DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Pass Your CompTIA PT0-002 Exam Prep: CompTIA PT0-002 Study Materials, CompTIA PenTest+ Certification | SPOTO

Prepare for your CompTIA PenTest+ (PT0-002) certification exam with confidence using our CompTIA PT0-002 Study Materials. The best way to prepare for the exam is by practicing the latest exam questions. Our study materials include practice tests, sample questions, exam dumps, and exam questions and answers to help you succeed. The CompTIA PenTest+ certification is designed for cybersecurity professionals tasked with penetration testing and vulnerability management. With our exam materials and exam answers, you can reinforce your understanding of key concepts and enhance your exam preparation. Our mock exams and exam simulator provide a realistic exam experience to simulate exam conditions and boost your confidence. Utilize our exam materials and exam answers to ensure you're fully prepared to pass your CompTIA PT0-002 exam and earn your CompTIA PenTest+ certification.
Take other online exams

Question #1
A penetration tester would like to obtain FTP credentials by deploying a workstation as an on-path attack between the target and the server that has the FTP protocol. Which of the following methods would be the BEST to accomplish this objective?
A. Wait for the next login and perform a downgrade attack on the server
B. Capture traffic using Wireshark
View answer
Correct Answer: A
Question #2
A company is concerned that its cloud VM is vulnerable to a cyberattack and proprietary data may be stolen. A penetration tester determines a vulnerability does exist and exploits the vulnerability by adding a fake VM instance to the IaaS component of the client's VM. Which of the following cloud attacks did the penetration tester MOST likely implement? A.Direct-to-origin B.Cross-site scripting C.Malware injection D.Credential harvesting
A company is concerned that its cloud VM is vulnerable to a cyberattack and proprietary data may be stolen. A penetration tester determines a vulnerability does exist and exploits the vulnerability by adding a fake VM instance to the IaaS component of the client's VM
View answer
Correct Answer: C
Question #3
A company becomes concerned when the security alarms are triggered during a penetration test. Which of the following should the company do NEXT?
A. Halt the penetration test
B. Contact law enforcement
View answer
Correct Answer: C
Question #4
A penetration tester wants to scan a target network without being detected by the client's IDS. Which of the following scans is MOST likely to avoid detection?
A. nmap –p0 –T0 –sS 192
B. nmap –sA –sV --host-timeout 60 192
View answer
Correct Answer: B
Question #5
Which of the following are the MOST important items to include in the final report for a penetration test? (Choose two.)
A. The CVSS score of the finding
B. The network location of the vulnerable device C
E. The name of the person who found the flaw
F. The tool used to find the issue
View answer
Correct Answer: D
Question #6
A penetration tester has identified several newly released CVEs on a VoIP call manager. The scanning tool the tester used determined the possible presence of the CVEs based off the version number of the service. Which of the following methods would BEST support validation of the possible findings?
A. Manually check the version number of the VoIP service against the CVE release
B. Test with proof-of-concept code from an exploit database C
View answer
Correct Answer: A
Question #7
A penetration tester recently performed a social-engineering attack in which the tester found an employee of the target company at a local coffee shop and over time built a relationship with the employee. On the employee's birthday, the tester gave the employee an external hard drive as a gift. Which of the following social-engineering attacks was the tester utilizing?
A. Phishing
B. Tailgating C
View answer
Correct Answer: A
Question #8
In the process of active service enumeration, a penetration tester identifies an SMTP daemon running on one of the target company's servers. Which of the following actions would BEST enable the tester to perform phishing in a later stage of the assessment?
A. Test for RFC-defined protocol conformance
B. Attempt to brute force authentication to the service
View answer
Correct Answer: A
Question #9
A penetration tester discovered a vulnerability that provides the ability to upload to a path via directory traversal. Some of the files that were discovered through this vulnerability are: Which of the following is the BEST method to help an attacker gain internal access to the affected machine?
A. Edit the discovered file with one line of code for remote callback
B. Download
View answer
Correct Answer: A
Question #10
A penetration tester has completed an analysis of the various software products produced by the company under assessment. The tester found that over the past several years the company has been including vulnerable third-party modules in multiple products, even though the quality of the organic code being developed is very good. Which of the following recommendations should the penetration tester include in the report?
