Summer Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

CompTIA PenTest+ Certification Exam

Last Update 16 hours ago Total Questions : 464

The CompTIA PenTest+ Certification Exam content is now fully updated, with all current exam questions added 16 hours ago. Deciding to include PT0-002 practice exam questions in your study plan goes far beyond basic test preparation.

You'll find that our PT0-002 exam questions frequently feature detailed scenarios and practical problem-solving exercises that directly mirror industry challenges. Engaging with these PT0-002 sample sets allows you to effectively manage your time and pace yourself, giving you the ability to finish any CompTIA PenTest+ Certification Exam practice test comfortably within the allotted time.

Question # 101

A penetration tester finds a PHP script used by a web application in an unprotected internal source code repository. After reviewing the code, the tester identifies the following:

Which of the following combinations of tools would the penetration tester use to exploit this script?

A.

Hydra and crunch

B.

Netcat and cURL

C.

Burp Suite and DIRB

D.

Nmap and OWASP ZAP

Question # 102

A penetration tester was hired to perform a physical security assessment of an organization ' s office. After monitoring the environment for a few hours, the penetration tester notices that some employees go to lunch in a restaurant nearby and leave their belongings unattended on the table while getting food. Which of the following techniques would MOST likely be used to get legitimate access into the organization ' s building without raising too many alerts?

A.

Tailgating

B.

Dumpster diving

C.

Shoulder surfing

D.

Badge cloning

Question # 103

A penetration tester is contracted to attack an oil rig network to look for vulnerabilities. While conducting the assessment, the support organization of the rig reported issues connecting to corporate applications and upstream services for data acquisitions. Which of the following is the MOST likely culprit?

A.

Patch installations

B.

Successful exploits

C.

Application failures

D.

Bandwidth limitations

Question # 104

Penetration tester who was exclusively authorized to conduct a physical assessment noticed there were no cameras pointed at the dumpster for company. The penetration tester returned at night and collected garbage that contained receipts for recently purchased networking :. The models of equipment purchased are vulnerable to attack. Which of the following is the most likely next step for the penetration?

A.

Alert the target company of the discovered information.

B.

Verify the discovered information is correct with the manufacturer.

C.

Scan the equipment and verify the findings.

D.

Return to the dumpster for more information.

Question # 105

A penetration tester gains access to a web server and notices a large number of devices in the system ARP table. Upon scanning the web server, the tester determines that many of the devices are user ...ch of the following should be included in the recommendations for remediation?

A.

training program on proper access to the web server

B.

patch-management program for the web server.

C.

the web server in a screened subnet

D.

Implement endpoint  protection on the workstations

Question # 106

For a penetration test engagement, a security engineer decides to impersonate the IT help desk. The security engineer sends a phishing email containing an urgent request for users to change their passwords and a link to https://example.com/index.html. The engineer has designed the attack so that once the users enter the credentials, the index.html page takes the credentials and then forwards them to another server that the security engineer is controlling. Given the following information:

Which of the following lines of code should the security engineer add to make the attack successful?

A.

window.location.= ' https://evilcorp.com '

B.

crossDomain: true

C.

geturlparameter ( ' username ' )

D.

redirectUrl = ' https://example.com '

Question # 107

SIMULATION

Using the output, identify potential attack vectors that should be further investigated.

Question # 108

A penetration tester is testing a new version of a mobile application in a sandbox environment. To intercept and decrypt the traffic between the application and the external API, the tester has created a private root CA and issued a certificate from it. Even though the tester ins talled the root CA into the trusted stone of the smartphone used for the tests, the application shows an error indicating a certificate mismatch and does not connect to the server. Which of the following is the MOST likely reason for the error?

A.

TCP port 443 is not open on the firewall

B.

The API server is using SSL instead of TLS

C.

The tester is using an outdated version of the application

D.

The application has the API certificate pinned.

Question # 109

Which of the following assessment methods is the most likely to cause harm to an ICS environment?

A.

Active scanning

B.

Ping sweep

C.

Protocol reversing

D.

Packet analysis

Question # 110

Given the following code:

$p = (80, 110, 25)

$network = (192.168.0)

$range = 1 .. 254

$ErrorActionPreference = ' silentlycontinue '

$Foreach ($add in $range)

$Foreach ($x in $p)

{ {$ip = " {0} . {1} -F $network, $add "

If (Test-Connection -BufferSize 32 -Count 1 -quiet -ComputerName $ip)

{$socket = new-object System.Net. Sockets. TcpClient ( & ip, $x)

If ($socket. Connected) { $ip $p open "

$socket. Close () }

}

}}

Which of the following tasks could be accomplished with the script?

A.

Reverse shell

B.

Ping sweep

C.

File download

D.

Port scan

Go to page: