CompTIA PT0-002 Exam Practice Test Instant Access

Question 1

A penetration tester discovers a file, key.enc. on a shared drive and then executes the following command, which yields the following output:

Which of the following are the best recommendations for the penetration tester to suggest? (Select two).

AImplementing password management

BSwitching to using DSA keys

CUsing stronger encryption for private key files

DDeleting unencrypted files from the share

EDisabling the openssl command

FInitiating key rotation

Answer : B, D

Question 2

A penetration tester is doing an assessment for a company that requires an external command-and-control server. The command-and-control tool should be able to use multiple types of payloads (PowerShell. SMB. and binaries) and centralize the management of compromised systems. Which of the following tools should the tester use?

ABeEF

BCovenant

CCensys

DReaver

Answer : B

Question 3

A penetration tester has compromised a customer's internal network, gaining access to a file server that hosts email server backups. Which of the following is the best tool to assist with data exfiltration?

ASFTP

BNmap

CNetcat

DSCP

Answer : D

Question 4

During a penetration testing engagement, a penetration tester discovers a buffer overflow vulnerability. Which of the following actions should the tester take to maintain professionalism and integrity?

AApply for a bug bounty reward from the manufacturer.

BInform the appropriate authorities about the vulnerability before informing the client.

CReport the vulnerability to the client and provide recommendations for remediation.

DExploit the vulnerability to demonstrate its impact to the client.

Answer : C

Question 5

A penetration tester would like to know if any web servers or mail servers are running on the in-scope network segment. Which of the following is the best to use in this scenario?

AARP scans

BWebsite crawling

CDNS lookups

DNmap probes

Answer : D

Question 6

A client claims that a ransomware attack has crippled its corporate network following a penetration test assessment. Which of the following is the most likely root cause of this issue?

AClient reluctance to accept findings

BLack of attestation

CIncomplete data destruction process

DFailure to remove tester-created credentials

Answer : D

Question 7

Which of the following describes why scoping and organizational requirements are important when planning a penetration test?

ATo identify potential risks and threats during testing

BTo define the boundaries and objectives

CTo ensure that all vulnerabilities are identified and addressed

DTo validate the project timeline and resource allocations

Answer : B

Scoping defines the penetration test's boundaries and objectives, ensuring alignment with the client's needs and expectations. This is a key step in pre-engagement activities, as outlined in the CompTIA Pentest+ objectives.

CompTIA PT0-002 CompTIA PenTest+ Certification Exam Practice Test