CompTIA PenTest+ Certification Exam v1.0 (PT0-002)

Page:    1 / 17   
Total 255 questions

Which of the following tools would be MOST useful in collecting vendor and other security-relevant information for IoT devices to support passive reconnaissance?

  • A. Shodan
  • B. Nmap
  • C. WebScarab-NG
  • D. Nessus

Answer : B

Which of the following should a penetration tester consider FIRST when engaging in a penetration test in a cloud environment?

  • A. Whether the cloud service provider allows the penetration tester to test the environment
  • B. Whether the specific cloud services are being used by the application
  • C. The geographical location where the cloud services are running
  • D. Whether the country where the cloud service is based has any impeding laws

Answer : C

You are a security analyst tasked with hardening a web server. You have been given a list of HTTP payloads that were flagged as malicious.

Giving the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Hot Area:

Answer :

A penetration tester runs the unshadow command on a machine.
Which of the following tools will the tester most likely use NEXT?

  • A. John the Ripper
  • B. Hydra
  • C. Mimikatz
  • D. Cain and Abel

Answer : A

A penetration tester obtained the following results after scanning a web server using the dirb utility:

Which of the following elements is MOST likely to contain useful information for the penetration tester?

  • A. index.html
  • B. about
  • C. info
  • D. home.html

Answer : B

A company has hired a penetration tester to deploy and set up a rogue access point on the network.
Which of the following is the BEST tool to use to accomplish this goal?

  • A. Wireshark
  • B. Aircrack-ng
  • C. Kismet
  • D. Wifite

Answer : B


A penetration tester was able to gain access successfully to a Windows workstation on a mobile client's laptop.
Which of the following can be used to ensure the tester is able to maintain access to the system?

  • A. schtasks /create /sc /ONSTART /tr C:\Temp|WindowsUpdate.exe
  • B. wmic startup get caption,command
  • C. crontab -l; echo ג€@reboot sleep 200 && ncat -lvp 4242 -e /bin/bashג€) | crontab 2>/dev/null
  • D. sudo useradd -ou 0 -g 0 user

Answer : C

A company hired a penetration-testing team to review the cyber-physical systems in a manufacturing plant. The team immediately discovered the supervisory systems and PLCs are both connected to the company intranet.
Which of the following assumptions, if made by the penetration-testing team, is MOST likely to be valid?

  • A. PLCs will not act upon commands injected over the network.
  • B. Supervisors and controllers are on a separate virtual network by default.
  • C. Controllers will not validate the origin of commands.
  • D. Supervisory systems will detect a malicious injection of code/commands.

Answer : C

A penetration tester downloaded a Java application file from a compromised web server and identifies how to invoke it by looking at the following log:

Which of the following is the order of steps the penetration tester needs to follow to validate whether the Java application uses encryption over sockets?

  • A. Run an application vulnerability scan and then identify the TCP ports used by the application.
  • B. Run the application attached to a debugger and then review the applicationג€™s log.
  • C. Disassemble the binary code and then identify the break points.
  • D. Start a packet capture with Wireshark and then run the application.

Answer : D

When planning a penetration-testing effort, clearly expressing the rules surrounding the optimal time of day for test execution is important because:

  • A. security compliance regulations or laws may be violated.
  • B. testing can make detecting actual APT more challenging.
  • C. testing adds to the workload of defensive cyber- and threat-hunting teams.
  • D. business and network operations may be impacted.

Answer : D

A company uses a cloud provider with shared network bandwidth to host a web application on dedicated servers. The company's contact with the cloud provider prevents any activities that would interfere with the cloud provider's other customers. When engaging with a penetration-testing company to test the application, which of the following should the company avoid?

  • A. Crawling the web applicationג€™s URLs looking for vulnerabilities
  • B. Fingerprinting all the IP addresses of the applicationג€™s servers
  • C. Brute forcing the applicationג€™s passwords
  • D. Sending many web requests per second to test DDoS protection

Answer : D

A penetration tester is cleaning up and covering tracks at the conclusion of a penetration test. Which of the following should the tester be sure to remove from the system? (Choose two.)

  • A. Spawned shells
  • B. Created user accounts
  • C. Server logs
  • D. Administrator accounts
  • E. Reboot system
  • F. ARP cache

Answer : BC

A software company has hired a security consultant to assess the security of the company's software development practices. The consultant opts to begin reconnaissance by performing fuzzing on a software binary. Which of the following vulnerabilities is the security consultant MOST likely to identify?

  • A. Weak authentication schemes
  • B. Credentials stored in strings
  • C. Buffer overflows
  • D. Non-optimized resource management

Answer : C

A penetration tester has prepared the following phishing email for an upcoming penetration test:

Which of the following is the penetration tester using MOST to influence phishing targets to click on the link?

  • A. Familiarity and likeness
  • B. Authority and urgency
  • C. Scarcity and fear
  • D. Social proof and greed

Answer : B

During a penetration test, a tester is able to change values in the URL from to and gain access to a web application. Which of the following vulnerabilities has the penetration tester exploited?

  • A. Command injection
  • B. Broken authentication
  • C. Direct object reference
  • D. Cross-site scripting

Answer : B

Page:    1 / 17   
Total 255 questions