FIRST to assess this risk?
A. Whether sensitive client data is publicly accessible
B. Whether the connection between the cloud and the client is secure
C. Whether the client's employees are trained properly to use the platform
D. Whether the cloud applications were developed using a secure SDLC
View answer
Correct Answer: BC
Question #7
A penetration tester recently completed a review of the security of a core network device within a corporate environment. The key findings are as follows: ? The following request was intercepted going to the network device: GET /login HTTP/1.1 Host: 10.50.100.16 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0 Accept-Language: en-US,en;q=0.5 Connection: keep-alive Authorization: Basic WU9VUilOQU1FOnNlY3JldHBhc3N3b3jk ? Network management interfaces are available on the produc
A. Enforce enhanced password complexity requirements
B. Disable or upgrade SSH daemon
C. Disable HTTP/301 redirect configuration
D. Create an out-of-band network for management
E. Implement a better method for authentication
F. Eliminate network management and control interfaces
View answer
Correct Answer: A
Question #8
A penetration tester who is performing a physical assessment of a company’s security practices notices the company does not have any shredders inside the office building. Which of the following techniques would be BEST to use to gain confidential information?
A. Badge cloning
B. Dumpster diving
C. Tailgating
D. Shoulder surfing
View answer
Correct Answer: A
Question #9
Which of the following should a penetration tester do NEXT after identifying that an application being tested has already been compromised with malware?
A. Analyze the malware to see what it does
B. Collect the proper evidence and then remove the malware
C. Do a root-cause analysis to find out how the malware got in
D. Remove the malware immediately
E. Stop the assessment and inform the emergency contact
View answer
Correct Answer: C
Question #10
A penetration tester has been hired to perform a physical penetration test to gain access to a secure room within a client’s building. Exterior reconnaissance identifies two entrances, a WiFi guest network, and multiple security cameras connected to the Internet. Which of the following tools or techniques would BEST support additional reconnaissance?
A. Wardriving
B. Shodan
C. Recon-ng
D. Aircrack-ng
View answer
Correct Answer: CE
Question #11
A penetration tester is testing input validation on a search form that was discovered on a website. Which of the following characters is the BEST option to test the website for vulnerabilities?
A. Comma
B. Double dash
C. Single quote
D. Semicolon
View answer
Correct Answer: A
Question #12
A new client hired a penetration-testing company for a month-long contract for various security assessments against the client’s new service. The client is expecting to make the new service publicly available shortly after the assessment is complete and is planning to fix any findings, except for critical issues, after the service is made public. The client wants a simple report structure and does not want to receive daily findings. Which of the following is most important for the penetration tester to defi
A. Establish the format required by the client
B. Establish the threshold of risk to escalate to the client immediately
C. Establish the method of potential false positives
D. Establish the preferred day of the week for reporting
View answer
Correct Answer: A
Question #13
A penetration tester found the following valid URL while doing a manual assessment of a web application: http://www.example.com/product.php?id=123987. Which of the following automated tools would be best to use NEXT to try to identify a vulnerability in this URL?
A. SQLmap
B. Nessus
C. Nikto
D. DirBuster
View answer
Correct Answer: C
Question #14
A penetration tester conducted an assessment on a web server. The logs from this session show the following: http://www.thecompanydomain.com/servicestatus.php?serviceID=892&serviceID=892 ‘ ; DROP TABLE SERVICES; - Which of the following attacks is being attempted?
A. Clickjacking
B. Session hijacking
C. Parameter pollution
D. Cookie hijacking
E. Cross-site scripting
View answer
Correct Answer: C

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: