DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

CompTIA PT0-002 Exam Essentials: Exam Questions & Practice Tests, CompTIA PenTest+ Certification | SPOTO

Prepare effectively for your CompTIA PenTest+ (PT0-002) certification with our CompTIA PT0-002 Exam Essentials: Exam Questions & Practice Tests. The best way to ensure success on the exam is by practicing the latest exam questions. Our study materials include practice tests, sample questions, exam dumps, and exam questions and answers, designed to help you excel in your preparation. The CompTIA PenTest+ certification is tailored for cybersecurity professionals tasked with penetration testing and vulnerability management. Utilize our mock exams and exam simulator to simulate real exam conditions and enhance your confidence. Access our exam materials and exam answers to reinforce your understanding of key concepts. With our comprehensive exam preparation resources and exam simulator, you'll be well-prepared to ace your PT0-002 exam and achieve your CompTIA PenTest+ certification.

Take other online exams
Question #1
A penetration tester needs to access a building that is guarded by locked gates, a security team, and cameras. Which of the following is a technique the tester can use to gain access to the IT framework without being detected?
A. Pick a lock
B. Disable the cameras remotely
C. Impersonate a package delivery worker
D. Send a phishing email
View answer
Correct Answer: A
Question #2
A Chief Information Security Officer wants a penetration tester to evaluate whether a recently installed firewall is protecting a subnetwork on which many decades- old legacy systems are connected. The penetration tester decides to run an OS discovery and a full port scan to identify all the systems and any potential vulnerability. Which of the following should the penetration tester consider BEFORE running a scan?
A. The timing of the scan
B. The bandwidth limitations
C. The inventory of assets and versions
D. The type of scan
View answer
Correct Answer: C
Question #3
A Chief Information Security Officer wants a penetration tester to evaluate the security awareness level of the company’s employees. Which of the following tools can help the tester achieve this goal?
A. Metasploit
B. Hydra
C. SET
D. WPScan
View answer
Correct Answer: D
Question #4
A penetration tester has gained access to the Chief Executive Officer's (CEO's) internal, corporate email. The next objective is to gain access to the network. Which of the following methods will MOST likely work?
A. Try to obtain the private key used for S/MIME from the CEO's account
B. Send an email from the CEO's account, requesting a new account
C. Move laterally from the mail server to the domain controller
D. Attempt to escalate privileges on the mail server to gain root access
View answer
Correct Answer: D
Question #5
An assessor wants to use Nmap to help map out a stateful firewall rule set. Which of the following scans will the assessor MOST likely run?
A. nmap 192
B. nmap 192
C. nmap oG 192
D. nmap 192
View answer
Correct Answer: B
Question #6
A penetration tester recently performed a social-engineering attack in which the tester found an employee of the target company at a local coffee shop and over time built a relationship with the employee. On the employee’s birthday, the tester gave the employee an external hard drive as a gift. Which of the following social- engineering attacks was the tester utilizing?
A. Phishing
B. Tailgating
C. Baiting
D. Shoulder surfing
View answer
Correct Answer: A
Question #7
A penetration tester is able to use a command injection vulnerability in a web application to get a reverse shell on a system After running a few commands, the tester runs the following: python -c 'import pty; pty.spawn("/bin/bash")' Which of the following actions Is the penetration tester performing?
A. Privilege escalation
B. Upgrading the shell
C. Writing a script for persistence
D. Building a bind shell
View answer
Correct Answer: B
Question #8
A penetration tester is working on a scoping document with a new client. The methodology the client uses includes the following: Pre-engagement interaction (scoping and ROE) Intelligence gathering (reconnaissance) Threat modeling Vulnerability analysis Exploitation and post exploitation Reporting Which of the following methodologies does the client use?
A. OWASP Web Security Testing Guide
B. PTES technical guidelines
C. NIST SP 800-115
D. OSSTMM
View answer
Correct Answer: B
Question #9
The following output is from reconnaissance on a public-facing banking website: Based on these results, which of the following attacks is MOST likely to succeed?
A. A birthday attack on 64-bit ciphers (Sweet32)
B. An attack that breaks RC4 encryption
C. An attack on a session ticket extension (Ticketbleed)
D. A Heartbleed attack
View answer
Correct Answer: D
Question #10
