Special Summer Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

PT0-002 Exam Dumps - CompTIA PenTest+ Questions and Answers

Question # 84

A company provided the following network scope for a penetration test:

169.137.1.0/24

221.10.1.0/24

149.14.1.0/24

A penetration tester discovered a remote command injection on IP address 149.14.1.24 and exploited the system. Later, the tester learned that this particular IP address belongs to a third party. Which of the following stakeholders is responsible for this mistake?

Options:

A.

The company that requested the penetration test

B.

The penetration testing company

C.

The target host's owner

D.

The penetration tester

E.

The subcontractor supporting the test

Buy Now
Question # 85

A penetration tester is conducting an assessment against a group of publicly available web servers and notices a number of TCP resets returning from one of the web servers. Which of the following is MOST likely causing the TCP resets to occur during the assessment?

Options:

A.

The web server is using a WAF.

B.

The web server is behind a load balancer.

C.

The web server is redirecting the requests.

D.

The local antivirus on the web server Is rejecting the connection.

Buy Now
Question # 86

A penetration tester learned that when users request password resets, help desk analysts change users' passwords to 123change. The penetration tester decides to brute force an internet-facing webmail to check which users are still using the temporary password. The tester configures the brute-force tool to test usernames found on a text file and the... Which of the following techniques is the penetration tester using?

Options:

A.

Password brute force attack

B.

SQL injection

C.

Password spraying

D.

Kerberoasting

Buy Now
Question # 87

A penetration tester is testing a new version of a mobile application in a sandbox environment. To intercept and decrypt the traffic between the application and the external API, the tester has created a private root CA and issued a certificate from it. Even though the tester installed the root CA into the trusted stone of the smartphone used for the tests, the application shows an error indicating a certificate mismatch and does not connect to the server. Which of the following is the MOST likely reason for the error?

Options:

A.

TCP port 443 is not open on the firewall

B.

The API server is using SSL instead of TLS

C.

The tester is using an outdated version of the application

D.

The application has the API certificate pinned.

Buy Now
Question # 88

A penetration tester downloaded the following Perl script that can be used to identify vulnerabilities in network switches. However, the script is not working properly.

Which of the following changes should the tester apply to make the script work as intended?

Options:

A.

Change line 2 to $ip= ג€10.192.168.254ג€;

B.

Remove lines 3, 5, and 6.

C.

Remove line 6.

D.

Move all the lines below line 7 to the top of the script.

Buy Now
Question # 89

A company recently moved its software development architecture from VMs to containers. The company has asked a penetration tester to determine if the new containers are configured correctly against a DDoS attack. Which of the following should a tester perform first?

Options:

A.

Test the strength of the encryption settings.

B.

Determine if security tokens are easily available.

C.

Perform a vulnerability check against the hypervisor.

D.

.Scan the containers for open ports.

Buy Now
Question # 90

A penetration tester has completed an analysis of the various software products produced by the company under assessment. The tester found that over the past several years the company has been including vulnerable third-party modules in multiple products, even though the quality of the organic code being developed is very good. Which of the following recommendations should the penetration tester include in the report?

Options:

A.

Add a dependency checker into the tool chain.

B.

Perform routine static and dynamic analysis of committed code.

C.

Validate API security settings before deployment.

D.

Perform fuzz testing of compiled binaries.

Buy Now
Question # 91

During a penetration test, a tester is in close proximity to a corporate mobile device belonging to a network administrator that is broadcasting Bluetooth frames.

Which of the following is an example of a Bluesnarfing attack that the penetration tester can perform?

Options:

A.

Sniff and then crack the WPS PIN on an associated WiFi device.

B.

Dump the user address book on the device.

C.

Break a connection between two Bluetooth devices.

D.

Transmit text messages to the device.

Buy Now
Question # 92

A penetration tester runs the following command:

l.comptia.local axfr comptia.local

which of the following types of information would be provided?

Options:

A.

The DNSSEC certificate and CA

B.

The DHCP scopes and ranges used on the network

C.

The hostnames and IP addresses of internal systems

D.

The OS and version of the DNS server

Buy Now
Question # 93

SIMULATION

Using the output, identify potential attack vectors that should be further investigated.

Options:

Buy Now
Exam Code: PT0-002
Exam Name: CompTIA PenTest+ Certification Exam
Last Update: Mar 31, 2025
Questions: 464
PT0-002 pdf

PT0-002 PDF

$25.5  $84.99
PT0-002 Engine

PT0-002 Testing Engine

$28.5  $94.99
PT0-002 PDF + Engine

PT0-002 PDF + Testing Engine

$40.5  $134.99