CompTIA PT0-002 CompTIA PenTest+ Certification Exam Online Training
CompTIA PT0-002 Online Training
The questions for PT0-002 were last updated at Nov 26,2024.
- Exam Code: PT0-002
- Exam Name: CompTIA PenTest+ Certification Exam
- Certification Provider: CompTIA
- Latest update: Nov 26,2024
autonumWhich of the following tools should a penetration tester use to crawl a website and build a wordlist using the data recovered to crack the password on the website?
- A . DirBuster
- B . CeWL
- C . w3af
- D . Patator
autonumA penetration tester downloaded the following Perl script that can be used to identify vulnerabilities in network switches. However, the script is not working properly.
Which of the following changes should the tester apply to make the script work as intended?
- A . Change line 2 to $ip= 10.192.168.254;
- B . Remove lines 3, 5, and 6.
- C . Remove line 6.
- D . Move all the lines below line 7 to the top of the script.
autonumAn Nmap network scan has found five open ports with identified services.
Which of the following tools should a penetration tester use NEXT to determine if any vulnerabilities with associated exploits exist on the open ports?
- A . OpenVAS
- B . Drozer
- C . Burp Suite
- D . OWASP ZAP
autonumDuring a penetration test, the domain names, IP ranges, hosts, and applications are defined in the:
- A . SOW.
- B . SLA.
- C . ROE.
- D . NDA
autonumA penetration tester who is conducting a vulnerability assessment discovers that ICMP is disabled on a network segment.
Which of the following could be used for a denial-of-service attack on the network segment?
- A . Smurf
- B . Ping flood
- C . Fraggle
- D . Ping of death
autonumA company that developers embedded software for the automobile industry has hired a penetration-testing team to evaluate the security of its products prior to delivery. The penetration-testing team has stated its intent to subcontract to a reverse-engineering team capable of analyzing binaries to develop proof-of-concept exploits. The software company has requested additional background investigations on the reverse- engineering team prior to approval of the subcontract.
Which of the following concerns would BEST support the software company’s request?
- A . The reverse-engineering team may have a history of selling exploits to third parties.
- B . The reverse-engineering team may use closed-source or other non-public information feeds for its analysis.
- C . The reverse-engineering team may not instill safety protocols sufficient for the automobile industry.
- D . The reverse-engineering team will be given access to source code for analysis.
autonumA penetration tester is conducting an engagement against an internet-facing web application and planning a phishing campaign.
Which of the following is the BEST passive method of obtaining the technical contacts for the website?
- A . WHOIS domain lookup
- B . Job listing and recruitment ads
- C . SSL certificate information
- D . Public data breach dumps
autonumA penetration tester is working on a scoping document with a new client.
The methodology the client uses includes the following:
✑ Pre-engagement interaction (scoping and ROE)
✑ Intelligence gathering (reconnaissance)
✑ Threat modeling
✑ Vulnerability analysis
✑ Exploitation and post exploitation
✑ Reporting
Which of the following methodologies does the client use?
- A . OWASP Web Security Testing Guide
- B . PTES technical guidelines
- C . NIST SP 800-115
- D . OSSTMM
autonumA red-team tester has been contracted to emulate the threat posed by a malicious insider on a company’s network, with the constrained objective of gaining access to sensitive personnel files. During the assessment, the red-team tester identifies an artifact indicating possible prior compromise within the target environment.
Which of the following actions should the tester take?
- A . Perform forensic analysis to isolate the means of compromise and determine attribution.
- B . Incorporate the newly identified method of compromise into the red team’s approach.
- C . Create a detailed document of findings before continuing with the assessment.
- D . Halt the assessment and follow the reporting procedures as outlined in the contract.
autonumWhich of the following should a penetration tester do NEXT after identifying that an application being tested has already been compromised with malware?
- A . Analyze the malware to see what it does.
- B . Collect the proper evidence and then remove the malware.
- C . Do a root-cause analysis to find out how the malware got in.
- D . Remove the malware immediately.
- E . Stop the assessment and inform the emergency contact.
Latest PT0-002 Dumps Valid Version with 110 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
