CompTIA Study Materials
AWS Study Materials
AWS Cloud Practitioner AWS Cloud Practitioner
AWS Cloud Practitioner CLF-C02
Microsoft Study Materials
Microsoft Azure Fundamentals Microsoft Azure Fundamentals
Microsoft Azure Fundamentals AZ-900

Free CompTIA PenTest+ PT0-002 Practice Question

As part of a penetration testing team, you are tasked with evaluating the security of a large financial corporation's mobile banking app. The app employs certificate pinning to secure HTTPS traffic. Which of the following techniques could you leverage to bypass the certificate pinning and analyze the encrypted traffic?

  • Spoofing DNS records to redirect the app's network traffic to a server controlled by the testing team.

  • Generating a new certificate pair for the server and replacing the pinned certificate within the app's configuration.

  • Setting up a proxy and using a Frida script to bypass the application's certificate pinning while the traffic routes through the proxy.

  • Cloning the server's actual certificate and using it in a MitM position to bypass the pinning mechanism.

  • Installing an unauthorized version of the app containing a rogue certificate instead of the pinned certificate.

This question is for objective:
Attacks and Exploits
Your Score:
Attacks and Exploits
Information Gathering and Vulnerability Scanning
Reporting and Communication
Tools and Code Analysis
Planning and Scoping