A security analyst needs to perform an on-path attack on BLE smart devices. Which of the following tools would be BEST suited to accomplish this task?
A. Wireshark
B. Gattacker
C. tcpdump
D. Netcat
View answer
Correct Answer: A
Question #11
A company has hired a penetration tester to deploy and set up a rogue access point on the network. Which of the following is the BEST tool to use to accomplish this goal?
A. Wireshark
B. Aircrack-ng
C. Kismet
D. Wifite
View answer
Correct Answer: B
Question #12
A customer adds a requirement to the scope of a penetration test that states activities can only occur during normal business hours. Which of the following BEST describes why this would be necessary?
A. To meet PCI DSS testing requirements
B. For testing of the customer's SLA with the ISP
C. Because of concerns regarding bandwidth limitations
D. To ensure someone is available if something goes wrong
View answer
Correct Answer: D
Question #13
Which of the following is a rules engine for managing public cloud accounts and resources?
A. Cloud Custodian
B. Cloud Brute
C. Pacu
D. Scout Suite
View answer
Correct Answer: C
Question #14
Which of the following is the MOST common vulnerability associated with IoT devices that are directly connected to the Internet?
A. Unsupported operating systems
B. Susceptibility to DDoS attacks
C. Inability to network
D. The existence of default passwords
View answer
Correct Answer: B
Question #15
A penetration tester is required to perform a vulnerability scan that reduces the likelihood of false positives and increases the true positives of the results. Which of the following would MOST likely accomplish this goal?
A. Using OpenVAS in default mode
B. Using Nessus with credentials
C. Using Nmap as the root user
D. Using OWASP ZAP
View answer
Correct Answer: A
Question #16
A penetration tester who is working remotely is conducting a penetration test using a wireless connection. Which of the following is the BEST way to provide confidentiality for the client while using this connection?
A. Configure wireless access to use a AAA server
B. Use random MAC addresses on the penetration testing distribution
C. Install a host-based firewall on the penetration testing distribution
D. Connect to the penetration testing company's VPS using a VPN
View answer
Correct Answer: D
Question #17
A penetration tester created the following script to use in an engagement: However, the tester is receiving the following error when trying to run the script: Which of the following is the reason for the error?
A. The sys variable was not defined
B. The argv variable was not defined
C. The sys module was not imported
D. The argv module was not imported
View answer
Correct Answer: D
Question #18
During the reconnaissance phase, a penetration tester obtains the following output: Reply from 192.168.1.23: bytes=32 time<54ms TTL=128 Reply from 192.168.1.23: bytes=32 time<53ms TTL=128 Reply from 192.168.1.23: bytes=32 time<60ms TTL=128 Reply from 192.168.1.23: bytes=32 time<51ms TTL=128 Which of the following operating systems is MOST likely installed on the host?
A. Linux
B. NetBSD
C. Windows
D. macOS
View answer
Correct Answer: C
Question #19
A mail service company has hired a penetration tester to conduct an enumeration of all user accounts on an SMTP server to identify whether previous staff member accounts are still active. Which of the following commands should be used to accomplish the goal?
A. VRFY and EXPN
B. VRFY and TURN
C. EXPN and TURN
D. RCPT TO and VRFY
View answer
Correct Answer: A
Question #20
An Nmap scan shows open ports on web servers and databases. A penetration tester decides to run WPScan and SQLmap to identify vulnerabilities and additional information about those systems. Which of the following is the penetration tester trying to accomplish?
A. Uncover potential criminal activity based on the evidence gathered
B. Identify all the vulnerabilities in the environment
C. Limit invasiveness based on scope
D. Maintain confidentiality of the findings
View answer
Correct Answer: D
Question #21
A penetration-testing team needs to test the security of electronic records in a company's office. Per the terms of engagement, the penetration test is to be conducted after hours and should not include circumventing the alarm or performing destructive entry. During outside reconnaissance, the team sees an open door from an adjoining building. Which of the following would be allowed under the terms of the engagement?
A. Prying the lock open on the records room
B. Climbing in an open window of the adjoining building
C. Presenting a false employee ID to the night guard
D. Obstructing the motion sensors in the hallway of the records room
View answer
Correct Answer: B
Question #22
A penetration tester needs to perform a vulnerability scan against a web server. Which of the following tools is the tester MOST likely to choose?
A. Nmap
B. Nikto
C. Cain and Abel
D. Ethercap
View answer
Correct Answer: A

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.