DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Master CompTIA PT0-002 Certification Questions & Study Resources, CompTIA PenTest+ Certification | SPOTO

Prepare comprehensively for your CompTIA PenTest+ (PT0-002) certification with our Master CompTIA PT0-002 Certification Questions & Study Resources. The best approach to excel in the exam is by practicing the latest exam questions. Our study materials include practice tests, sample questions, exam dumps, and exam questions and answers, designed to enhance your preparation. The CompTIA PenTest+ certification is tailored for cybersecurity professionals responsible for penetration testing and vulnerability management. Utilize our mock exams and exam simulator for a realistic exam experience, boosting your confidence. Access our exam materials and exam answers to reinforce your understanding of key concepts. With our comprehensive exam preparation resources and exam simulator, you'll be fully prepared to ace your PT0-002 exam and earn your CompTIA PenTest+ certification.

Take other online exams

Question #1
A penetration tester conducted a discovery scan that generated the following: Which of the following commands generated the results above and will transform them into a list of active hosts for further analysis?
A. nmap –oG list
B. nmap –sn 192
C. nmap –-open 192
D. nmap –o 192
View answer
Correct Answer: A

View The Updated PT0-002 Exam Questions

SPOTO Provides 100% Real PT0-002 Exam Questions for You to Pass Your PT0-002 Exam!

