Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

CompTIA PT0-002 - CompTIA PenTest+ Certification Exam

Page: 2 / 14
Total 464 questions

A penetration tester runs the following command:

nmap -p- -A 10.0.1.10

Given the execution of this command, which of the following quantities of ports will Nmap scan?

A.

1,000

B.

1,024

C.

10,000

D.

65,535

Which of the following describes how a penetration tester could prioritize findings in a report?

A.

Business mission and goals

B.

Cyberassets

C.

Network infrastructure

D.

Cyberthreats

A penetration tester would like to crack a hash using a list of hashes and a predefined set of rules. The tester runs the following command: hashcat.exe -a 0 .\hash.txt .\rockyou.txt -r .\rules\replace.rule

Which of the following is the penetration tester using to crack the hash?

A.

Hybrid attack

B.

Dictionary

C.

Rainbow table

D.

Brute-force method

A.

Burp Suite

B.

Wireshark

C.

Metasploit

D.

Nmap

For an engagement, a penetration tester is required to use only local operating system tools for file transfer. Which of the following options should the penetration tester consider?

A.

Netcat

B.

WinSCP

C.

Filezilla

D.

Netstat

A penetration tester is working to enumerate the PLC devices on the 10.88.88.76/24 network. Which of the following commands should the tester use to achieve the objective in a way that minimizes the risk of affecting the PLCs?

A.

nmap —script=s7-info -p 102 10.88.88.76/24 -T3

B.

nmap —script=wsdd-discover -p 3702 -sUlO.88.88.76/24

C.

nmap --script=iax2-version -p 4569 -sU -V 10.88.88.76/24 -T2

D.

nmap --script=xll-access -p 6000-6009 10.88.88.76/24

A penetration tester is performing an assessment for an organization and must gather valid user credentials. Which of the following attacks would be best for the tester to use to achieve this objective?

A.

Wardriving

B.

Captive portal

C.

Deauthentication

D.

Impersonation

A potential reason for communicating with the client point of contact during a penetration test is to provide resolution if a testing component crashes a system or service and leaves them unavailable for both legitimate users and further testing. Which of the following best describes this concept?

A.

Retesting

B.

De-escalation

C.

Remediation

D.

Collision detection

A penetration tester observes an application enforcing strict access controls. Which of the following would allow the tester to bypass these controls and successfully access the organization's sensitive files?

A.

Remote file inclusion

B.

Cross-site scripting

C.

SQL injection

D.

Insecure direct object references

Which of the following would be the most efficient way to write a Python script that interacts with a web application?

A.

Create a class for requests.

B.

Write a function for requests.

C.

Import the requests library.

D.

Use the cURL OS command.