Leads4pass > CompTIA > CompTIA PenTest+ > PT0-002 > PT0-002 Online Practice Questions and Answers

PT0-002 Online Practice Questions and Answers

Questions 4

Which of the following is most important to include in the final report of a static application- security test that was written with a team of application developers as the intended audience?

A. Executive summary of the penetration-testing methods used

B. Bill of materials including supplies, subcontracts, and costs incurred during assessment

C. Quantitative impact assessments given a successful software compromise

D. Code context for instances of unsafe typecasting operations

Buy Now
Questions 5

A penetration tester recently performed a social-engineering attack in which the tester found an employee of the target company at a local coffee shop and over time built a relationship with the employee. On the employee's birthday, the tester gave the employee an external hard drive as a gift. Which of the following social-engineering attacks was the tester utilizing?

A. Phishing

B. Tailgating

C. Baiting

D. Shoulder surfing

Buy Now
Questions 6

The delivery of a penetration test within an organization requires defining specific parameters regarding the nature and types of exercises that can be conducted and when they can be conducted. Which of the following BEST identifies this concept?

A. Statement of work

B. Program scope

C. Non-disclosure agreement

D. Rules of engagement

Buy Now
Questions 7

A penetration tester writes the following script:

Which of the following is the tester performing?

A. Searching for service vulnerabilities

B. Trying to recover a lost bind shell

C. Building a reverse shell listening on specified ports

D. Scanning a network for specific open ports

Buy Now
Questions 8

A penetration tester issues the following command after obtaining a shell:

Which of the following describes this technique?

A. Establishing a backdoor

B. Privilege escalation

C. PowerShell remoting

D. Living-off-the-land

Buy Now
Questions 9

A penetration tester identified numerous flaws that could lead to unauthorized modification of critical data. Which of the following would be best for the penetration tester to recommend?

A. Flat access

B. Role-based access control

C. Permission-based access control

D. Group-based control model

Buy Now
Questions 10

In the process of active service enumeration, a penetration tester identifies an SMTP daemon running on one of the target company's servers. Which of the following actions would BEST enable the tester to perform phishing in a later stage of the assessment?

A. Test for RFC-defined protocol conformance.

B. Attempt to brute force authentication to the service.

C. Perform a reverse DNS query and match to the service banner.

D. Check for an open relay configuration.

Buy Now
Questions 11

In Python socket programming, SOCK_DGRAM type is:

A. reliable.

B. matrixed.

C. connectionless.

D. slower.

Buy Now
Questions 12

During a client engagement, a penetration tester runs the following Nmap command and obtains the following output:

nmap -sV -- script ssl-enum-ciphers -p 443 remotehost

| TLS_ECDHE_ECDSA_WITH_RC4_128_SHA

| TLS_ECDHE_RSA_WITH_RC4_128_SHA

TLS_RSA_WITH_RC4_128_SHA (rsa 2048)

TLS_RSA_WITH_RC4_128_MD5 (rsa 2048)

Which of the following should the penetration tester include in the report?

A. Old, insecure ciphers are in use.

B. The 3DES algorithm should be deprecated.

C. 2,048-bit symmetric keys are incompatible with MD5.

D. This server should be upgraded to TLS 1.2.

Buy Now
Questions 13

A penetration tester is looking for a particular type of service and obtains the output below:

I Target is synchronized with 127.127.38.0 (reference clock) I Alternative Target Interfaces:

I 10.17.4.20

I Private Servers (0)

I Public Servers (0)

I Private Peers (0)

I Public Peers (0)

I Private Clients (2)

I 10.20.8.69 169.254.138.63

I Public Clients (597)

I 4.79.17.248 68.70.72.194 74.247.37.194 99.190.119.152

I 12.10.160.20 68.80.36.133 75.1.39.42 108.7.58.118

I 68.56.205.98

I 2001:1400:0:0:0:0:0:1 2001:16d8:ddOO:38:0:0:0:2

I 2002:db5a:bccd:l:21d:e0ff:feb7:b96f 2002:b6ef:81c4:0:0:1145:59c5:3682

I Other Associations (1)

|_ 127.0.0.1 seen 1949869 times, last tx was unicast v2 mode 7

Which of the following commands was executed by the tester?

A. nmap-sU-pU:517-Pn-n--script=supermicro-ipmi-config

B. nmap-sU-pU:123-Pn-n--script=ntp-monlist

C. nmap-sU-pU:161-Pn-n--script

D. nmap-sU-pU:37 -Pn -n --script=icap-info

Buy Now
Exam Code: PT0-002
Exam Name: CompTIA PenTest+ Certification Exam
Last Update: Oct 22, 2024
Questions: 403
10%OFF Coupon Code: SAVE10

PDF (Q&A)

$49.99

VCE

$55.99

PDF + VCE

$65.99