Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

CompTIA PT0-002 - CompTIA PenTest+ Certification Exam

Page: 7 / 14
Total 464 questions

Which of the following provides an exploitation suite with payload modules that cover the broadest range of target system types?

A.

Nessus

B.

Metasploit

C.

Burp Suite

D.

Ethercap

A penetration tester breaks into a company's office building and discovers the company does not have a shredding service. Which of the following attacks should the penetration tester try next?

A.

Dumpster diving

B.

Phishing

C.

Shoulder surfing

D.

Tailgating

A company has recruited a penetration tester to conduct a vulnerability scan over the network. The test is confirmed to be on a known environment. Which of the following would be the BEST option to identify a system properly prior to performing the assessment?

A.

Asset inventory

B.

DNS records

C.

Web-application scan

D.

Full scan

A security firm is discussing the results of a penetration test with the client. Based on the findings, the client wants to focus the remaining time on a critical network segment. Which of the following BEST describes the action taking place?

A.

Maximizing the likelihood of finding vulnerabilities

B.

Reprioritizing the goals/objectives

C.

Eliminating the potential for false positives

D.

Reducing the risk to the client environment

During enumeration, a red team discovered that an external web server was frequented by employees. After compromising the server, which of the following attacks would best support ------------company systems?

A.

Aside-channel attack

B.

A command injection attack

C.

A watering-hole attack

D.

A cross-site scripting attack

A penetration tester downloaded the following Perl script that can be used to identify vulnerabilities in network switches. However, the script is not working properly.

Which of the following changes should the tester apply to make the script work as intended?

A.

Change line 2 to $ip= ג€10.192.168.254ג€;

B.

Remove lines 3, 5, and 6.

C.

Remove line 6.

D.

Move all the lines below line 7 to the top of the script.

A penetration tester is conducting a penetration test and discovers a vulnerability on a web server that is owned by the client. Exploiting the vulnerability allows the tester to open a reverse shell. Enumerating the server for privilege escalation, the tester discovers the following:

Which of the following should the penetration tester do NEXT?

A.

Close the reverse shell the tester is using.

B.

Note this finding for inclusion in the final report.

C.

Investigate the high numbered port connections.

D.

Contact the client immediately.

A penetration tester attempted a DNS poisoning attack. After the attempt, no traffic was seen from the target machine. Which of the following MOST likely caused the attack to fail?

A.

The injection was too slow.

B.

The DNS information was incorrect.

C.

The DNS cache was not refreshed.

D.

The client did not receive a trusted response.

The provision that defines the level of responsibility between the penetration tester and the client for preventing unauthorized disclosure is found in the:

A.

NDA

B.

SLA

C.

MSA

D.

SOW

Which of the following is a regulatory compliance standard that focuses on user privacy by implementing the right to be forgotten?

A.

NIST SP 800-53

B.

ISO 27001

C.

GDPR