A. Add a dependency checker into the tool chain
B. Perform routine static and dynamic analysis of committed code
View answer
Correct Answer: A
Question #11
A penetration tester discovers that a web server within the scope of the engagement has already been compromised with a backdoor. Which of the following should the penetration tester do NEXT?
A. Forensically acquire the backdoor Trojan and perform attribution
B. Utilize the backdoor in support of the engagement C
View answer
Correct Answer: AB
Question #12
A penetration tester is testing a web application that is hosted by a public cloud provider. The tester is able to query the provider's metadata and get the credentials used by the instance to authenticate itself. Which of the following vulnerabilities has the tester exploited?
A. Cross-site request forgery
B. Server-side request forgery C
View answer
Correct Answer: D
Question #13
An Nmap network scan has found five open ports with identified services. Which of the following tools should a penetration tester use NEXT to determine if any vulnerabilities with associated exploits exist on the open ports? A.OpenVAS B.Drozer C.Burp Suite D.OWASP ZAP
An Nmap network scan has found five open ports with identified services. Which of the following tools should a penetration tester use NEXT to determine if any vulnerabilities with associated exploits exist on the open ports? A
View answer
Correct Answer: B
Question #14
A penetration tester performs the following command: curl –I –http2 https://www.comptia.org Which of the following snippets of output will the tester MOST likely receive? A.Option A B.Option B C.Option C D.Option D
A penetration tester performs the following command: curl –I –http2 https://www. omptia
View answer
Correct Answer: CF
Question #15
A penetration tester logs in as a user in the cloud environment of a company. Which of the following Pacu modules will enable the tester to determine the level of access of the existing user?
A. iam_enum_permissions
B. iam_privesc_scan C
View answer
Correct Answer: A
Question #16
A software development team is concerned that a new product's 64-bit Windows binaries can be deconstructed to the underlying code. Which of the following tools can a penetration tester utilize to help the team gauge what an attacker might see in the binaries?
A. Immunity Debugger B
View answer
Correct Answer: C
Question #17
Penetration-testing activities have concluded, and the initial findings have been reviewed with the client. Which of the following best describes the NEXT step in the engagement?
A. Acceptance by the client and sign-off on the final report
B. Scheduling of follow-up actions and retesting C
View answer
Correct Answer: B
Question #18
A mail service company has hired a penetration tester to conduct an enumeration of all user accounts on an SMTP server to identify whether previous staff member accounts are still active. Which of the following commands should be used to accomplish the goal? A.VRFY and EXPN
B. VRFY and TURN C
View answer
Correct Answer: B
Question #19
A penetration tester wants to identify CVEs that can be leveraged to gain execution on a Linux server that has an SSHD running. Which of the following would BEST support this task?
A. Run nmap with the –o, -p22, and –sC options set against the target
B. Run nmap with the –sV and –p22 options set against the target C
View answer
Correct Answer: B
Question #20
A penetration tester runs the following command on a system: find / -user root –perm -4000 –print 2>/dev/null Which of the following is the tester trying to accomplish? A.Set the SGID on all files in the / directory
B. Find the /root directory on the system C
View answer
Correct Answer: E
Question #21
A penetration tester finds a PHP script used by a web application in an unprotected internal source code repository. After reviewing the code, the tester identifies the following: Which of the following tools will help the tester prepare an attack for this scenario?
A. Hydra and crunch
B. Netcat and cURL C
View answer
Correct Answer: C
Question #22
A penetration tester discovers during a recent test that an employee in the accounting department has been making changes to a payment system and redirecting money into a personal bank account. The penetration test was immediately stopped. Which of the following would be the BEST recommendation to prevent this type of activity in the future?
A. Enforce mandatory employee vacations
B. Implement multifactor authentication C
View answer
Correct Answer: B
Question #23
A penetration tester who is conducting a web-application test discovers a clickjacking vulnerability associated with a login page to financial dat
A. Which of the following should the tester do with this information to make this a successful exploit? A
B. Conduct a watering-hole attack
View answer
Correct Answer: A
Question #24
A penetration tester writes the following script: Which of the following objectives is the tester attempting to achieve?
