Practice Exams:

Free PT0-002 Exam Braindumps

Pass your CompTIA PenTest+ Certification Exam exam with these free Questions and Answers

Page 5 of 56
PDF with 278 Questions
QUESTION 16

A penetration tester found the following valid URL while doing a manual assessment of a web application: http://www.example.com/product.php?id=123987.
Which of the following automated tools would be best to use NEXT to try to identify a vulnerability in this URL?

  1. A. SQLmap
  2. B. Nessus
  3. C. Nikto
  4. D. DirBuster

Correct Answer: B

QUESTION 17

A software company has hired a security consultant to assess the security of the company's software development practices. The consultant opts to begin reconnaissance by performing fuzzing on a software binary. Which of the following vulnerabilities is the security consultant MOST likely to identify?

  1. A. Weak authentication schemes
  2. B. Credentials stored in strings
  3. C. Buffer overflows
  4. D. Non-optimized resource management

Correct Answer: C
fuzzing introduces unexpected inputs into a system and watches to see if the system has any negative reactions to the inputs that indicate security, performance, or quality gaps or issues

QUESTION 18

A penetration tester has gained access to the Chief Executive Officer's (CEO's) internal, corporate email. The next objective is to gain access to the network.
Which of the following methods will MOST likely work?

  1. A. Try to obtain the private key used for S/MIME from the CEO's account.
  2. B. Send an email from the CEO's account, requesting a new account.
  3. C. Move laterally from the mail server to the domain controller.
  4. D. Attempt to escalate privileges on the mail server to gain root access.

Correct Answer: D

QUESTION 19

A penetration tester finds a PHP script used by a web application in an unprotected internal source code repository. After reviewing the code, the tester identifies the following:
PT0-002 dumps exhibit
Which of the following combinations of tools would the penetration tester use to exploit this script?

  1. A. Hydra and crunch
  2. B. Netcat and cURL
  3. C. Burp Suite and DIRB
  4. D. Nmap and OWASP ZAP

Correct Answer: B

QUESTION 20

During a penetration test, the domain names, IP ranges, hosts, and applications are defined in the:

  1. A. SOW.
  2. B. SLA.
  3. C. ROE.
  4. D. NDA

Correct Answer: C
https://mainnerve.com/what-are-rules-of-engagement-in-pen-testing/#:~:text=The ROE includes the

Page 5 of 56
PDF with 278 Questions

Post your Comments and Discuss CompTIA PT0-002 exam with other Community members: