Summer Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

CompTIA PenTest+ Certification Exam

Last Update 16 hours ago Total Questions : 464

The CompTIA PenTest+ Certification Exam content is now fully updated, with all current exam questions added 16 hours ago. Deciding to include PT0-002 practice exam questions in your study plan goes far beyond basic test preparation.

You'll find that our PT0-002 exam questions frequently feature detailed scenarios and practical problem-solving exercises that directly mirror industry challenges. Engaging with these PT0-002 sample sets allows you to effectively manage your time and pace yourself, giving you the ability to finish any CompTIA PenTest+ Certification Exam practice test comfortably within the allotted time.

Question # 121

A penetration tester is preparing a credential stuffing attack against a company ' s website. Which of the following can be used to passively get the most relevant information?

A.

Shodan

B.

BeEF

C.

HavelBeenPwned

D.

Maltego

Question # 122

A company developed a new web application to allow its customers to submit loan applications. A penetration tester is reviewing the application and discovers that the application was developed in ASP and used MSSQL for its back-end database. Using the application ' s search form, the penetration tester inputs the following code in the search input field:

IMG SRC=vbscript:msgbox ( " Vulnerable_to_Attack " ) ; > originalAttribute= " SRC " originalPath= " vbscript;msgbox ( " Vulnerable_to_Attack " ) ; > "

When the tester checks the submit button on the search form, the web browser returns a pop-up windows that displays " Vulnerable_to_Attack. " Which of the following vulnerabilities did the tester discover in the web application?

A.

SQL injection

B.

Command injection

C.

Cross-site request forgery

D.

Cross-site scripting

Question # 123

The provision that defines the level of responsibility between the penetration tester and the client for preventing unauthorized disclosure is found in the:

A.

NDA

B.

SLA

C.

MSA

D.

SOW

Question # 124

A penetration tester is conducting an authorized, physical penetration test to attempt to enter a client ' s building during non-business hours. Which of the following are MOST important for the penetration tester to have during the test? (Choose two.)

A.

A handheld RF spectrum analyzer

B.

A mask and personal protective equipment

C.

Caution tape for marking off insecure areas

D.

A dedicated point of contact at the client

E.

The paperwork documenting the engagement

F.

Knowledge of the building ' s normal business hours

Question # 125

Which of the following documents describes activities that are prohibited during a scheduled penetration test?

A.

MSA

B.

NDA

C.

ROE

D.

SLA

Question # 126

A penetration testing team has gained access to an organization’s data center, but the team requires more time to test the attack strategy. Which of the following wireless attack techniques would be the most successful in preventing unintended interruptions?

A.

Captive portal

B.

Evil twin

C.

Bluejacking

D.

Jamming

Question # 127

A penetration tester finds a PHP script used by a web application in an unprotected internal source code repository. After reviewing the code, the tester identifies the following:

Which of the following tools will help the tester prepare an attack for this scenario?

A.

Hydra and crunch

B.

Netcat and cURL

C.

Burp Suite and DIRB

D.

Nmap and OWASP ZAP

Question # 128

A penetration tester was able to gather MD5 hashes from a server and crack the hashes easily with rainbow tables.

Which of the following should be included as a recommendation in the remediation report?

A.

Stronger algorithmic requirements

B.

Access controls on the server

C.

Encryption on the user passwords

D.

A patch management program

Question # 129

A penetration tester wants to perform reconnaissance without being detected. Which of the following activities have a MINIMAL chance of detection? (Choose two.)

A.

Open-source research

B.

A ping sweep

C.

Traffic sniffing

D.

Port knocking

E.

A vulnerability scan

F.

An Nmap scan

Question # 130

Penetration-testing activities have concluded, and the initial findings have been reviewed with the client. Which of the following best describes the NEXT step in the engagement?

A.

Acceptance by the client and sign-off on the final report

B.

Scheduling of follow-up actions and retesting

C.

Attestation of findings and delivery of the report

D.

Review of the lessons learned during the engagement

Go to page: