DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

CompTIA PT0-002 Certification Exam Questions & Answers, CompTIA PenTest+ Certification | SPOTO

Prepare for the CompTIA PenTest+ (PT0-002) certification exam with our comprehensive study resources. The best way to prepare for the exam is by practicing the latest exam questions. Our study materials include practice tests, sample questions, exam dumps, and exam questions and answers to help you build confidence and readiness. The CompTIA PenTest+ certification is designed for cybersecurity professionals responsible for penetration testing and vulnerability management. With our exam materials and exam answers, you can reinforce your understanding of key concepts and enhance your exam preparation. Our mock exams and exam simulator provide a realistic exam experience to simulate exam conditions and boost your confidence. Utilize our exam materials and exam answers to ensure you're fully prepared to succeed on the PT0-002 exam and earn your CompTIA PenTest+ certification.
Take other online exams

Question #1
A client evaluating a penetration testing company requests examples of its work. Which of the following represents the BEST course of action for the penetration testers?
A. Redact identifying information and provide a previous customer's documentation
B. Allow the client to only view the information while in secure spaces
C. Determine which reports are no longer under a period of confidentiality
D. Provide raw output from penetration testing tools
View answer
Correct Answer: A
Question #2
During an assessment, a penetration tester obtains a list of 30 email addresses by crawling the target company's website and then creates a list of possible usernames based on the email address format. Which of the following types of attacks would MOST likely be used to avoid account lockout?
A. Mask
B. Rainbow
C. Dictionary
D. Password spraying
View answer
Correct Answer: C
Question #3
A penetration tester logs in as a user in the cloud environment of a company. Which of the following Pacu modules will enable the tester to determine the level of access of the existing user?
A. iam_enum_permissions
B. iam_privesc_scan
C. iam_backdoor_assume_role
D. iam_bruteforce_permissions
View answer
Correct Answer: D
Question #4
A penetration tester was able to compromise a web server and move laterally into a Linux web server. The tester now wants to determine the identity of the last user who signed in to the web server. Which of the following log files will show this activity?
A. /var/log/messages
B. /var/log/last_user
C. /var/log/user_log
D. /var/log/lastlog
View answer
Correct Answer: A
Question #5
An Nmap network scan has found five open ports with identified services. Which of the following tools should a penetration tester use NEXT to determine if any vulnerabilities with associated exploits exist on the open ports?
A. OpenVAS
B. Drozer
C. Burp Suite
D. OWASP ZAP
View answer
Correct Answer: C
Question #6
Which of the following assessment methods is MOST likely to cause harm to an ICS environment?
A. Active scanning
B. Ping sweep
C. Protocol reversing
D. Packet analysis
View answer
Correct Answer: A
Question #7
A penetration-testing team is conducting a physical penetration test to gain entry to a building. Which of the following is the reason why the penetration testers should carry copies of the engagement documents with them?
A. As backup in case the original documents are lost
B. To guide them through the building entrances
C. To validate the billing information with the client
D. As proof in case they are discovered
View answer
Correct Answer: C
Question #8
A penetration tester runs the unshadow command on a machine. Which of the following tools will the tester most likely use NEXT?
A. John the Ripper
B. Hydra
C. Mimikatz
D. Cain and Abel
View answer
Correct Answer: C
Question #9
A penetration tester captured the following traffic during a web-application test: Which of the following methods should the tester use to visualize the authorization information being transmitted?
A. Decode the authorization header using UTF-8
B. Decrypt the authorization header using bcrypt
C. Decode the authorization header using Base64
D. Decrypt the authorization header using AES
View answer
Correct Answer: D
Question #10
A penetration tester wants to find hidden information in documents available on the web at a particular domain. Which of the following should the penetration tester use?
A. Netcraft
B. CentralOps
C. Responder
D. FOCA
View answer
Correct Answer: A
Question #11
A penetration tester discovered that a client uses cloud mail as the company's email system. During the penetration test, the tester set up a fake cloud mail login page and sent all company employees an email that stated their inboxes were full and directed them to the fake login page to remedy the issue. Which of the following BEST describes this attack?
A. Credential harvesting
B. Privilege escalation
C. Password spraying
D. Domain record abuse
View answer
Correct Answer: C
Question #12
A penetration tester finds a PHP script used by a web application in an unprotected internal source code repository. After reviewing the code, the tester identifies the following: Which of the following combinations of tools would the penetration tester use to exploit this script?
A. Hydra and crunch
B. Netcat and cURL
C. Burp Suite and DIRB
D. Nmap and OWASP ZAP
View answer
Correct Answer: A
Question #13
Which of the following is the MOST effective person to validate results from a penetration test?
A. Third party
B. Team leader
C. Chief Information Officer
D. Client
View answer
Correct Answer: CE
Question #14
A penetration tester runs the following command on a system: find / -user root –perm -4000 –print 2>/dev/null Which of the following is the tester trying to accomplish?
