Weekend Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = simple70

Home
CompTIA
PenTest+
PT0-002
CompTIA PenTest+ Certification Exam Questions and Answers

Pass the CompTIA PenTest+ PT0-002 Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.

Exam PT0-002 Premium Access

View all detail and faqs for the PT0-002 exam

Go to Exam

502 Students Passed

92% Average Score

93% Same Questions

Viewing page 1 out of 14 pages

Viewing questions 1-10 out of questions

Questions # 1:

A tester who is performing a penetration test on a website receives the following output:

Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /var/www/search.php on line 62

Which of the following commands can be used to further attack the website?

Options:

../../../../../../../../../../etc/passwd

/var/www/html/index.php;whoami

1 UNION SELECT 1, DATABASE(),3--

Answer

Questions # 2:

Which of the following are the MOST important items to include in the final report for a penetration test? (Choose two.)

Options:

The CVSS score of the finding

The network location of the vulnerable device

The vulnerability identifier

The client acceptance form

The name of the person who found the flaw

The tool used to find the issue

Answer

C, F

Questions # 3:

A penetration tester has gained access to a network device that has a previously unknown IP range on an interface. Further research determines this is an always-on VPN tunnel to a third-party supplier.

Which of the following is the BEST action for the penetration tester to take?

Options:

Utilize the tunnel as a means of pivoting to other internal devices.

Disregard the IP range, as it is out of scope.

Stop the assessment and inform the emergency contact.

Scan the IP range for additional systems to exploit.

Answer

Questions # 4:

A company’s Chief Executive Officer has created a secondary home office and is concerned that the WiFi service being used is vulnerable to an attack. A penetration tester is hired to test the security of the WiFi’s router.

Which of the following is MOST vulnerable to a brute-force attack?

Options:

WPS

WPA2-EAP

WPA-TKIP

WPA2-PSK

Answer

Explanation

[Reference: https://us-cert.cisa.gov/ncas/alerts/TA12-006A, , , ]

Questions # 5:

A security company has been contracted to perform a scoped insider-threat assessment to try to gain access to the human resources server that houses PII and salary data. The penetration testers have been given an internal network starting position.

Which of the following actions, if performed, would be ethical within the scope of the assessment?

Options:

Exploiting a configuration weakness in the SQL database

Intercepting outbound TLS traffic

Gaining access to hosts by injecting malware into the enterprise-wide update server

Leveraging a vulnerability on the internal CA to issue fraudulent client certificates

Establishing and maintaining persistence on the domain controller

Answer

Questions # 6:

Which of the following describe the GREATEST concerns about using third-party open-source libraries in application code? (Choose two.)

Options:

The libraries may be vulnerable

The licensing of software is ambiguous

The libraries’ code bases could be read by anyone

The provenance of code is unknown

The libraries may be unsupported

The libraries may break the application

Answer

A, D

Explanation

A. The libraries may be vulnerable to security bugs or exploits that can compromise the application or the data. According to the web search results, open-source libraries often have vulnerabilities that can be exploited by attackers, such as Heartbleed, Shellshock, DROWN, or npm left-pad1234. These vulnerabilities can allow attackers to extract sensitive data, execute arbitrary commands, decrypt encrypted traffic, or break the functionality of the application. Therefore, using third-party open-source libraries in application code poses a significant security risk.

D. The provenance of code is unknown, meaning that the origin and history of the code are not verified or documented. According to the web search results, open-source libraries and client projects are developed and continuously evolving in an asynchronous way, which makes it difficult to track the changes and updates of the code2. Moreover, open-source libraries may have dependencies on other libraries, which can introduce additional risks or vulnerabilities1. Therefore, using third-party open-source libraries in application code poses a significant quality risk.

Questions # 7:

A penetration tester has been hired to configure and conduct authenticated scans of all the servers on a software company’s network. Which of the following accounts should the tester use to return the MOST results?

Options:

Root user

Local administrator

Service

Network administrator

Answer

Questions # 8:

A client wants a security assessment company to perform a penetration test against its hot site. The purpose of the test is to determine the effectiveness of the defenses that protect against disruptions to business continuity. Which of the following is the MOST important action to take before starting this type of assessment?

Options:

Ensure the client has signed the SOW.

Verify the client has granted network access to the hot site.

Determine if the failover environment relies on resources not owned by the client.

Establish communication and escalation procedures with the client.

Answer

Explanation

The statement of work (SOW) is a document that defines the scope, objectives, deliverables, and timeline of a penetration testing engagement. It is important to have the client sign the SOW before starting the assessment to avoid any legal or contractual issues.

Questions # 9:

A penetration tester runs the unshadow command on a machine. Which of the following tools will the tester most likely use NEXT?

Options:

John the Ripper

Hydra

Mimikatz

Cain and Abel

Answer

Explanation

[Reference: https://www.cyberciti.biz/faq/unix-linux-password-cracking-john-the-ripper/, ]

Questions # 10:

A penetration-testing team is conducting a physical penetration test to gain entry to a building. Which of the following is the reason why the penetration testers should carry copies of the engagement documents with them?

Options:

As backup in case the original documents are lost

To guide them through the building entrances

To validate the billing information with the client

As proof in case they are discovered

Answer

Explanation

The penetration testers should carry copies of the engagement documents with them as proof in case they are discovered by security guards, employees, or law enforcement officials. The engagement documents should include the scope, objectives, authorization, and contact information of the penetration testing team and the client. This will help avoid any legal or ethical issues that may arise from trespassing, breaking and entering, or unauthorized access. The other options are not valid reasons for carrying the engagement documents with them.

[Reference: https://hub.packtpub.com/penetration-testing-rules-of-engagement/, ]

Viewing page 1 out of 14 pages

Viewing questions 1-10 out of questions