How Many Questions Of PT0-002 Braindumps

It is impossible to pass CompTIA PT0-002 exam without any help in the short term. Come to Passleader soon and find the most advanced, correct and guaranteed CompTIA PT0-002 practice questions. You will get a surprising result by our Improved CompTIA PenTest+ Certification Exam practice guides.

Free demo questions for CompTIA PT0-002 Exam Dumps Below:

A new security firm is onboarding its first client. The client only allowed testing over the weekend and needed the results Monday morning. However, the assessment team was not able to access the environment as expected until Monday. Which of the following should the security company have acquired BEFORE the start of the assessment?

  • A. A signed statement of work
  • B. The correct user accounts and associated passwords
  • C. The expected time frame of the assessment
  • D. The proper emergency contacts for the client

Answer: B

Which of the following describe the GREATEST concerns about using third-party open-source libraries in application code? (Choose two.)

  • A. The libraries may be vulnerable
  • B. The licensing of software is ambiguous
  • C. The libraries’ code bases could be read by anyone
  • D. The provenance of code is unknown
  • E. The libraries may be unsupported
  • F. The libraries may break the application

Answer: AC

A Chief Information Security Officer wants a penetration tester to evaluate the security awareness level of the company’s employees.
Which of the following tools can help the tester achieve this goal?

  • A. Metasploit
  • B. Hydra
  • C. SET
  • D. WPScan

Answer: A

A company that requires minimal disruption to its daily activities needs a penetration tester to perform information gathering around the company’s web presence. Which of the following would the tester find MOST helpful in the initial information-gathering steps? (Choose two.)

  • A. IP addresses and subdomains
  • B. Zone transfers
  • C. DNS forward and reverse lookups
  • D. Internet search engines
  • E. Externally facing open ports
  • F. Shodan results

Answer: AB

A company hired a penetration tester to do a social-engineering test against its employees. Although the tester did not find any employees’ phone numbers on the company’s website, the tester has learned the complete phone catalog was published there a few months ago.
In which of the following places should the penetration tester look FIRST for the employees’ numbers?

  • A. Web archive
  • B. GitHub
  • C. File metadata
  • D. Underground forums

Answer: A

A penetration tester wants to scan a target network without being detected by the client’s IDS. Which of the following scans is MOST likely to avoid detection?

  • A. nmap –p0 –T0 –sS
  • B. nmap –sA –sV --host-timeout 60
  • C. nmap –f --badsum
  • D. nmap –A –n

Answer: B

Running a vulnerability scanner on a hybrid network segment that includes general IT servers and industrial control systems:

  • A. will reveal vulnerabilities in the Modbus protocol.
  • B. may cause unintended failures in control systems.
  • C. may reduce the true positive rate of findings.
  • D. will create a denial-of-service condition on the IP networks.

Answer: B

Given the following code:
Which of the following are the BEST methods to prevent against this type of attack? (Choose two.)

  • A. Web-application firewall
  • B. Parameterized queries
  • C. Output encoding
  • D. Session tokens
  • E. Input validation
  • F. Base64 encoding

Answer: BE

An assessment has been completed, and all reports and evidence have been turned over to the client. Which of the following should be done NEXT to ensure the confidentiality of the client’s information?

  • A. Follow the established data retention and destruction process
  • B. Report any findings to regulatory oversight groups
  • C. Publish the findings after the client reviews the report
  • D. Encrypt and store any client information for future analysis

Answer: D

A penetration tester is starting an assessment but only has publicly available information about the target company. The client is aware of this exercise and is preparing for the test.
Which of the following describes the scope of the assessment?

  • A. Partially known environment testing
  • B. Known environment testing
  • C. Unknown environment testing
  • D. Physical environment testing

Answer: C

The results of an Nmap scan are as follows:
PT0-002 dumps exhibit
Which of the following would be the BEST conclusion about this device?

  • A. This device may be vulnerable to the Heartbleed bug due to the way transactions over TCP/22 handle heartbeat extension packets, allowing attackers to obtain sensitive information from process memory.
  • B. This device is most likely a gateway with in-band management services.
  • C. This device is most likely a proxy server forwarding requests over TCP/443.
  • D. This device may be vulnerable to remote code execution because of a butter overflow vulnerability in the method used to extract DNS names from packets prior to DNSSEC validation.

Answer: A

A penetration tester who is conducting a web-application test discovers a clickjacking vulnerability associated with a login page to financial data. Which of the following should the tester do with this information to make this a successful exploit?

  • A. Perform XSS.
  • B. Conduct a watering-hole attack.
  • C. Use BeEF.
  • D. Use browser autopwn.

Answer: A

A penetration tester has been contracted to review wireless security. The tester has deployed a malicious wireless AP that mimics the configuration of the target enterprise WiFi. The penetration tester now wants to try to force nearby wireless stations to connect to the malicious AP. Which of the following steps should the tester take NEXT?

  • A. Send deauthentication frames to the stations.
  • B. Perform jamming on all 2.4GHz and 5GHz channels.
  • C. Set the malicious AP to broadcast within dynamic frequency selection channels.
  • D. Modify the malicious AP configuration to not use a pre-shared key.

Answer: A

A company hired a penetration-testing team to review the cyber-physical systems in a manufacturing plant. The team immediately discovered the supervisory systems and PLCs are both connected to the company intranet. Which of the following assumptions, if made by the penetration-testing team, is MOST likely to be valid?

  • A. PLCs will not act upon commands injected over the network.
  • B. Supervisors and controllers are on a separate virtual network by default.
  • C. Controllers will not validate the origin of commands.
  • D. Supervisory systems will detect a malicious injection of code/commands.

Answer: C

Which of the following web-application security risks are part of the OWASP Top 10 v2017? (Choose two.)

  • A. Buffer overflows
  • B. Cross-site scripting
  • C. Race-condition attacks
  • D. Zero-day attacks
  • E. Injection flaws
  • F. Ransomware attacks

Answer: BE


A02-Broken Authentication A03-Sensitive Data Exposure A04-XXE
A05-Broken Access Control A06-Security Misconfiguration A07-XSS
A08-Insecure Deserialization
A09-Using Components with Known Vulnerabilities A10-Insufficient Logging & Monitoring

A penetration tester is testing input validation on a search form that was discovered on a website. Which of the following characters is the BEST option to test the website for vulnerabilities?

  • A. Comma
  • B. Double dash
  • C. Single quote
  • D. Semicolon

Answer: C

A penetration tester needs to perform a test on a finance system that is PCI DSS v3.2.1 compliant. Which of the following is the MINIMUM frequency to complete the scan of the system?

  • A. Weekly
  • B. Monthly
  • C. Quarterly
  • D. Annually

Answer: A

A company obtained permission for a vulnerability scan from its cloud service provider and now wants to test the security of its hosted data.
Which of the following should the tester verify FIRST to assess this risk?

  • A. Whether sensitive client data is publicly accessible
  • B. Whether the connection between the cloud and the client is secure
  • C. Whether the client's employees are trained properly to use the platform
  • D. Whether the cloud applications were developed using a secure SDLC

Answer: A

A penetration tester has been hired to perform a physical penetration test to gain access to a secure room within a client’s building. Exterior reconnaissance identifies two entrances, a WiFi guest network, and multiple security cameras connected to the Internet.
Which of the following tools or techniques would BEST support additional reconnaissance?

  • A. Wardriving
  • B. Shodan
  • C. Recon-ng
  • D. Aircrack-ng

Answer: C


P.S. Easily pass PT0-002 Exam with 110 Q&As Dumps & pdf Version, Welcome to Download the Newest PT0-002 Dumps: (110 New Questions)