Question #2
Which of the following would a company's hunt team be MOST interested in seeing in a final report?
A. Executive summary
B. Attack TTPs
C. Methodology
D. Scope details
View answer
Correct Answer: B
Question #3
A penetration tester discovers during a recent test that an employee in the accounting department has been making changes to a payment system and redirecting money into a personal bank account. The penetration test was immediately stopped. Which of the following would be the BEST recommendation to prevent this type of activity in the future?
A. Enforce mandatory employee vacations
B. Implement multifactor authentication
C. Install video surveillance equipment in the office
D. Encrypt passwords for bank account information
View answer
Correct Answer: B
Question #4
A company conducted a simulated phishing attack by sending its employees emails that included a link to a site that mimicked the corporate SSO portal. Eighty percent of the employees who received the email clicked the link and provided their corporate credentials on the fake site. Which of the following recommendations would BEST address this situation?
A. Implement a recurring cybersecurity awareness education program for all users
B. Implement multifactor authentication on all corporate applications
C. Restrict employees from web navigation by defining a list of unapproved sites in the corporate proxy
D. Implement an email security gateway to block spam and malware from email communications
View answer
Correct Answer: D
Question #5
A penetration tester examines a web-based shopping catalog and discovers the following URL when viewing a product in the catalog: http://company.com/catalog.asp?productid=22 The penetration tester alters the URL in the browser to the following and notices a delay when the page refreshes: http://company.com/catalog.asp?productid=22;WAITFOR DELAY '00:00:05' Which of the following should the penetration tester attempt NEXT?
A. http://company
B. http://company
C. http://company
D. http://company
View answer
Correct Answer: A
Question #6
A penetration tester finds a PHP script used by a web application in an unprotected internal source code repository. After reviewing the code, the tester identifies the following: Which of the following tools will help the tester prepare an attack for this scenario?
A. Hydra and crunch
B. Netcat and cURL
C. Burp Suite and DIRB
D. Nmap and OWASP ZAP
View answer
Correct Answer: B
Question #7
Which of the following tools would BEST allow a penetration tester to capture wireless handshakes to reveal a Wi-Fi password from a Windows machine?
A. Wireshark
B. EAPHammer
C. Kismet
D. Aircrack-ng
View answer
Correct Answer: B
Question #8
A penetration tester is evaluating a company's network perimeter. The tester has received limited information about defensive controls or countermeasures, and limited internal knowledge of the testing exists. Which of the following should be the FIRST step to plan the reconnaissance activities?
A. Launch an external scan of netblocks
B. Check WHOIS and netblock records for the company
C. Use DNS lookups and dig to determine the external hosts
D. Conduct a ping sweep of the company's netblocks
View answer
Correct Answer: B
Question #9
A penetration tester conducts an Nmap scan against a target and receives the following results: Which of the following should the tester use to redirect the scanning tools using TCP port 1080 on the target?
A. Nessus
B. ProxyChains
C. OWASPZAP
D. Empire
View answer
Correct Answer: B
Question #10
A penetration tester writes the following script: Which of the following is the tester performing?
A. Searching for service vulnerabilities
B. Trying to recover a lost bind shell
C. Building a reverse shell listening on specified ports
D. Scanning a network for specific open ports
View answer
Correct Answer: A
Question #11
A penetration tester who is doing a security assessment discovers that a critical vulnerability is being actively exploited by cybercriminals. Which of the following should the tester do NEXT?
A. Reach out to the primary point of contact
B. Try to take down the attackers
C. Call law enforcement officials immediately
D. Collect the proper evidence and add to the final report
View answer
Correct Answer: B
Question #12
A penetration tester has been contracted to review wireless security. The tester has deployed a malicious wireless AP that mimics the configuration of the target enterprise WiFi. The penetration tester now wants to try to force nearby wireless stations to connect to the malicious AP. Which of the following steps should the tester take NEXT?
A. Send deauthentication frames to the stations
B. Perform jamming on all 2
C. Set the malicious AP to broadcast within dynamic frequency selection channels
D. Modify the malicious AP configuration to not use a pre-shared key
View answer
Correct Answer: D
Question #13
A penetration tester is explaining the MITRE ATT&CK framework to a company’s chief legal counsel. Which of the following would the tester MOST likely describe as a benefit of the framework?
A. Understanding the tactics of a security intrusion can help disrupt them
B. Scripts that are part of the framework can be imported directly into SIEM tools
C. The methodology can be used to estimate the cost of an incident better
D. The framework is static and ensures stability of a security program overtime
View answer
Correct Answer: B
Question #14
A penetration tester completed an assessment, removed all artifacts and accounts created during the test, and presented the findings to the client. Which of the following happens NEXT?
A. The penetration tester conducts a retest
B. The penetration tester deletes all scripts from the client machines
C. The client applies patches to the systems
D. The client clears system logs generated during the test
View answer
Correct Answer: B
Question #15
During a penetration-testing engagement, a consultant performs reconnaissance of a client to identify potential targets for a phishing campaign. Which of the following would allow the consultant to retrieve email addresses for technical and billing contacts quickly, without triggering any of the client’s cybersecurity tools? (Choose two.)
A. Scraping social media sites
B. Using the WHOIS lookup tool
C. Crawling the client’s website
