Special Summer Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

PT0-002 Exam Dumps - CompTIA PenTest+ Questions and Answers

Question # 54

Which of the following tools would be BEST suited to perform a manual web application security assessment? (Choose two.)

Options:

A.

OWASP ZAP

B.

Nmap

C.

Nessus

D.

BeEF

E.

Hydra

F.

Burp Suite

Buy Now
Question # 55

A penetration tester was hired to perform a physical security assessment of an organization's office. After monitoring the environment for a few hours, the penetration tester notices that some employees go to lunch in a restaurant nearby and leave their belongings unattended on the table while getting food. Which of the following techniques would MOST likely be used to get legitimate access into the organization's building without raising too many alerts?

Options:

A.

Tailgating

B.

Dumpster diving

C.

Shoulder surfing

D.

Badge cloning

Buy Now
Question # 56

A penetration tester attempted a DNS poisoning attack. After the attempt, no traffic was seen from the target machine. Which of the following MOST likely caused the attack to fail?

Options:

A.

The injection was too slow.

B.

The DNS information was incorrect.

C.

The DNS cache was not refreshed.

D.

The client did not receive a trusted response.

Buy Now
Question # 57

A penetration tester, who is doing an assessment, discovers an administrator has been exfiltrating proprietary company information. The administrator offers to pay the tester to keep quiet. Which of the following is the BEST action for the tester to take?

Options:

A.

Check the scoping document to determine if exfiltration is within scope.

B.

Stop the penetration test.

C.

Escalate the issue.

D.

Include the discovery and interaction in the daily report.

Buy Now
Question # 58

A Chief Information Security Officer wants to evaluate the security of the company's e-commerce application. Which of the following tools should a penetration tester use FIRST to obtain relevant information from the application without triggering alarms?

Options:

A.

SQLmap

B.

DirBuster

C.

w3af

D.

OWASP ZAP

Buy Now
Question # 59

A penetration tester is contracted to attack an oil rig network to look for vulnerabilities. While conducting the assessment, the support organization of the rig reported issues connecting to corporate applications and upstream services for data acquisitions. Which of the following is the MOST likely culprit?

Options:

A.

Patch installations

B.

Successful exploits

C.

Application failures

D.

Bandwidth limitations

Buy Now
Question # 60

A penetration tester captured the following traffic during a web-application test:

Which of the following methods should the tester use to visualize the authorization information being transmitted?

Options:

A.

Decode the authorization header using UTF-8.

B.

Decrypt the authorization header using bcrypt.

C.

Decode the authorization header using Base64.

D.

Decrypt the authorization header using AES.

Buy Now
Question # 61

A security analyst needs to perform a scan for SMB port 445 over a/16 network. Which of the following commands would be the BEST option when stealth is not a concern and the task is time sensitive?

Options:

A.

Nmap -s 445 -Pn -T5 172.21.0.0/16

B.

Nmap -p 445 -n -T4 -open 172.21.0.0/16

C.

Nmap -sV --script=smb* 172.21.0.0/16

D.

Nmap -p 445 -max -sT 172. 21.0.0/16

Buy Now
Question # 62

An organization wants to identify whether a less secure protocol is being utilized on a wireless network. Which of the following types of attacks will achieve this goal?

Options:

A.

Protocol negotiation

B.

Packet sniffing

C.

Four-way handshake

D.

Downgrade attack

Buy Now
Question # 63

A penetration tester is cleaning up and covering tracks at the conclusion of a penetration test. Which of the following should the tester be sure to remove from the system? (Choose two.)

Options:

A.

Spawned shells

B.

Created user accounts

C.

Server logs

D.

Administrator accounts

E.

Reboot system

F.

ARP cache

Buy Now
Exam Code: PT0-002
Exam Name: CompTIA PenTest+ Certification Exam
Last Update: Mar 31, 2025
Questions: 464
PT0-002 pdf

PT0-002 PDF

$25.5  $84.99
PT0-002 Engine

PT0-002 Testing Engine

$28.5  $94.99
PT0-002 PDF + Engine

PT0-002 PDF + Testing Engine

$40.5  $134.99