Summer Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

CompTIA PenTest+ Certification Exam

Last Update 15 hours ago Total Questions : 464

The CompTIA PenTest+ Certification Exam content is now fully updated, with all current exam questions added 15 hours ago. Deciding to include PT0-002 practice exam questions in your study plan goes far beyond basic test preparation.

You'll find that our PT0-002 exam questions frequently feature detailed scenarios and practical problem-solving exercises that directly mirror industry challenges. Engaging with these PT0-002 sample sets allows you to effectively manage your time and pace yourself, giving you the ability to finish any CompTIA PenTest+ Certification Exam practice test comfortably within the allotted time.

Question # 41

Which of the following is the most secure way to protect a final report file when delivering the report to the client/customer?

A.

Creating a link on a cloud service and delivering it by email

B.

Asking for a PGP public key to encrypt the file

C.

Requiring FTPS security to download the file

D.

Copying the file on a USB drive and delivering it by postal mail

Question # 42

A penetration tester was able to gain access to a plaintext file on a user workstation. Upon opening the file, the tester notices some strings of randomly generated text. The tester is able to use these strings to move laterally throughout the network by accessing the fileshare on a web application. Which of the following should the organization do to remediate the issue?

A.

Sanitize user input.

B.

Implement password management solution.

C.

Rotate keys.

D.

Utilize certificate management.

Question # 43

An organization is using Android mobile devices but does not use MDM services. Which of the following describes an existing risk present in this scenario?

A.

Device log facility does not record actions.

B.

End users have root access by default.

C.

Unsigned applications can be installed.

D.

Push notification services require internet.

Question # 44

A penetration tester is performing an assessment for an organization and must gather valid user credentials. Which of the following attacks would be best for the tester to use to achieve this objective?

A.

Wardriving

B.

Captive portal

C.

Deauthentication

D.

Impersonation

Question # 45

A penetration tester performs several Nmap scans against the web application for a client.

INSTRUCTIONS

Click on the WAF and servers to review the results of the Nmap scans. Then click on

each tab to select the appropriate vulnerability and remediation options.

If at any time you would like to bring back the initial state of the simulation, please

click the Reset All button.

Question # 46

Which of the following is a ROE component that provides a penetration tester with guidance on who and how to contact the necessary individuals in the event of a disaster during an engagement?

A.

Engagement scope

B.

Communication escalation path

C.

SLA

D.

SOW

Question # 47

A penetration tester approaches a company employee in the smoking area and starts a conversation about the company ' s recent social event. After a few minutes, the employee holds the badge-protected door open for the penetration tester and both enter the company ' s building. Which of the following attacks did the penetration tester perform?

A.

Dumpster diving

B.

Phishing

C.

Badge cloning

D.

Tailgating

Question # 48

A penetration tester would like to crack a hash using a list of hashes and a predefined set of rules. The tester runs the following command: hashcat.exe -a 0 .\hash.txt .\rockyou.txt -r .\rules\replace.rule

Which of the following is the penetration tester using to crack the hash?

A.

Hybrid attack

B.

Dictionary

C.

Rainbow table

D.

Brute-force method

Question # 49

As part of active reconnaissance, penetration testers need to determine whether a protection mechanism is in place to safeguard the target’s website against web application attacks. Which of the following methods would be the most suitable?

A.

Direct-to-origin testing

B.

Antivirus scanning

C.

Scapy packet crafting

D.

WAF detection

Question # 50

Which of the following is most important to include in the final report of a static application-security test that was written with a team of application developers as the intended audience?

A.

Executive summary of the penetration-testing methods used

B.

Bill of materials including supplies, subcontracts, and costs incurred during assessment

C.

Quantitative impact assessments given a successful software compromise

D.

Code context for instances of unsafe typecasting operations

Go to page: