⚡️Lightning Sale: 50% off lifetime membership! ⚡️

24 minutes, 48 seconds remaining!
CompTIA Study Materials
AWS Study Materials
AWS Cloud Practitioner AWS Cloud Practitioner
AWS Cloud Practitioner CLF-C02
Microsoft Study Materials
Microsoft Azure Fundamentals Microsoft Azure Fundamentals
Microsoft Azure Fundamentals AZ-900

Free CompTIA PenTest+ PT0-002 Practice Test

Prepare for the CompTIA PenTest+ PT0-002 exam with our free practice test. Randomly generated and customizable, this test allows you to choose the number of questions.

  • Questions: 15
  • Time: 60 seconds per question (0 hours, 15 minutes, 0 seconds)
  • Included Objectives:
    • Reporting and Communication
    • Planning and Scoping
    • Information Gathering and Vulnerability Scanning
    • Attacks and Exploits
    • Tools and Code Analysis

During a penetration testing engagement, a penetration tester uses a tool to capture and analyze network packets to determine the types of traffic passing through the network. What is this process called?

  • Traffic analysis

  • Packet crafting

  • Traffic shaping

  • Sniffing

Repeated instances of unauthorized data exfiltration signify that user permissions are effectively governed.

  • True

  • False

When creating a penetration testing report, what is the recommended remediation related to the management of encryption keys that have a set period after which they must be replaced with new keys?

  • Biometric re-enrollment

  • Key rotation

  • Certificate renewal

  • Password complexity update

A penetration test for a retail organization with multiple physical locations reveals that certain branch managers have the ability to grant themselves higher privileges in the corporate network, potentially enabling access to sensitive customer data. Considering the separation of duties and mitigation of insider threat, what operational control should be recommended in the report to address this finding?

  • Enforce mandatory vacations for branch managers to identify inappropriate system dependencies.

  • Implement role-based access control to enforce separation of duties.

  • Set up time-of-day restrictions on when branch managers can access the network.

  • Implement multifactor authentication for sensitive systems access.

During a penetration test, you are analyzing data exfiltrated from a target company’s employee directory. The data is formatted in a CSV file, which includes names, departments, and email addresses. Which of the following methods would be BEST to programmatically extract and display email addresses from each line, assuming the email address is the third value in each row?

  • Counting the number of words in each line and using an if statement to find email addresses

  • Encrypting and decrypting each line to isolate the email addresses

  • Using a regular expression to match any text that follows two commas

  • Splitting each line at commas and selecting the third element of the resulting list

Which of the following tools would a penetration tester employ to efficiently leverage GPU resources in cracking a broad range of complex password hashes using both brute force and dictionary attack methods?

  • Medusa

  • Hashcat

  • John the Ripper

  • Hydra

In the process of writing the final report for a penetration test, which of the following recommendations would be the BEST to include for remediation when discovered that passwords are being stored in clear text?

  • Encrypt the passwords with a symmetric key.

  • Hash and salt each password before storage.

  • Store the passwords using base64 encoding.

  • Enforce a password policy requiring increased complexity.

During a penetration test, a vulnerability was discovered where an application's authentication system is susceptible to brute force attacks due to short, simple passwords. What is the most appropriate remediation to address this specific issue?

  • Mandatory security awareness training

  • Encrypting communication with TLS

  • Implementing account lockout mechanisms

  • Network segmentation

Reviewing contracts with the client prior to a penetration test is recommended but not required, since the rules of engagement can be communicated verbally.

  • The statement is true.

  • The statement is false.

During a penetration test, you discover that an application is vulnerable to SQL injection attacks due to improperly sanitized user input. In your report, which remediation strategy would be the most effective to address this specific vulnerability?

  • Enforce minimum password requirements for application users.

  • Implement mandatory vacations for the application development team.

  • Parameterize queries to ensure user input is treated safely.

  • Add an access control vestibule in front of the server room.

During a passive reconnaissance phase, a penetration tester is gathering information on a target organization. They want to determine the technology stack used by the company as well as potential vulnerabilities associated with it. Which of the following techniques would BEST aid in achieving this objective?

  • Performing DNS lookups to determine the company's domain name system structure.

  • Identifying cryptographic flaws in the organization's SSL certificates to deduce the technology stack.

  • Analyzing website archives and cached content for historical changes to the company's web presence.

  • Reviewing job listings from the company to discover the technology stack mentioned within them.

What is a common practice that penetration testers implement to ensure the confidentiality of sensitive data gathered during a security assessment?

  • Hashing all sensitive data

  • Using strong passwords on all accounts

  • Storing data only in a secure physical location

  • Encrypting all sensitive data

During an active reconnaissance phase, a penetration tester wants to monitor and capture the interaction between a client application and its server via API calls. What tool or technique would be the best choice to accomplish this task?

  • Web proxy

  • Wardriving tools

  • Anti-virus software

  • Port scanner

You are conducting a security audit on a web page and have found a section where user input is dynamically inserted into the document without proper sanitation. To confirm the existence of this client-side security flaw, you intend to inject code that creates a dialog box displaying 'Test'. Which of the following JavaScript snippets would be correctly executed to demonstrate the vulnerability?

  • Alert('Test');

  • confirm('Test');

  • aler't('Test');

  • alert('Test');

When preparing a report of a recent penetration test for the C-suite of a client company, which section should you emphasize to ensure it aligns with their focus on strategic decisions and risk management?

  • Scope details

  • Appendix

  • Findings - Risk rating (reference framework)

  • Executive summary



Remaining Time:
00:15:00