Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

CompTIA PT0-002 - CompTIA PenTest+ Certification Exam

CompTIA PT0-002 Premium Access     Download Demo    
Page: 10 / 14
Total 464 questions

A penetration tester captured the following traffic during a web-application test:

Which of the following methods should the tester use to visualize the authorization information being transmitted?

A.

Decode the authorization header using UTF-8.

B.

Decrypt the authorization header using bcrypt.

C.

Decode the authorization header using Base64.

D.

Decrypt the authorization header using AES.

A penetration tester is trying to restrict searches on Google to a specific domain. Which of the following commands should the penetration tester consider?

A.

inurl:

B.

link:

C.

site:

D.

intitle:

Which of the following documents is agreed upon by all parties associated with the penetration-testing engagement and defines the scope, contacts, costs, duration, and deliverables?

A.

SOW

B.

SLA

C.

MSA

D.

NDA

A CentOS computer was exploited during a penetration test. During initial reconnaissance, the penetration tester discovered that port 25 was open on an internal

Sendmail server. To remain stealthy, the tester ran the following command from the attack machine:

Which of the following would be the BEST command to use for further progress into the targeted network?

A.

nc 10.10.1.2

B.

ssh 10.10.1.2

C.

nc 127.0.0.1 5555

D.

ssh 127.0.0.1 5555

Appending string values onto another string is called:

A.

compilation

B.

connection

C.

concatenation

D.

conjunction

A penetration tester performs the following command:

curl –I –http2 https://www.comptia.org

Which of the following snippets of output will the tester MOST likely receive?

A.

Option A

B.

Option B

C.

Option C

D.

Option D

A penetration tester logs in as a user in the cloud environment of a company. Which of the following Pacu modules will enable the tester to determine the level of access of the existing user?

A.

iam_enum_permissions

B.

iam_privesc_scan

C.

iam_backdoor_assume_role

D.

iam_bruteforce_permissions

Which of the following are the MOST important items to include in the final report for a penetration test? (Choose two.)

A.

The CVSS score of the finding

B.

The network location of the vulnerable device

C.

The vulnerability identifier

D.

The client acceptance form

E.

The name of the person who found the flaw

F.

The tool used to find the issue

A company hired a penetration tester to do a social-engineering test against its employees. Although the tester did not find any employees’ phone numbers on the company’s website, the tester has learned the complete phone catalog was published there a few months ago.

In which of the following places should the penetration tester look FIRST for the employees’ numbers?

A.

Web archive

B.

GitHub

C.

File metadata

D.

Underground forums

A penetration tester wrote the following script to be used in one engagement:

Which of the following actions will this script perform?

A.

Look for open ports.

B.

Listen for a reverse shell.

C.

Attempt to flood open ports.

D.

Create an encrypted tunnel.