1. Home
  2. CompTIA
  3. PenTest+
  4. PT0-002
  5. CompTIA PenTest+ Certification Exam Questions and Answers

Pass the CompTIA PenTest+ PT0-002 Questions and answers with CertsForce

 CompTIA Exams      Go to Exam Detail      Get Premium Access
Viewing page 12 out of 14 pages
Viewing questions 111-120 out of questions
Questions # 111:

A penetration tester received a .pcap file to look for credentials to use in an engagement.

Which of the following tools should the tester utilize to open and read the .pcap file?

Options:
A.

Nmap

B.

Wireshark

C.

Metasploit

D.

Netcat

Expert Solution
Questions # 112:

A penetration tester recently performed a social-engineering attack in which the tester found an employee of the target company at a local coffee shop and over time built a relationship with the employee. On the employee’s birthday, the tester gave the employee an external hard drive as a gift. Which of the following social-engineering attacks was the tester utilizing?

Options:
A.

Phishing

B.

Tailgating

C.

Baiting

D.

Shoulder surfing

Expert Solution
Questions # 113:

Which of the following documents describes specific activities, deliverables, and schedules for a penetration tester?

Options:
A.

NDA

B.

MSA

C.

SOW

D.

MOU

Expert Solution
Questions # 114:

A consultant just performed a SYN scan of all the open ports on a remote host and now needs to remotely identify the type of services that are running on the host. Which of the following is an active reconnaissance tool that would be BEST to use to accomplish this task?

Options:
A.

tcpdump

B.

Snort

C.

Nmap

D.

Netstat

E.

Fuzzer

Expert Solution
Questions # 115:

A penetration tester conducted an assessment on a web server. The logs from this session show the following:

http://www.thecompanydomain.com/servicestatus.php?serviceID=892 &serviceID=892 ‘ ; DROP TABLE SERVICES; --

Which of the following attacks is being attempted?

Options:
A.

Clickjacking

B.

Session hijacking

C.

Parameter pollution

D.

Cookie hijacking

E.

Cross-site scripting

Expert Solution
Questions # 116:

PCI DSS requires which of the following as part of the penetration-testing process?

Options:
A.

The penetration tester must have cybersecurity certifications.

B.

The network must be segmented.

C.

Only externally facing systems should be tested.

D.

The assessment must be performed during non-working hours.

Expert Solution
Questions # 117:

User credentials were captured from a database during an assessment and cracked using rainbow tables. Based on the ease of compromise, which of the following algorithms was MOST likely used to store the passwords in the database?

Options:
A.

MD5

B.

bcrypt

C.

SHA-1

D.

PBKDF2

Expert Solution
Questions # 118:

A company recruited a penetration tester to configure wireless IDS over the network. Which of the following tools would BEST test the effectiveness of the wireless IDS solutions?

Options:
A.

Aircrack-ng

B.

Wireshark

C.

Wifite

D.

Kismet

Expert Solution
Questions # 119:

Penetration-testing activities have concluded, and the initial findings have been reviewed with the client. Which of the following best describes the NEXT step in the engagement?

Options:
A.

Acceptance by the client and sign-off on the final report

B.

Scheduling of follow-up actions and retesting

C.

Attestation of findings and delivery of the report

D.

Review of the lessons learned during the engagement

Expert Solution
Questions # 120:

A penetration tester found the following valid URL while doing a manual assessment of a web application: http://www.example.com/product.php?id=123987.

Which of the following automated tools would be best to use NEXT to try to identify a vulnerability in this URL?

Options:
A.

SQLmap

B.

Nessus

C.

Nikto

D.

DirBuster

Expert Solution
Viewing page 12 out of 14 pages
Viewing questions 111-120 out of questions