A. Set the SGID on all files in the / directory
B. Find the /root directory on the system
C. Find files with the SUID bit set
D. Find files that were created during exploitation and move them to /dev/null
View answer
Correct Answer: A
Question #15
A security analyst needs to perform a scan for SMB port 445 over a/16 network. Which of the following commands would be the BEST option when stealth is not a concern and the task is time sensitive?
A. Nmap -s 445 -Pn -T5 172
B. Nmap -p 445 -n -T4 -open 172
C. Nmap -sV --script=smb* 172
D. Nmap -p 445 -max -sT 172
View answer
Correct Answer: D
Question #16
A tester who is performing a penetration test discovers an older firewall that is known to have serious vulnerabilities to remote attacks but is not part of the original list of IP addresses for the engagement. Which of the following is the BEST option for the tester to take?
A. Segment the firewall from the cloud
B. Scan the firewall for vulnerabilities
C. Notify the client about the firewall
D. Apply patches to the firewall
View answer
Correct Answer: A
Question #17
A penetration tester has established an on-path attack position and must now specially craft a DNS query response to be sent back to a target host. Which of the following utilities would BEST support this objective?
A. Socat
B. tcpdump
C. Scapy
D. dig
View answer
Correct Answer: C
Question #18
Which of the following describe the GREATEST concerns about using third-party open-source libraries in application code? (Choose two.)
A. The libraries may be vulnerable
B. The licensing of software is ambiguous
C. The libraries’ code bases could be read by anyone
D. The provenance of code is unknown
E. The libraries may be unsupported
F. The libraries may break the application
View answer
Correct Answer: AC
Question #19
Which of the following is the BEST resource for obtaining payloads against specific network infrastructure products?
A. Exploit-DB
B. Metasploit
C. Shodan
D. Retina
View answer
Correct Answer: A
Question #20
A penetration tester is looking for a vulnerability that enables attackers to open doors via a specialized TCP service that is used for a physical access control system. The service exists on more than 100 different hosts, so the tester would like to automate the assessment. Identification requires the penetration tester to: Have a full TCP connection Send a “hello” payload Walt for a response Send a string of characters longer than 16 bytes Which of the following approaches would BEST support the objective
A. Run nmap –Pn –sV –script vuln
B. Employ an OpenVAS simple scan against the TCP port of the host
C. Create a script in the Lua language and use it with NSE
D. Perform a credentialed scan with Nessus
View answer
Correct Answer: B
Question #21
Which of the following documents is agreed upon by all parties associated with the penetration-testing engagement and defines the scope, contacts, costs, duration, and deliverables?
A. SOW
B. SLA
C. MSA
D. NDA
View answer
Correct Answer: B
Question #22
A penetration tester is testing a new API for the company's existing services and is preparing the following script: Which of the following would the test discover?
A. Default web configurations
B. Open web ports on a host
C. Supported HTTP methods
D. Listening web servers in a domain
View answer
Correct Answer: D
Question #23
A penetration tester successfully performed an exploit on a host and was able to hop from VLAN 100 to VLAN 200. VLAN 200 contains servers that perform financial transactions, and the penetration tester now wants the local interface of the attacker machine to have a static ARP entry in the local cache. The attacker machine has the following: IP Address: 192.168.1.63 Physical Address: 60-36-dd-a6-c5-33 Which of the following commands would the penetration tester MOST likely use in order to establish a static
A. tcpdump -i eth01 arp and arp[6:2] == 2
B. arp -s 192
C. ipconfig /all findstr /v 00-00-00 | findstr Physical
D. route add 192
View answer
Correct Answer: D
Question #24
An exploit developer is coding a script that submits a very large number of small requests to a web server until the server is compromised. The script must examine each response received and compare the data to a large number of strings to determine which data to submit next. Which of the following data structures should the exploit developer use to make the string comparison and determination as efficient as possible?
A. A list
B. A tree
C. A dictionary
D. An array
View answer
Correct Answer: CD
Question #25
A penetration tester receives the following results from an Nmap scan: Which of the following OSs is the target MOST likely running?
A. CentOS
B. Arch Linux
C. Windows Server
D. Ubuntu
View answer
Correct Answer: C
Question #26
A penetration tester downloaded a Java application file from a compromised web server and identifies how to invoke it by looking at the following log: Which of the following is the order of steps the penetration tester needs to follow to validate whether the Java application uses encryption over sockets?