D. Phishing company employees
E. Utilizing DNS lookup tools
F. Conducting wardriving near the client facility
View answer
Correct Answer: C
Question #16
During a penetration test, a tester is in close proximity to a corporate mobile device belonging to a network administrator that is broadcasting Bluetooth frames. Which of the following is an example of a Bluesnarfing attack that the penetration tester can perform?
A. Sniff and then crack the WPS PIN on an associated WiFi device
B. Dump the user address book on the device
C. Break a connection between two Bluetooth devices
D. Transmit text messages to the device
View answer
Correct Answer: C
Question #17
A penetration tester has obtained a low-privilege shell on a Windows server with a default configuration and now wants to explore the ability to exploit misconfigured service permissions. Which of the following commands would help the tester START this process?
A. certutil –urlcache –split –f http://192
B. powershell (New-Object System
C. schtasks /query /fo LIST /v | find /I “Next Run Time:”
D. wget http://192
View answer
Correct Answer: C
Question #18
A software development team is concerned that a new product's 64-bit Windows binaries can be deconstructed to the underlying code. Which of the following tools can a penetration tester utilize to help the team gauge what an attacker might see in the binaries?
A. Immunity Debugger
B. OllyDbg
C. GDB
D. Drozer
View answer
Correct Answer: AC
Question #19
A CentOS computer was exploited during a penetration test. During initial reconnaissance, the penetration tester discovered that port 25 was open on an internal Sendmail server. To remain stealthy, the tester ran the following command from the attack machine: Which of the following would be the BEST command to use for further progress into the targeted network?
A. nc 10
B. ssh 10
C. nc 127
D. ssh 127
View answer
Correct Answer: A
Question #20
A penetration tester is trying to restrict searches on Google to a specific domain. Which of the following commands should the penetration tester consider?
A. inurl:
B. link:
C. site:
D. intitle:
View answer
Correct Answer: D
Question #21
The results of an Nmap scan are as follows: Which of the following would be the BEST conclusion about this device?
A. This device may be vulnerable to the Heartbleed bug due to the way transactions over TCP/22 handle heartbeat extension packets, allowing attackers to obtain sensitive information from process memory
B. This device is most likely a gateway with in-band management services
C. This device is most likely a proxy server forwarding requests over TCP/443
D. This device may be vulnerable to remote code execution because of a butter overflow vulnerability in the method used to extract DNS names from packets prior to DNSSEC validation
View answer
Correct Answer: C
Question #22
The following line-numbered Python code snippet is being used in reconnaissance: Which of the following line numbers from the script MOST likely contributed to the script triggering a “probable port scan” alert in the organization’s IDS?
A. Line 01
B. Line 02
C. Line 07
D. Line 08
View answer
Correct Answer: A
Question #23
Which of the following tools would be MOST useful in collecting vendor and other security-relevant information for IoT devices to support passive reconnaissance?
A. Shodan
B. Nmap
C. WebScarab-NG
D. Nessus
View answer
Correct Answer: D
Question #24
Which of the following types of assessments MOST likely focuses on vulnerabilities with the objective to access specific data?
A. An unknown-environment assessment
B. A known-environment assessment
C. A red-team assessment
D. A compliance-based assessment
View answer
Correct Answer: B
Question #25
Which of the following describes the reason why a penetration tester would run the command sdelete mimikatz. * on a Windows server that the tester compromised?
A. To remove hash-cracking registry entries
B. To remove the tester-created Mimikatz account
C. To remove tools from the server
D. To remove a reverse shell from the system
View answer
Correct Answer: E
Question #26
A penetration tester is contracted to attack an oil rig network to look for vulnerabilities. While conducting the assessment, the support organization of the rig reported issues connecting to corporate applications and upstream services for data acquisitions. Which of the following is the MOST likely culprit?
A. Patch installations
B. Successful exploits
C. Application failures
D. Bandwidth limitations
View answer
Correct Answer: A
Question #27
A penetration tester gains access to a system and establishes persistence, and then runs the following commands: cat /dev/null > temp touch –r .bash_history temp mv temp .bash_history Which of the following actions is the tester MOST likely performing?
A. Redirecting Bash history to /dev/null
B. Making a copy of the user's Bash history for further enumeration
C. Covering tracks by clearing the Bash history
D. Making decoy files on the system to confuse incident responders
View answer
Correct Answer: A
Question #28
A consultant is reviewing the following output after reports of intermittent connectivity issues: ? (192.168.1.1) at 0a:d1:fa:b1:01:67 on en0 ifscope [ethernet] ? (192.168.1.12) at 34:a4:be:09:44:f4 on en0 ifscope [ethernet] ? (192.168.1.17) at 92:60:29:12:ac:d2 on en0 ifscope [ethernet] ? (192.168.1.34) at 88:de:a9:12:ce:fb on en0 ifscope [ethernet] ? (192.168.1.136) at 0a:d1:fa:b1:01:67 on en0 ifscope [ethernet] ? (192.168.1.255) at ff:ff:ff:ff:ff:ff on en0 ifscope [ethernet] ? (224.0.0.251) at 01:02:5e:7
A. A device on the network has an IP address in the wrong subnet
B. A multicast session was initiated using the wrong multicast group
C. An ARP flooding attack is using the broadcast address to perform DDoS
D. A device on the network has poisoned the ARP cache
View answer
Correct Answer: A
Question #29
Which of the following should a penetration tester attack to gain control of the state in the HTTP protocol after the user is logged in?
A. HTTPS communication
B. Public and private keys
C. Password encryption
D. Sessions and cookies
View answer
Correct Answer: A

View The Updated CompTIA Exam Questions

SPOTO Provides 100% Real CompTIA Exam Questions for You to Pass Your CompTIA Exam!

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: