• Home
  • Blogs
  • PT0-002 Questions - Truly Beneficial For Your CompTIA Exam (Updated 434 Questions) [Q172-Q188]

PT0-002 Questions - Truly Beneficial For Your CompTIA Exam (Updated 434 Questions) [Q172-Q188]

Share

PT0-002 Questions - Truly Beneficial For Your CompTIA Exam (Updated 434 Questions)

View All PT0-002 Actual Exam Questions, Answers and Explanations for Free

NEW QUESTION # 172
A penetration tester fuzzes an internal server looking for hidden services and applications and obtains the following output:

Which of the following is the most likely explanation for the output?

  • A. The tester does not have credentials to access the server-status page.
  • B. The robots.txt file has six entries in it.
  • C. The admin, test, and db directories redirect to the log-in page.
  • D. The admin directory cannot be fuzzed because it is forbidden.

Answer: C

Explanation:
The output of the fuzzing tool shows that the admin, test, and db directories have the same size, words, and lines as the login page, which indicates that they are redirecting to the login page. This means that the tester cannot access these directories without valid credentials. The server-status page returns a 403 Forbidden status code, which means that the tester does not have permission to access it. The robots.txt file returns a 404 Not Found status code, which means that the file does not exist on the server. References:
*The Official CompTIA PenTest+ Study Guide (Exam PT0-002), Chapter 2: Conducting Passive Reconnaissance, page 77-78.
*101 Labs - CompTIA PenTest+: Hands-on Labs for the PT0-002 Exam, Lab 2.3: Fuzzing Web Applications, page 69-70.


NEW QUESTION # 173
After running the enum4linux.pl command, a penetration tester received the following output:

Which of the following commands should the penetration tester run NEXT?

  • A. smbspool //192.160.100.56/print$
  • B. smbclient //192.168.100.56/web -U '' -N
  • C. smbget //192.168.100.56/web -U ''
  • D. net rpc share -S 192.168.100.56 -U ''

Answer: B

Explanation:
A vulnerability scan is a type of assessment that helps to identify vulnerabilities in a network or system. It scans systems for potential vulnerabilities, misconfigurations, and outdated software. Based on the output from a vulnerability scan, a penetration tester can identify vulnerabilities that may be exploited to gain access to a system. In this scenario, the output from the penetration testing tool shows that 100 hosts contained findings due to improper patch management. This indicates that the vulnerability scan detected vulnerabilities that could have been prevented through proper patch management. Therefore, the most likely test performed by the penetration tester is a vulnerability scan.


NEW QUESTION # 174
A penetration tester is conducting an assessment on 192.168.1.112. Given the following output:

Which of the following is the penetration tester conducting?

  • A. DoS attack
  • B. Port scan
  • C. Brute force
  • D. Credential stuffing

Answer: C

Explanation:
The output shows multiple login attempts with different passwords for the same username "root" on the IP address 192.168.1.112. This is indicative of a brute force attack, where an attacker systematically tries various password combinations to gain unauthorized access. References: The Official CompTIA PenTest+ Study Guide (Exam PT0-002), Chapter 4: Conducting Passive Reconnaissance; The Official CompTIA PenTest+ Student Guide (Exam PT0-002), Lesson 4: Conducting Active Reconnaissance.


NEW QUESTION # 175
Which of the following should a penetration tester attack to gain control of the state in the HTTP protocol after the user is logged in?

  • A. Public and private keys
  • B. Password encryption
  • C. HTTPS communication
  • D. Sessions and cookies

Answer: D


NEW QUESTION # 176
A company recruited a penetration tester to configure wireless IDS over the network. Which of the following tools would BEST test the effectiveness of the wireless IDS solutions?

  • A. Wireshark
  • B. Aircrack-ng
  • C. Kismet
  • D. Wifite

Answer: B

Explanation:
Aircrack-ng is a suite of tools that allows the penetration tester to test the effectiveness of the wireless IDS solutions by performing various attacks on wireless networks, such as cracking WEP and WPA keys, capturing and injecting packets, deauthenticating clients, or creating fake access points. Aircrack-ng can also generate different types of traffic and signatures that can trigger the wireless IDS alerts or responses, such as ARP requests, EAPOL frames, or beacon frames.
Reference: https://purplesec.us/perform-wireless-penetration-test/


NEW QUESTION # 177
During an assessment, a penetration tester found a suspicious script that could indicate a prior compromise. While reading the script, the penetration tester noticed the following lines of code:

Which of the following was the script author trying to do?

  • A. Change the MAC address
  • B. List processes.
  • C. Disable NIC.
  • D. Spawn a local shell.

Answer: D

Explanation:
The script author was trying to spawn a local shell by using the os.system() function, which executes a command in a subshell. The command being executed is "/bin/bash", which is the path to the bash shell, a common shell program on Linux systems. The script author may have wanted to spawn a local shell to gain more control or access over the compromised system, or to execute other commands that are not possible in the original shell. The other options are not plausible explanations for what the script author was trying to do.


NEW QUESTION # 178
A penetration tester is testing a new API for the company's existing services and is preparing the following script:

Which of the following would the test discover?

  • A. Listening web servers in a domain
  • B. Default web configurations
  • C. Open web ports on a host
  • D. Supported HTTP methods

Answer: D

Explanation:
The script is using the requests library to send an OPTIONS request to the API endpoint, which returns a list of supported HTTP methods for that resource. This can help the penetration tester to identify potential attack vectors or vulnerabilities based on the methods allowed.


NEW QUESTION # 179
You are a security analyst tasked with hardening a web server.
You have been given a list of HTTP payloads that were flagged as malicious.
INSTRUCTIONS
Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Answer:

Explanation:

Explanation:
1. Reflected XSS - Input sanitization (<> ...)
2. Sql Injection Stacked - Parameterized Queries
3. DOM XSS - Input Sanitization (<> ...)
4. Local File Inclusion - sandbox req
5. Command Injection - sandbox req
6. SQLi union - paramtrized queries
7. SQLi error - paramtrized queries
8. Remote File Inclusion - sandbox
9. Command Injection - input saniti $
10. URL redirect - prevent external calls


NEW QUESTION # 180
A penetration tester finds a PHP script used by a web application in an unprotected internal source code repository. After reviewing the code, the tester identifies the following:

Which of the following tools will help the tester prepare an attack for this scenario?

  • A. Burp Suite and DIRB
  • B. Hydra and crunch
  • C. Nmap and OWASP ZAP
  • D. Netcat and cURL

Answer: D

Explanation:
Netcat and cURL are tools that will help the tester prepare an attack for this scenario, as they can be used to establish a TCP connection, send payloads, and receive responses from the target web server. Netcat is a versatile tool that can create TCP or UDP connections and transfer data between hosts. cURL is a tool that can transfer data using various protocols, such as HTTP, FTP, SMTP, etc. The tester can use these tools to exploit the PHP script that executes shell commands with the value of the "item" variable.


NEW QUESTION # 181
SIMULATION
Using the output, identify potential attack vectors that should be further investigated.




  • A. See explanation below

Answer: A

Explanation:
1: Null session enumeration
Weak SMB file permissions
Fragmentation attack
2: nmap
-sV
-p 1-1023
192.168.2.2
3: #!/usr/bin/python
export $PORTS = 21,22
for $PORT in $PORTS:
try:
s.connect((ip, port))
print("%s:%s - OPEN" % (ip, port))
except socket.timeout
print("%:%s - TIMEOUT" % (ip, port))
except socket.error as e:
print("%:%s - CLOSED" % (ip, port))
finally
s.close()
port_scan(sys.argv[1], ports)


NEW QUESTION # 182
A penetration tester conducted a discovery scan that generated the following:

Which of the following commands generated the results above and will transform them into a list of active hosts for further analysis?

  • A. nmap -sn 192.168.0.1-254 , grep "Nmap scan" | awk '{print S5}'
  • B. nmap -o 192.168.0.1-254, cut -f 2
  • C. nmap --open 192.168.0.1-254, uniq
  • D. nmap -oG list.txt 192.168.0.1-254 , sort

Answer: A

Explanation:
the NMAP flag (-sn) which is for host discovery and returns that kind of NMAP output. And the AWK command selects column 5 ({print $5}) which obviously carries the returned IP of the host in the NMAP output.


NEW QUESTION # 183
As part of active reconnaissance, penetration testers need to determine whether a protection mechanism is in place to safeguard the target's website against web application attacks. Which of the following methods would be the most suitable?

  • A. Antivirus scanning
  • B. Scapy packet crafting
  • C. Direct-to-origin testing
  • D. WAF detection

Answer: D

Explanation:
Detecting a Web Application Firewall (WAF) helps penetration testers understand the protective measures in place and tailor their testing methods to bypass these defenses.
Details:
* A. Direct-to-origin testing: Useful for bypassing CDN but not specifically for detecting protective mechanisms like WAF.
* B. Antivirus scanning: Not relevant for web application attacks.
* C. Scapy packet crafting: Useful for network-level testing but not for detecting web application protections.
* D. WAF detection: Identifies if a WAF is present, which is critical for understanding and bypassing web application defenses.
References: WAF detection techniques are documented in web application security testing methodologies such as OWASP.


NEW QUESTION # 184
A penetration tester who is working remotely is conducting a penetration test using a wireless connection. Which of the following is the BEST way to provide confidentiality for the client while using this connection?

  • A. Connect to the penetration testing company's VPS using a VPN.
  • B. Install a host-based firewall on the penetration testing distribution.
  • C. Use random MAC addresses on the penetration testing distribution.
  • D. Configure wireless access to use a AAA server.

Answer: A

Explanation:
The best way to provide confidentiality for the client while using a wireless connection is to connect to the penetration testing company's VPS using a VPN. This will encrypt the traffic between the penetration tester and the VPS, and prevent any eavesdropping or interception by third parties. A VPN will also allow the penetration tester to access the client's network securely and bypass any firewall or network restrictions.


NEW QUESTION # 185
After gaining access to a previous system, a penetration tester runs an Nmap scan against a network with the following results:

The tester then runs the following command from the previous exploited system, which fails:
Which of the following explains the reason why the command failed?

  • A. The tester input the incorrect IP address.
  • B. PowerShell requires administrative privilege.
  • C. An account for RDP does not exist on the server.
  • D. The command requires the -port 135 option.

Answer: C


NEW QUESTION # 186
Which of the following is the BEST resource for obtaining payloads against specific network infrastructure products?

  • A. Shodan
  • B. Exploit-DB
  • C. Retina
  • D. Metasploit

Answer: B

Explanation:
Explanation
"Exploit Database (ExploitDB) is a repository of exploits for the purpose of public security, and it explains what can be found on the database. The ExploitDB is a very useful resource for identifying possible weaknesses in your network and for staying up to date on current attacks occurring in other networks" Exploit-DB is a website that collects and archives exploits for various software and hardware products, including network infrastructure devices. Exploit-DB allows users to search for exploits by product name, vendor, type, platform, CVE number, or date. Exploit-DB is a useful resource for obtaining payloads against specific network infrastructure products. Metasploit is a framework that contains many exploits and payloads, but it is not a resource for obtaining them. Shodan is a search engine that scans the internet for devices and services, but it does not provide exploits or payloads. Retina is a vulnerability scanner that identifies weaknesses in network devices, but it does not provide exploits or payloads.


NEW QUESTION # 187
A penetration tester is conducting an assessment on 192.168.1.112. Given the following output:

Which of the following is the penetration tester conducting?

  • A. DoS attack
  • B. Port scan
  • C. Brute force
  • D. Credential stuffing

Answer: C

Explanation:
The output shows multiple login attempts with different passwords for the same username "root" on the IP address 192.168.1.112. This is indicative of a brute force attack, where an attacker systematically tries various password combinations to gain unauthorized access. References: The Official CompTIA PenTest+ Study Guide (Exam PT0-002), Chapter 4: Conducting Passive Reconnaissance; The Official CompTIA PenTest+ Student Guide (Exam PT0-002), Lesson 4: Conducting Active Reconnaissance.


NEW QUESTION # 188
......


CompTIA PenTest+ certification exam consists of multiple-choice and performance-based questions that test the candidate's ability to perform various tasks, such as reconnaissance, enumeration, exploitation, post-exploitation, and reporting. Candidates who pass the CompTIA PT0-002 exam demonstrate their proficiency in using various tools and methods to identify potential risks and vulnerabilities, analyze security weaknesses and recommend preventive and remedial measures to enhance the security posture of network systems. The CompTIA PenTest+ certification exam is an essential tool for cybersecurity professionals who want to advance their careers and stay ahead of the competition in a competitive job market.


To prepare for the exam, candidates can enroll in training courses or use study resources such as practice tests, study guides, and online forums. CompTIA also offers official study materials for the PT0-002 exam, which can be accessed through their website. By utilizing these resources and committing to study, candidates can increase their chances of passing the exam on their first attempt.


CompTIA PT0-002 exam covers various security topics, including reconnaissance techniques, vulnerability identification, vulnerability exploitation, post-exploitation techniques, penetration testing tools, and reporting vulnerabilities. It also evaluates the individual's knowledge on various compliance and frameworks that communities and organization follow like General Data Protection Regulation (GDPR).

 

PT0-002 dumps Free Test Engine Verified By It Certified Experts: https://www.exam-killer.com/PT0-002-valid-questions.html

PT0-002 Exam Free Practice Test with100% Accurate Answers: https://drive.google.com/open?id=1N7bJMLXQd83O0rl4HQ8h5760-35J-n9X

Related Blogs

more
CompTIA PT0-002 Certification Practice Exam

All we do is to help you pass the actual test with our training material. The most relevant questions together with verified answers can ensure you 100% pass.

Latest Update

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 EXAM-KILLER.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor. Privacy Policy