A. Determine active hosts on the network
B. Set the TTL of ping packets for stealth
View answer
Correct Answer: D
Question #25
User credentials were captured from a database during an assessment and cracked using rainbow tables. Based on the ease of compromise, which of the following algorithms was MOST likely used to store the passwords in the database? A.MD5 B.bcrypt C.SHA-1 D.PBKDF2
User credentials were captured from a database during an assessment and cracked using rainbow tables. Based on the ease of compromise, which of the following algorithms was MOST likely used to store the passwords in the database? A
View answer
Correct Answer: C
Question #26
Which of the following would MOST likely be included in the final report of a static applicationsecurity test that was written with a team of application developers as the intended audience?
A. Executive summary of the penetration-testing methods used
B. Bill of materials including supplies, subcontracts, and costs incurred during assessment C
View answer
Correct Answer: C
Question #27
A penetration tester is scanning a corporate lab network for potentially vulnerable services. Which of the following Nmap commands will return vulnerable ports that might be interesting to a potential attacker?
A. nmap 192
B. nmap 192
View answer
Correct Answer: B
Question #28
A red team gained access to the internal network of a client during an engagement and used the Responder tool to capture important dat
A. Which of the following was captured by the testing team?
A. Multiple handshakes
B. IP addresses C
View answer
Correct Answer: D
Question #29
A penetration tester is working on a scoping document with a new client. The methodology the client uses includes the following: Pre-engagement interaction (scoping and ROE) Intelligence gathering (reconnaissance) Threat modeling Vulnerability analysis Exploitation and post exploitation Reporting Which of the following methodologies does the client use?
A. OWASP Web Security Testing Guide
B. PTES technical guidelines C
View answer
Correct Answer: D
Question #30
A penetration tester runs the unshadow command on a machine. Which of the following tools will the tester most likely use NEXT?
A. John the Ripper B
View answer
Correct Answer: A
Question #31
When developing a shell script intended for interpretation in Bash, the interpreter /bin/bash should be explicitly specified. Which of the following character combinations should be used on the first line of the script to accomplish this goal? A.<# B.<$ C.## D.#$ E.#!
When developing a shell script intended for interpretation in Bash, the interpreter /bin/bash should be explicitly specified. Which of the following character combinations should be used on the first line of the script to accomplish this goal? A
View answer
Correct Answer: D
Question #32
Which of the following should a penetration tester do NEXT after identifying that an application being tested has already been compromised with malware?
A. Analyze the malware to see what it does
B. Collect the proper evidence and then remove the malware
E. Stop the assessment and inform the emergency contact
View answer
Correct Answer: B
Question #33
Which of the following tools provides Python classes for interacting with network protocols?
A. Responder
B. Impacket C
View answer
Correct Answer: A
Question #34
A penetration tester needs to perform a test on a finance system that is PCI DSS v3.2.1 compliant. Which of the following is the MINIMUM frequency to complete the scan of the system? A.Weekly
B. Monthly C
View answer
Correct Answer: D
Question #35
Which of the following should a penetration tester consider FIRST when engaging in a penetration test in a cloud environment?
A. Whether the cloud service provider allows the penetration tester to test the environment
B. Whether the specific cloud services are being used by the application C
View answer
Correct Answer: A
Question #36
A penetration tester is looking for a vulnerability that enables attackers to open doors via a specialized TCP service that is used for a physical access control system. The service exists on more than 100 different hosts, so the tester would like to automate the assessment. Identification requires the penetration tester to: Have a full TCP connection Send a "hello" payload Walt for a response Send a string of characters longer than 16 bytes Which of the following approaches would BEST support the objective
A. Run nmap –Pn –sV –script vuln
B. Employ an OpenVAS simple scan against the TCP port of the host
View answer
Correct Answer: D
Question #37
A penetration tester has obtained shell access to a Windows host and wants to run a specially crafted binary for later execution using the wmic.exe process call create function. Which of the following OS or filesystem mechanisms is MOST likely to support this objective?
