Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

CompTIA PT0-002 - CompTIA PenTest+ Certification Exam

Page: 1 / 14
Total 464 questions

A penetration tester is conducting a test after hours and notices a critical system was taken down. Which of the following contacts should be notified first?

A.

Secondary

B.

Emergency

C.

Technical

D.

Primary

Within a Python script, a line that states print (var) outputs the following:

[{'1' : 'CentOS', '2' : 'Ubuntu'), {'1' : 'Windows 10', '2' : 'Windows Server 2016'}]

Which of the following objects or data structures is var ?

A.

An array

B.

A class

C.

A dictionary

D.

A list

An organization is using Android mobile devices but does not use MDM services. Which of the following describes an existing risk present in this scenario?

A.

Device log facility does not record actions.

B.

End users have root access by default.

C.

Unsigned applications can be installed.

D.

Push notification services require internet.

An external consulting firm is hired to perform a penetration test and must keep the confidentiality of the security vulnerabilities and the private data found in a customer's systems. Which of the following documents addresses this requirement?

A.

ROE

B.

NDA

C.

MOU

D.

SLA

During a vulnerability scan a penetration tester enters the following Nmap command against all of the non-Windows clients:

nmap -sX -T4 -p 21-25, 67, 80, 139, 8080 192.168.11.191

The penetration tester reviews the packet capture in Wireshark and notices that the target responds with an RST packet flag set for all of the targeted ports. Which of the following does this information most likely indicate?

A.

All of the ports in the target range are closed.

B.

Nmap needs more time to scan the ports in the target range.

C.

The ports in the target range cannot be scanned because they are common UDP ports.

D.

All of the ports in the target range are open

During a client engagement, a penetration tester runs the following Nmap command and obtains the following output:

nmap -sV -- script ssl-enum-ciphers -p 443 remotehost

| TLS_ECDHE_ECDSA_WITH_RC4_128_SHA

| TLS_ECDHE_RSA_WITH_RC4_128_SHA

TLS_RSA_WITH_RC4_128_SHA (rsa 2048)

TLS_RSA_WITH_RC4_128_MD5 (rsa 2048)

Which of the following should the penetration tester include in the report?

A.

Old, insecure ciphers are in use.

B.

The 3DES algorithm should be deprecated.

C.

2,048-bit symmetric keys are incompatible with MD5.

D.

This server should be upgraded to TLS 1.2.

A penetration tester is conducting an assessment on 192.168.1.112. Given the following output:

Which of the following is the penetration tester conducting?

A.

Port scan

B.

Brute force

C.

Credential stuffing

D.

DoS attack

Which of the following is the most important aspect to consider when calculating the price of a penetration test service for a client?

A.

Operating cost

B.

Required scope of work

C.

Non-disclosure agreement

D.

Client's budget

A penetration testing firm wants to hire three additional consultants to support a newly signed long-term contract with a major customer. The following is a summary of candidate

background checks:

Which of the following candidates should most likely be excluded from consideration?

A.

Candidate 1

B.

Candidate 2

C.

Candidate 3

D.

Candidate 4

In a standard engagement, a post-report document is provided outside of the report. This document:

• Does not contain specific findings

• Exposes vulnerabilities

• Can be shared publicly with outside parties that do not have an in-depth understanding about the client's network

Which of the following documents is described?

A.

Attestation letter

B.

Findings report

C.

Executive summary

D.

Non-disclosure agreement