Special Summer Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

PT0-002 Exam Dumps - CompTIA PenTest+ Questions and Answers

Question # 94

A company hired a penetration-testing team to review the cyber-physical systems in a manufacturing plant. The team immediately discovered the supervisory systems and PLCs are both connected to the company intranet. Which of the following assumptions, if made by the penetration-testing team, is MOST likely to be

valid?

Options:

A.

PLCs will not act upon commands injected over the network.

B.

Supervisors and controllers are on a separate virtual network by default.

C.

Controllers will not validate the origin of commands.

D.

Supervisory systems will detect a malicious injection of code/commands.

Buy Now
Question # 95

A penetration tester who is performing a physical assessment of a company’s security practices notices the company does not have any shredders inside the office building. Which of the following techniques would be BEST to use to gain confidential information?

Options:

A.

Badge cloning

B.

Dumpster diving

C.

Tailgating

D.

Shoulder surfing

Buy Now
Question # 96

A penetration tester who is performing an engagement notices a specific host is vulnerable to EternalBlue. Which of the following would BEST protect against this vulnerability?

Options:

A.

Network segmentation

B.

Key rotation

C.

Encrypted passwords

D.

Patch management

Buy Now
Question # 97

During a penetration-testing engagement, a consultant performs reconnaissance of a client to identify potential targets for a phishing campaign. Which of the following would allow the consultant to retrieve email addresses for technical and billing contacts quickly, without triggering any of the client’s cybersecurity tools? (Choose two.)

Options:

A.

Scraping social media sites

B.

Using the WHOIS lookup tool

C.

Crawling the client’s website

D.

Phishing company employees

E.

Utilizing DNS lookup tools

F.

Conducting wardriving near the client facility

Buy Now
Question # 98

A penetration tester wrote the following comment in the final report: "Eighty-five percent of the systems tested were found to be prone to unauthorized access from the internet." Which of the following audiences was this message intended?

Options:

A.

Systems administrators

B.

C-suite executives

C.

Data privacy ombudsman

D.

Regulatory officials

Buy Now
Question # 99

While performing the scanning phase of a penetration test, the penetration tester runs the following command:

........v -sV -p- 10.10.10.23-28

....ip scan is finished, the penetration tester notices all hosts seem to be down. Which of the following options should the penetration tester try next?

Options:

A.

-su

B.

-pn

C.

-sn

D.

-ss

Buy Now
Question # 100

A penetration tester was brute forcing an internal web server and ran a command that produced the following output:

However, when the penetration tester tried to browse the URL http://172.16.100.10:3000/profile , a blank page was displayed.

Which of the following is the MOST likely reason for the lack of output?

Options:

A.

The HTTP port is not open on the firewall.

B.

The tester did not run sudo before the command.

C.

The web server is using HTTPS instead of HTTP.

D.

This URI returned a server error.

Buy Now
Question # 101

An assessment has been completed, and all reports and evidence have been turned over to the client. Which of the following should be done NEXT to ensure the confidentiality of the client’s information?

Options:

A.

Follow the established data retention and destruction process

B.

Report any findings to regulatory oversight groups

C.

Publish the findings after the client reviews the report

D.

Encrypt and store any client information for future analysis

Buy Now
Question # 102

Which of the following describes the reason why a penetration tester would run the command sdelete mimikatz. * on a Windows server that the tester compromised?

Options:

A.

To remove hash-cracking registry entries

B.

To remove the tester-created Mimikatz account

C.

To remove tools from the server

D.

To remove a reverse shell from the system

Buy Now
Question # 103

Which of the following documents describes specific activities, deliverables, and schedules for a penetration tester?

Options:

A.

NDA

B.

MSA

C.

SOW

D.

MOU

Buy Now
Exam Code: PT0-002
Exam Name: CompTIA PenTest+ Certification Exam
Last Update: Mar 31, 2025
Questions: 464
PT0-002 pdf

PT0-002 PDF

$25.5  $84.99
PT0-002 Engine

PT0-002 Testing Engine

$28.5  $94.99
PT0-002 PDF + Engine

PT0-002 PDF + Testing Engine

$40.5  $134.99