Weekend Special Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 1b2718643m

PT0-002 Exam Dumps - CompTIA PenTest+ Certification Exam

Question # 4

The following line-numbered Python code snippet is being used in reconnaissance:

Which of the following line numbers from the script MOST likely contributed to the script triggering a “probable port scan” alert in the organization’s IDS?

A.

Line 01

B.

Line 02

C.

Line 07

D.

Line 08

Full Access
Question # 5

A consulting company is completing the ROE during scoping.

Which of the following should be included in the ROE?

A.

Cost ofthe assessment

B.

Report distribution

C.

Testing restrictions

D.

Liability

Full Access
Question # 6

During a penetration-testing engagement, a consultant performs reconnaissance of a client to identify potential targets for a phishing campaign. Which of the following would allow the consultant to retrieve email addresses for technical and billing contacts quickly, without triggering any of the client’s cybersecurity tools? (Choose two.)

A.

Scraping social media sites

B.

Using the WHOIS lookup tool

C.

Crawling the client’s website

D.

Phishing company employees

E.

Utilizing DNS lookup tools

F.

Conducting wardriving near the client facility

Full Access
Question # 7

A penetration tester has been contracted to review wireless security. The tester has deployed a malicious wireless AP that mimics the configuration of the target enterprise WiFi. The penetration tester now wants to try to force nearby wireless stations to connect to the malicious AP. Which of the following steps should the tester take NEXT?

A.

Send deauthentication frames to the stations.

B.

Perform jamming on all 2.4GHz and 5GHz channels.

C.

Set the malicious AP to broadcast within dynamic frequency selection channels.

D.

Modify the malicious AP configuration to not use a pre-shared key.

Full Access
Question # 8

An assessment has been completed, and all reports and evidence have been turned over to the client. Which of the following should be done NEXT to ensure the confidentiality of the client’s information?

A.

Follow the established data retention and destruction process

B.

Report any findings to regulatory oversight groups

C.

Publish the findings after the client reviews the report

D.

Encrypt and store any client information for future analysis

Full Access
Question # 9

A penetration tester finds a PHP script used by a web application in an unprotected internal source code repository. After reviewing the code, the tester identifies the following:

Which of the following tools will help the tester prepare an attack for this scenario?

A.

Hydra and crunch

B.

Netcat and cURL

C.

Burp Suite and DIRB

D.

Nmap and OWASP ZAP

Full Access
Question # 10

A penetration tester is looking for a vulnerability that enables attackers to open doors via a specialized TCP service that is used for a physical access control system. The service exists on more than 100 different hosts, so the tester would like to automate the assessment. Identification requires the penetration tester to:

  • Have a full TCP connection
  • Send a “hello” payload
  • Walt for a response
  • Send a string of characters longer than 16 bytes

Which of the following approaches would BEST support the objective?

A.

Run nmap –Pn –sV –script vuln .

B.

Employ an OpenVAS simple scan against the TCP port of the host.

C.

Create a script in the Lua language and use it with NSE.

D.

Perform a credentialed scan with Nessus.

Full Access
Question # 11

A penetration tester gains access to a system and establishes persistence, and then runs the following commands:

cat /dev/null > temp

touch –r .bash_history temp

mv temp .bash_history

Which of the following actions is the tester MOST likely performing?

A.

Redirecting Bash history to /dev/null

B.

Making a copy of the user's Bash history for further enumeration

C.

Covering tracks by clearing the Bash history

D.

Making decoy files on the system to confuse incident responders

Full Access
Question # 12

A penetration tester who is doing a security assessment discovers that a critical vulnerability is being actively exploited by cybercriminals. Which of the following should the tester do NEXT?

A.

Reach out to the primary point of contact

B.

Try to take down the attackers

C.

Call law enforcement officials immediately

D.

Collect the proper evidence and add to the final report

Full Access
Question # 13

Penetration-testing activities have concluded, and the initial findings have been reviewed with the client. Which of the following best describes the NEXT step in the engagement?

A.

Acceptance by the client and sign-off on the final report

B.

Scheduling of follow-up actions and retesting

C.

Attestation of findings and delivery of the report

D.

Review of the lessons learned during the engagement

Full Access
Question # 14

A company hired a penetration-testing team to review the cyber-physical systems in a manufacturing plant. The team immediately discovered the supervisory systems and PLCs are both connected to the company intranet. Which of the following assumptions, if made by the penetration-testing team, is MOST likely to be

valid?

A.

PLCs will not act upon commands injected over the network.

B.

Supervisors and controllers are on a separate virtual network by default.

C.

Controllers will not validate the origin of commands.

D.

Supervisory systems will detect a malicious injection of code/commands.

Full Access
Question # 15

In an unprotected network file repository, a penetration tester discovers a text file containing usernames and passwords in cleartext and a spreadsheet containing data for 50 employees, including full names, roles, and serial numbers. The tester realizes some of the passwords in the text file follow the format: . Which of the following would be the best action for the tester to take NEXT with this information?

A.

Create a custom password dictionary as preparation for password spray testing.

B.

Recommend using a password manage/vault instead of text files to store passwords securely.

C.

Recommend configuring password complexity rules in all the systems and applications.

D.

Document the unprotected file repository as a finding in the penetration-testing report.

Full Access
Question # 16

A red team gained access to the internal network of a client during an engagement and used the Responder tool to capture important data. Which of the following was captured by the testing team?

A.

Multiple handshakes

B.

IP addresses

C.

Encrypted file transfers

D.

User hashes sent over SMB

Full Access
Question # 17

Which of the following BEST describes why a client would hold a lessons-learned meeting with the penetration-testing team?

A.

To provide feedback on the report structure and recommend improvements

B.

To discuss the findings and dispute any false positives

C.

To determine any processes that failed to meet expectations during the assessment

D.

To ensure the penetration-testing team destroys all company data that was gathered during the test

Full Access
Question # 18

A penetration tester has obtained root access to a Linux-based file server and would like to maintain persistence after reboot. Which of the following techniques would BEST support this objective?

A.

Create a one-shot systemd service to establish a reverse shell.

B.

Obtain /etc/shadow and brute force the root password.

C.

Run the nc -e /bin/sh <...> command.

D.

Move laterally to create a user account on LDAP

Full Access
Question # 19

A penetration tester has been hired to configure and conduct authenticated scans of all the servers on a software company’s network. Which of the following accounts should the tester use to return the MOST results?

A.

Root user

B.

Local administrator

C.

Service

D.

Network administrator

Full Access
Question # 20

Which of the following provides a matrix of common tactics and techniques used by attackers along with recommended mitigations?

A.

NIST SP 800-53

B.

OWASP Top 10

C.

MITRE ATT&CK framework

D.

PTES technical guidelines

Full Access
Question # 21

A company hired a penetration tester to do a social-engineering test against its employees. Although the tester did not find any employees’ phone numbers on the company’s website, the tester has learned the complete phone catalog was published there a few months ago.

In which of the following places should the penetration tester look FIRST for the employees’ numbers?

A.

Web archive

B.

GitHub

C.

File metadata

D.

Underground forums

Full Access