Summer Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

CompTIA PenTest+ Certification Exam

Last Update 14 hours ago Total Questions : 464

The CompTIA PenTest+ Certification Exam content is now fully updated, with all current exam questions added 14 hours ago. Deciding to include PT0-002 practice exam questions in your study plan goes far beyond basic test preparation.

You'll find that our PT0-002 exam questions frequently feature detailed scenarios and practical problem-solving exercises that directly mirror industry challenges. Engaging with these PT0-002 sample sets allows you to effectively manage your time and pace yourself, giving you the ability to finish any CompTIA PenTest+ Certification Exam practice test comfortably within the allotted time.

Question # 1

A company is concerned that its cloud service provider is not adequately protecting the VMs housing its software development. The VMs are housed in a datacenter with other companies sharing physical resources. Which of the following attack types is MOST concerning to the company?

A.

Data flooding

B.

Session riding

C.

Cybersquatting

D.

Side channel

Question # 2

A penetration tester conducted an assessment on a web server. The logs from this session show the following:

http://www.thecompanydomain.com/servicestatus.php?serviceID=892 & serviceID=892 ‘ ; DROP TABLE SERVICES; --

Which of the following attacks is being attempted?

A.

Clickjacking

B.

Session hijacking

C.

Parameter pollution

D.

Cookie hijacking

E.

Cross-site scripting

Question # 3

A penetration testing firm performs an assessment every six months for the same customer. While performing network scanning for the latest assessment, the penetration tester observes that several of the target hosts appear to be residential connections associated with a major television and ISP in the area. Which of the following is the most likely reason for the observation?

A.

The penetration tester misconfigured the network scanner.

B.

The network scanning tooling is not functioning properly.

C.

The IP ranges changed ownership.

D.

The network scanning activity is being blocked by a firewall.

Question # 4

A mail service company has hired a penetration tester to conduct an enumeration of all user accounts on an SMTP server to identify whether previous staff member accounts are still active. Which of the following commands should be used to accomplish the goal?

A.

VRFY and EXPN

B.

VRFY and TURN

C.

EXPN and TURN

D.

RCPT TO and VRFY

Question # 5

A compliance-based penetration test is primarily concerned with:

A.

obtaining Pll from the protected network.

B.

bypassing protection on edge devices.

C.

determining the efficacy of a specific set of security standards.

D.

obtaining specific information from the protected network.

Question # 6

Which of the following provides a matrix of common tactics and techniques used by attackers along with recommended mitigations?

A.

NIST SP 800-53

B.

OWASP Top 10

C.

MITRE ATT & CK framework

D.

PTES technical guidelines

Question # 7

A penetration tester has completed an analysis of the various software products produced by the company under assessment. The tester found that over the past several years the company has been including vulnerable third-party modules in multiple products, even though the quality of the organic code being developed is very good. Which of the following recommendations should the penetration tester include in the report?

A.

Add a dependency checker into the tool chain.

B.

Perform routine static and dynamic analysis of committed code.

C.

Validate API security settings before deployment.

D.

Perform fuzz testing of compiled binaries.

Question # 8

Which of the following protocols or technologies would provide in-transit confidentiality protection for emailing the final security assessment report?

A.

S/MIME

B.

FTPS

C.

DNSSEC

D.

AS2

Question # 9
A.

Provide an example report from a prior penetration test engagement.

B.

Allow the client to only view the information while in secure spaces.

C.

Determine which reports are no longer under a period of confidentiality.

D.

Provide raw output from penetration testing tools.

Question # 10

A penetration tester is enumerating shares and receives the following output:

Which of the following should the penetration tester enumerate next?

A.

dev

B.

print$

C.

home

D.

notes

Go to page: