Special Summer Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

PT0-002 Exam Dumps - CompTIA PenTest+ Questions and Answers

Question # 24

A penetration tester is performing a social engineering penetration test and was able to create a remote session. Which of the following social engineering techniques was most likely successful?

Options:

A.

SMS phishing

B.

Dumpster diving

C.

Executive impersonation attack

D.

Browser exploitation framework

Buy Now
Question # 25

A penetration tester developed the following script to be used during an engagement:

#!/usr/bin/python

import socket, sys

ports = [21, 22, 23, 25, 80, 139, 443, 445, 3306, 3389]

if len(sys.argv) > 1:

target = socket.gethostbyname (sys. argv [0])

else:

print ("Few arguments.")

print ("Syntax: python {} ". format (sys. argv [0]))

sys.exit ()

try:

for port in ports:

s = socket. socket (socket. AF_INET, socket. SOCK_STREAM)

s.settimeout (2)

result = s.connect_ex ((target, port) )

if result == 0:

print ("Port {} is opened". format (port) )

except KeyboardInterrupt:

print ("\nExiting ... ")

sys.exit ()

However, when the penetration tester ran the script, the tester received the following message:

socket.gaierror: [Errno -2] Name or service not known

Which of the following changes should the penetration tester implement to fix the script?

Options:

A.

From:

target = socket.gethostbyname (sys. argv [0])

To:

target = socket.gethostbyname (sys.argv[1])

B.

From:

s = socket. socket (socket. AF_INET, socket. SOCK_STREAM)

To:

s = socket.socket (socket.AF_INET, socket. SOCK_DGRAM)

C.

From:

import socket, sys

To:

import socket

import sys

D.

From:

result = s.connect_ex ((target, port) )

To:

result = s.connect ( (target, port) )

Buy Now
Question # 26

Which of the following documents should be consulted if a client has an issue accepting a penetration test report that was provided?

Options:

A.

Rules of engagement

B.

Signed authorization letter

C.

Statement of work

D.

Non-disclosure agreement

Buy Now
Question # 27

A penetration tester is trying to bypass an active response tool that blocks IP addresses that have more than 100 connections per minute. Which of the following commands would allow the tester to finish the test without being blocked?

Options:

A.

nmap -sU -p 1-1024 10.0.0.15

B.

nmap -p 22,25, 80, 3389 -T2 10.0.0.15 -Pn

C.

nmap -T5 -p 1-65535 -A 10.0.0.15

D.

nmap -T3 -F 10.0.0.15

Buy Now
Question # 28

During a REST API security assessment, a penetration tester was able to sniff JSON content containing user credentials. The JSON structure was as follows:

<

transaction_id: "1234S6", content: [ {

user_id: "mrcrowley", password: ["€54321#"] b <

user_id: "ozzy",

password: ["1112228"] ) ]

Assuming that the variable json contains the parsed JSON data, which of the following Python code snippets correctly returns the password for the user ozzy?

Options:

A.

json['content']['password'][1]

B.

json['user_id']['password'][0][1]

C.

json['content'][1]['password'][0]

D.

json['content'][0]['password'][1]

Buy Now
Question # 29

During a penetration test of a server application, a security consultant found that the application randomly crashed or remained stable after opening several simultaneous connections to the application and always submitting the same packets of data. Which of the following is the best sequence of steps the tester should use to understand and exploit the vulnerability?

Options:

A.

Attacha remoteprofiler to the server application. Establish a random number of connections to the server application. Send fixed packets of data simultaneously using those connections.

B.

Attacha remotedebugger to the server application. Establish a large number of connections to the server application. Send fixed packets of data simultaneously using those connections.

C.

Attacha local disassembler to the server application. Establish a single connection to the server application. Send fixed packets of data simultaneously using that connection.

D.

Attacha remotedisassembler to the server application. Establish a small number of connections to the server application. Send fixed packets of data simultaneously using those connections.

Buy Now
Question # 30

Options:

A.

Executive summary

B.

Testing scope

C.

Statement of work

D.

Technical report

Buy Now
Question # 31

A penetration tester was able to gain access to a plaintext file on a user workstation. Upon opening the file, the tester notices some strings of randomly generated text. The tester is able to use these strings to move laterally throughout the network by accessing the fileshare on a web application. Which of the following should the organization do to remediate the issue?

Options:

A.

Sanitize user input.

B.

Implement password management solution.

C.

Rotate keys.

D.

Utilize certificate management.

Buy Now
Question # 32

Which of the following assessment methods is the most likely to cause harm to an ICS environment?

Options:

A.

Active scanning

B.

Ping sweep

C.

Protocol reversing

D.

Packet analysis

Buy Now
Question # 33

A penetration tester approaches a company employee in the smoking area and starts a conversation about the company's recent social event. After a few minutes, the employee holds the badge-protected door open for the penetration tester and both enter the company's building. Which of the following attacks did the penetration tester perform?

Options:

A.

Dumpster diving

B.

Phishing

C.

Badge cloning

D.

Tailgating

Buy Now
Exam Code: PT0-002
Exam Name: CompTIA PenTest+ Certification Exam
Last Update: Mar 31, 2025
Questions: 464
PT0-002 pdf

PT0-002 PDF

$25.5  $84.99
PT0-002 Engine

PT0-002 Testing Engine

$28.5  $94.99
PT0-002 PDF + Engine

PT0-002 PDF + Testing Engine

$40.5  $134.99