A. Alternate data streams
B. PowerShell modules C
View answer
Correct Answer: B
Question #38
A penetration tester has been hired to configure and conduct authenticated scans of all the servers on a software company's network. Which of the following accounts should the tester use to return the MOST results? A.Root user
B. Local administrator C
View answer
Correct Answer: A
Question #39
A penetration tester runs a scan against a server and obtains the following output: 21/tcp open ftp Microsoft ftpd | ftp-anon: Anonymous FTP login allowed (FTP code 230) | 03-12-20 09:23AM 331 index.aspx | ftp-syst: 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 445/tcp open microsoft-ds Microsoft Windows Server 2012 Std 3389/tcp open ssl/ms-wbt-server | rdp-ntlm-info: | Target Name: WEB3 | NetBIOS_Computer_Name: WEB3 | Product_Version: 6.3.9600 |_ System_Tim
A. ftp 192
B. smbclient \\\\WEB3\\IPC$ -I 192
E. nmap –-script vuln –sV 192
View answer
Correct Answer: C
Question #40
A client has requested that the penetration test scan include the following UDP services: SNMP, NetBIOS, and DNS. Which of the following Nmap commands will perform the scan?
A. nmap –vv sUV –p 53, 123-159 10
B. nmap –vv sUV –p 53,123,161-162 10
View answer
Correct Answer: A
Question #41
A penetration tester has established an on-path attack position and must now specially craft a DNS query response to be sent back to a target host. Which of the following utilities would BEST support this objective? A.Socat
B. tcpdump C
View answer
Correct Answer: C
Question #42
A company that requires minimal disruption to its daily activities needs a penetration tester to perform information gathering around the company's web presence. Which of the following would the tester find MOST helpful in the initial information-gathering steps? (Choose two.)
A. IP addresses and subdomains
B. Zone transfers C
E. Externally facing open ports
F. Shodan results
View answer
Correct Answer: A
Question #43
A penetration tester who is conducting a vulnerability assessment discovers that ICMP is disabled on a network segment. Which of the following could be used for a denial-of-service attack on the network segment? A.Smurf
B. Ping flood C
View answer
Correct Answer: D
Question #44
Running a vulnerability scanner on a hybrid network segment that includes general IT servers and industrial control systems: A.will reveal vulnerabilities in the Modbus protocol.
B. may cause unintended failures in control systems
View answer
Correct Answer: D
Question #45
A penetration tester exploited a unique flaw on a recent penetration test of a bank. After the test was completed, the tester posted information about the exploit online along with the IP addresses of the exploited machines. Which of the following documents could hold the penetration tester accountable for this action? A.ROE B.SLA C.MSA D.NDA
A penetration tester exploited a unique flaw on a recent penetration test of a bank. After the test was completed, the tester posted information about the exploit online along with the IP addresses of the exploited machines
View answer
Correct Answer: B
Question #46
A red-team tester has been contracted to emulate the threat posed by a malicious insider on a company's network, with the constrained objective of gaining access to sensitive personnel files. During the assessment, the red-team tester identifies an artifact indicating possible prior compromise within the target environment. Which of the following actions should the tester take?
A. Perform forensic analysis to isolate the means of compromise and determine attribution
B. Incorporate the newly identified method of compromise into the red team's approach
View answer
Correct Answer: A
Question #47
When preparing for an engagement with an enterprise organization, which of the following is one of the MOST important items to develop fully prior to beginning the penetration testing activities?
A. Clarify the statement of work
B. Obtain an asset inventory from the client
View answer
Correct Answer: B
Question #48
Which of the following is the MOST effective person to validate results from a penetration test?
A. Third party
B. Team leader C
View answer
Correct Answer: E
Question #49
A penetration tester ran an Nmap scan on an Internet-facing network device with the –F option and found a few open ports. To further enumerate, the tester ran another scan using the following command: nmap –O –A –sS –p- 100.100.100.50 Nmap returned that all 65,535 ports were filtered. Which of the following MOST likely occurred on the second scan?
A. A firewall or IPS blocked the scan
B. The penetration tester used unsupported flags
View answer
Correct Answer: B
Question #50
A penetration tester ran the following command on a staging server: python –m SimpleHTTPServer 9891 Which of the following commands could be used to download a file named exploit to a target machine for execution?
A. nc 10
B. powershell –exec bypass –f \\10
View answer
Correct Answer: C

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: