New Year Special Sales Coupon - 55% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: c4s55disc

PT0-002 PDF

$45

$99.99

3 Months Free Update

  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions

PT0-002 PDF + Testing Engine

$72

$159.99

3 Months Free Update

  • Exam Name: CompTIA PenTest+ Certification Exam
  • Last Update: Jan 24, 2022
  • Questions and Answers: 140
  • Free Real Questions Demo
  • Recommended by Industry Experts
  • Best Economical Package
  • Immediate Access

PT0-002 Engine

$54

$119.99

3 Months Free Update

  • Best Testing Engine
  • One Click installation
  • Recommended by Teachers
  • Easy to use
  • 3 Modes of Learning
  • State of Art Technology
  • 100% Real Questions included

PT0-002 CompTIA PenTest+ Certification Exam Questions and Answers

Question # 6

A penetration tester is reviewing the following SOW prior to engaging with a client:

“Network diagrams, logical and physical asset inventory, and employees’ names are to be treated as client confidential. Upon completion of the engagement, the penetration tester will submit findings to the client’s Chief Information Security Officer (CISO) via encrypted protocols and subsequently dispose of all findings by erasing them in a secure manner.”

Based on the information in the SOW, which of the following behaviors would be considered unethical? (Choose two.)

A.

Utilizing proprietary penetration-testing tools that are not available to the public or to the client for auditing and inspection

B.

Utilizing public-key cryptography to ensure findings are delivered to the CISO upon completion of the

engagement

C.

Failing to share with the client critical vulnerabilities that exist within the client architecture to appease the client’s senior leadership team

D.

Seeking help with the engagement in underground hacker forums by sharing the client’s public IP address

E.

Using a software-based erase tool to wipe the client’s findings from the penetration tester’s laptop

F.

Retaining the SOW within the penetration tester’s company for future use so the sales team can plan future engagements

Full Access
Question # 7

The results of an Nmap scan are as follows:

Which of the following would be the BEST conclusion about this device?

A.

This device may be vulnerable to the Heartbleed bug due to the way transactions over TCP/22 handle heartbeat extension packets, allowing attackers to obtain sensitive information from process memory.

B.

This device is most likely a gateway with in-band management services.

C.

This device is most likely a proxy server forwarding requests over TCP/443.

D.

This device may be vulnerable to remote code execution because of a butter overflow vulnerability in the method used to extract DNS names from packets prior to DNSSEC validation.

Full Access
Question # 8

A penetration tester who is performing a physical assessment of a company’s security practices notices the company does not have any shredders inside the office building. Which of the following techniques would be BEST to use to gain confidential information?

A.

Badge cloning

B.

Dumpster diving

C.

Tailgating

D.

Shoulder surfing

Full Access
Question # 9

A company obtained permission for a vulnerability scan from its cloud service provider and now wants to test the security of its hosted data.

Which of the following should the tester verify FIRST to assess this risk?

A.

Whether sensitive client data is publicly accessible

B.

Whether the connection between the cloud and the client is secure

C.

Whether the client's employees are trained properly to use the platform

D.

Whether the cloud applications were developed using a secure SDLC

Full Access
Question # 10

A company’s Chief Executive Officer has created a secondary home office and is concerned that the WiFi service being used is vulnerable to an attack. A penetration tester is hired to test the security of the WiFi’s router.

Which of the following is MOST vulnerable to a brute-force attack?

A.

WPS

B.

WPA2-EAP

C.

WPA-TKIP

D.

WPA2-PSK

Full Access
Question # 11

A penetration tester wants to perform reconnaissance without being detected. Which of the following activities have a MINIMAL chance of detection? (Choose two.)

A.

Open-source research

B.

A ping sweep

C.

Traffic sniffing

D.

Port knocking

E.

A vulnerability scan

F.

An Nmap scan

Full Access
Question # 12

A penetration tester has been given eight business hours to gain access to a client’s financial system. Which of the following techniques will have the highest likelihood of success?

A.

Attempting to tailgate an employee going into the client's workplace

B.

Dropping a malicious USB key with the company’s logo in the parking lot

C.

Using a brute-force attack against the external perimeter to gain a foothold

D.

Performing spear phishing against employees by posing as senior management

Full Access
Question # 13

A company hired a penetration-testing team to review the cyber-physical systems in a manufacturing plant. The team immediately discovered the supervisory systems and PLCs are both connected to the company intranet. Which of the following assumptions, if made by the penetration-testing team, is MOST likely to be

valid?

A.

PLCs will not act upon commands injected over the network.

B.

Supervisors and controllers are on a separate virtual network by default.

C.

Controllers will not validate the origin of commands.

D.

Supervisory systems will detect a malicious injection of code/commands.

Full Access
Question # 14

User credentials were captured from a database during an assessment and cracked using rainbow tables. Based on the ease of compromise, which of the following algorithms was MOST likely used to store the passwords in the database?

A.

MD5

B.

bcrypt

C.

SHA-1

D.

PBKDF2

Full Access
Question # 15

Which of the following types of information should be included when writing the remediation section of a penetration test report to be viewed by the systems administrator and technical staff?

A.

A quick description of the vulnerability and a high-level control to fix it

B.

Information regarding the business impact if compromised

C.

The executive summary and information regarding the testing company

D.

The rules of engagement from the assessment

Full Access
Question # 16

A penetration tester writes the following script:

Which of the following objectives is the tester attempting to achieve?

A.

Determine active hosts on the network.

B.

Set the TTL of ping packets for stealth.

C.

Fill the ARP table of the networked devices.

D.

Scan the system on the most used ports.

Full Access
Question # 17

A client wants a security assessment company to perform a penetration test against its hot site. The purpose of the test is to determine the effectiveness of the defenses that protect against disruptions to business continuity. Which of the following is the MOST important action to take before starting this type of assessment?

A.

Ensure the client has signed the SOW.

B.

Verify the client has granted network access to the hot site.

C.

Determine if the failover environment relies on resources not owned by the client.

D.

Establish communication and escalation procedures with the client.

Full Access
Question # 18

An Nmap scan shows open ports on web servers and databases. A penetration tester decides to run WPScan and SQLmap to identify vulnerabilities and additional information about those systems.

Which of the following is the penetration tester trying to accomplish?

A.

Uncover potential criminal activity based on the evidence gathered.

B.

Identity all the vulnerabilities in the environment.

C.

Limit invasiveness based on scope.

D.

Maintain confidentiality of the findings.

Full Access
Question # 19

Given the following code:

Which of the following are the BEST methods to prevent against this type of attack? (Choose two.)

A.

Web-application firewall

B.

Parameterized queries

C.

Output encoding

D.

Session tokens

E.

Input validation

F.

Base64 encoding

Full Access
Question # 20

Penetration-testing activities have concluded, and the initial findings have been reviewed with the client. Which of the following best describes the NEXT step in the engagement?

A.

Acceptance by the client and sign-off on the final report

B.

Scheduling of follow-up actions and retesting

C.

Attestation of findings and delivery of the report

D.

Review of the lessons learned during the engagement

Full Access
Question # 21

A company that developers embedded software for the automobile industry has hired a penetration-testing team to evaluate the security of its products prior to delivery. The penetration-testing team has stated its intent to subcontract to a reverse-engineering team capable of analyzing binaries to develop proof-of-concept exploits. The software company has requested additional background investigations on the reverse- engineering team prior to approval of the subcontract. Which of the following concerns would BEST support the software company’s request?

A.

The reverse-engineering team may have a history of selling exploits to third parties.

B.

The reverse-engineering team may use closed-source or other non-public information feeds for its analysis.

C.

The reverse-engineering team may not instill safety protocols sufficient for the automobile industry.

D.

The reverse-engineering team will be given access to source code for analysis.

Full Access