DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

CompTIA PT0-002 Certification Exam Sample, Free Exam Resources for Success , CompTIA PenTest+ Certification | SPOTO

Prepare for success in your CompTIA PenTest+ (PT0-002) certification exam with our comprehensive CompTIA PT0-002 Certification Exam Sample. Access free exam resources designed to help you succeed, including practice tests, sample questions, exam dumps, and exam questions and answers. The best way to prepare for the exam is by practicing the latest exam questions and utilizing our exam preparation tools. The CompTIA PenTest+ certification is ideal for cybersecurity professionals tasked with penetration testing and vulnerability management. With our mock exams and exam simulator, you can simulate real exam conditions and boost your confidence. Utilize our exam materials and exam answers to reinforce your understanding and readiness for the PT0-002 exam. Prepare with confidence and achieve success in earning your CompTIA PenTest+ certification.
Take other online exams

Question #1
A penetration tester who is conducting a vulnerability assessment discovers that ICMP is disabled on a network segment. Which of the following could be used for a denial-of-service attack on the network segment?
A. Smurf
B. Ping flood
C. Fraggle
D. Ping of death
View answer
Correct Answer: A
Question #2
A client wants a security assessment company to perform a penetration test against its hot site. The purpose of the test is to determine the effectiveness of the defenses that protect against disruptions to business continuity. Which of the following is the MOST important action to take before starting this type of assessment?
A. Ensure the client has signed the SOW
B. Verify the client has granted network access to the hot site
C. Determine if the failover environment relies on resources not owned by the client
D. Establish communication and escalation procedures with the client
View answer
Correct Answer: AC
Question #3
A penetration tester conducted a vulnerability scan against a client’s critical servers and found the following: Which of the following would be a recommendation for remediation?
A. Deploy a user training program
B. Implement a patch management plan
C. Utilize the secure software development life cycle
D. Configure access controls on each of the servers
View answer
Correct Answer: A
Question #4
In the process of active service enumeration, a penetration tester identifies an SMTP daemon running on one of the target company’s servers. Which of the following actions would BEST enable the tester to perform phishing in a later stage of the assessment?
A. Test for RFC-defined protocol conformance
B. Attempt to brute force authentication to the service
C. Perform a reverse DNS query and match to the service banner
D. Check for an open relay configuration
View answer
Correct Answer: A
Question #5
Which of the following web-application security risks are part of the OWASP Top 10 v2017? (Choose two.)
A. Buffer overflows
B. Cross-site scripting
C. Race-condition attacks
D. Zero-day attacks
E. Injection flaws
F. Ransomware attacks
View answer
Correct Answer: C
Question #6
Which of the following documents describes specific activities, deliverables, and schedules for a penetration tester?
A. NDA
B. MSA
C. SOW
D. MOU
View answer
Correct Answer: C
Question #7
A company’s Chief Executive Officer has created a secondary home office and is concerned that the WiFi service being used is vulnerable to an attack. A penetration tester is hired to test the security of the WiFi’s router. Which of the following is MOST vulnerable to a brute-force attack?
A. WPS
B. WPA2-EAP
C. WPA-TKIP
D. WPA2-PSK
View answer
Correct Answer: B
Question #8
A tester who is performing a penetration test on a website receives the following output: Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /var/www/search.php on line 62 Which of the following commands can be used to further attack the website?
A.