A. Run an application vulnerability scan and then identify the TCP ports used by the application
B. Run the application attached to a debugger and then review the application's log
C. Disassemble the binary code and then identify the break points
D. Start a packet capture with Wireshark and then run the application
View answer
Correct Answer: C
Question #27
A penetration tester is reviewing the following SOW prior to engaging with a client: “Network diagrams, logical and physical asset inventory, and employees’ names are to be treated as client confidential. Upon completion of the engagement, the penetration tester will submit findings to the client’s Chief Information Security Officer (CISO) via encrypted protocols and subsequently dispose of all findings by erasing them in a secure manner.” Based on the information in the SOW, which of the following behavior
A. Utilizing proprietary penetration-testing tools that are not available to the public or to the client for auditing and inspection
B. Utilizing public-key cryptography to ensure findings are delivered to the CISO upon completion of the engagement
C. Failing to share with the client critical vulnerabilities that exist within the client architecture to appease the client’s senior leadership team
D. Seeking help with the engagement in underground hacker forums by sharing the client’s public IP address
E. Using a software-based erase tool to wipe the client’s findings from the penetration tester’s laptop
F. Retaining the SOW within the penetration tester’s company for future use so the sales team can plan future engagements
View answer
Correct Answer: C
Question #28
A penetration tester is starting an assessment but only has publicly available information about the target company. The client is aware of this exercise and is preparing for the test. Which of the following describes the scope of the assessment?
A. Partially known environment testing
B. Known environment testing
C. Unknown environment testing
D. Physical environment testing
View answer
Correct Answer: D
Question #29
During a penetration test, a tester is able to change values in the URL from example.com/login.php?id=5 to example.com/login.php?id=10 and gain access to a web application. Which of the following vulnerabilities has the penetration tester exploited?
A. Command injection
B. Broken authentication
C. Direct object reference
D. Cross-site scripting
View answer
Correct Answer: A
Question #30
Which of the following documents must be signed between the penetration tester and the client to govern how any provided information is managed before, during, and after the engagement?
A. MSA
B. NDA
C. SOW
D. ROE
View answer
Correct Answer: C
Question #31
Which of the following would MOST likely be included in the final report of a static application-security test that was written with a team of application developers as the intended audience?
A. Executive summary of the penetration-testing methods used
B. Bill of materials including supplies, subcontracts, and costs incurred during assessment
C. Quantitative impact assessments given a successful software compromise
D. Code context for instances of unsafe type-casting operations
View answer
Correct Answer: B
Question #32
Which of the following BEST describes why a client would hold a lessons-learned meeting with the penetration-testing team?
A. To provide feedback on the report structure and recommend improvements
B. To discuss the findings and dispute any false positives
C. To determine any processes that failed to meet expectations during the assessment
D. To ensure the penetration-testing team destroys all company data that was gathered during the test
View answer
Correct Answer: A
Question #33
Given the following code: Which of the following are the BEST methods to prevent against this type of attack? (Choose two.)
A. Web-application firewall
B. Parameterized queries
C. Output encoding
D. Session tokens
E. Input validation
F. Base64 encoding
View answer
Correct Answer: B
Question #34
In an unprotected network file repository, a penetration tester discovers a text file containing usernames and passwords in cleartext and a spreadsheet containing data for 50 employees, including full names, roles, and serial numbers. The tester realizes some of the passwords in the text file follow the format: . Which of the following would be the best action for the tester to take NEXT with this information?
A. Create a custom password dictionary as preparation for password spray testing
B. Recommend using a password manage/vault instead of text files to store passwords securely
C. Recommend configuring password complexity rules in all the systems and applications
D. Document the unprotected file repository as a finding in the penetration-testing report
View answer
Correct Answer: B
Question #35
A security company has been contracted to perform a scoped insider-threat assessment to try to gain access to the human resources server that houses PII and salary data. The penetration testers have been given an internal network starting position. Which of the following actions, if performed, would be ethical within the scope of the assessment?
A. Exploiting a configuration weakness in the SQL database
B. Intercepting outbound TLS traffic
C. Gaining access to hosts by injecting malware into the enterprise-wide update server
D. Leveraging a vulnerability on the internal CA to issue fraudulent client certificates
E. Establishing and maintaining persistence on the domain controller
View answer
Correct Answer: A
Question #36
A penetration tester is testing a new version of a mobile application in a sandbox environment. To intercept and decrypt the traffic between the application and the external API, the tester has created a private root CA and issued a certificate from it. Even though the tester installed the root CA into the trusted stone of the smartphone used for the tests, the application shows an error indicating a certificate mismatch and does not connect to the server. Which of the following is the MOST likely reason fo
A. TCP port 443 is not open on the firewall
B. The API server is using SSL instead of TLS
C. The tester is using an outdated version of the application
D. The application has the API certificate pinned
View answer
Correct Answer: A
Question #37
An Nmap scan of a network switch reveals the following: Which of the following technical controls will most likely be the FIRST recommendation for this device?
A. Encrypted passwords
B. System-hardening techniques
C. Multifactor authentication
D. Network segmentation
View answer
Correct Answer: B
Question #38
A security engineer identified a new server on the network and wants to scan the host to determine if it is running an approved version of Linux and a patched version of Apache. Which of the following commands will accomplish this task?
A. nmap –f –sV –p80 192
B. nmap –sS –sL –p80 192
C. nmap –A –T4 –p80 192
D. nmap –O –v –p80 192
View answer
Correct Answer: B

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: