Free CompTIA PenTest+ Certification Exam PT0-002 Exam Practice Test

A Chief Information Security Officer wants a penetration tester to evaluate whether a recently installed firewall is protecting a subnetwork on which many decades- old legacy systems are connected. The penetration tester decides to run an OS discovery and a full port scan to identify all the systems and any potential vulnerability. Which of the following should the penetration tester consider BEFORE running a scan?

• The timing of the scan
• The bandwidth limitations
• The inventory of assets and versions
• The type of scan

Which of the following provides a matrix of common tactics and techniques used by attackers along with recommended mitigations?

• NIST SP 800-53
• OWASP Top 10
• MITRE ATT&CK framework
• PTES technical guidelines

A penetration tester analyzed a web-application log file and discovered an input that was sent to the company's web application. The input contains a string that says 'WAITFOR.' Which of the following attacks is being attempted?

• SQL injection
• HTML injection
• Remote command injection
• DLL injection

A penetration tester successfully performed an exploit on a host and was able to hop from VLAN 100 to VLAN 200. VLAN 200 contains servers that perform financial transactions, and the penetration tester now wants the local interface of the attacker machine to have a static ARP entry in the local cache. The attacker machine has the following:IP Address: 192.168.1.63Physical Address: 60-36-dd-a6-c5-33Which of the following commands would the penetration tester MOST likely use in order to establish a static ARP entry successfully?

• tcpdump -i eth01 arp and arp[6:2] == 2
• arp -s 192.168.1.63 60-36-DD-A6-C5-33
• ipconfig /all findstr /v 00-00-00 | findstr Physical
• route add 192.168.1.63 mask 255.255.255.255.0 192.168.1.1

Which of the following protocols or technologies would provide in-transit confidentiality protection for emailing the final security assessment report?

• S/MIME
• FTPS
• DNSSEC
• AS2

During a web application test, a penetration tester was able to navigate to https://company.com and view all links on the web page. After manually reviewing the pages, the tester used a web scanner to automate the search for vulnerabilities. When returning to the web application, the following message appeared in the browser: unauthorized to view this page. Which of the following BEST explains what occurred?

• The SSL certificates were invalid.
• The tester IP was blocked.
• The scanner crashed the system.
• The web page was not found.

A penetration tester, who is doing an assessment, discovers an administrator has been exfiltrating proprietary company information. The administrator offers to pay the tester to keep quiet. Which of the following is the BEST action for the tester to take?

• Check the scoping document to determine if exfiltration is within scope.
• Stop the penetration test.
• Escalate the issue.
• Include the discovery and interaction in the daily report.

Which of the following types of communication should a penetration tester provide a client to document test results for PCI DSS compliance?

• Executive summary
• Testing methodology overview
• Attestation of findings
• Remediation plan

A penetration tester who is doing a company-requested assessment would like to send traffic to another system using double tagging. Which of the following techniques would BEST accomplish this goal?

• RFID cloning
• RFID tagging
• Meta tagging
• Tag nesting

A penetration tester discovers passwords in a publicly available data breach during the reconnaissance phase of the penetration test. Which of the following is the best action for the tester to take?

• Add the passwords to an appendix in the penetration test report.
• Do nothing. Using passwords from breached data is unethical.
• Contact the client and inform them of the breach.
• Use the passwords in a credential stuffing attack when the external penetration test begins.