CompTIA PT0-002 CompTIA PenTest+ Certification Exam Practice Test

Page: 1 / 14
Total 140 questions

Question 1

Which of the following tools would be MOST useful in collecting vendor and other security-relevant information for IoT devices to support passive reconnaissance?



Answer : B

Question 2

A penetration tester is attempting to discover live hosts on a subnet quickly.

Which of the following commands will perform a ping scan?



Answer : A

Question 3

A penetration tester found the following valid URL while doing a manual assessment of a web application: http://www.example.com/product.php?id=123987.

Which of the following automated tools would be best to use NEXT to try to identify a vulnerability in this URL?



Answer : B

Question 4

A penetration tester was able to gather MD5 hashes from a server and crack the hashes easily with rainbow tables.

Which of the following should be included as a recommendation in the remediation report?



Answer : C

Question 5

A penetration tester is able to capture the NTLM challenge-response traffic between a client and a server.

Which of the following can be done with the pcap to gain access to the server?



Answer : D

Question 6

A security company has been contracted to perform a scoped insider-threat assessment to try to gain access to the human resources server that houses PII and salary dat

a. The penetration testers have been given an internal network starting position.

Which of the following actions, if performed, would be ethical within the scope of the assessment?



Answer : B

Question 7

A penetration tester has gained access to a network device that has a previously unknown IP range on an interface. Further research determines this is an always-on VPN tunnel to a third-party supplier.

Which of the following is the BEST action for the penetration tester to take?



Answer : D

Page:    1 / 14   
Total 140 questions