The CompTIA PenTest+ (PT0-002) is for cybersecurity experts entrusted with penetration testing and weakness the board. It is the most thorough test covering all infiltration testing stages. The CompTIA PenTest+ (PT0-002) test surveys the most state-of-the-art entrance testing, and weakness appraisal and the management skills are important to decide the versatility of the network against attacks. To successfully pass the test, the candidate should possess an excellent command of the following domains-
- Domain 1 – An overview of Planning and Scoping
- Domain 2 – A proper understanding of Information Gathering and Vulnerability Scanning
- Domain 3 – An overview of Attacks and Exploits
- Domain 4 -An overview of Reporting and Communication
- Domain 5 – Detailed understanding of Tools and Code Analysis
Here are some of the most important sample questions that will help you achieve a better understanding of all the domains.
Advanced Sample Questions
What is the primary purpose of penetration testing?
- a) To identify and exploit vulnerabilities in a target system or network.
- b) To improve the overall security posture of a target system or network.
- c) To secure a target system or network against future attacks.
- d) All of the above.
Answer: b) To improve the overall security posture of a target system or network.
Which of the following is NOT an ethical hacking tool?
- a) Metasploit
- b) Wireshark
- c) Nmap
- d) Backdoor
Answer: d) Backdoor
What is the primary goal of social engineering attacks?
- a) To gain unauthorized access to a target system or network.
- b) To steal sensitive information from a target.
- c) To disrupt the normal operations of a target.
- d) All of the above.
Answer: b) To steal sensitive information from a target.
Which of the following is a commonly used technique for discovering vulnerabilities in a target system or network?
- a) Vulnerability scanning
- b) Port scanning
- c) Traffic analysis
- d) All of the above.
Answer: a) Vulnerability scanning
What is the first step in the ethical hacking process?
- a) Information gathering
- b) Vulnerability analysis
- c) Exploitation
- d) Report writing
Answer: a) Information gathering
What is a vulnerability assessment?
- a) A comprehensive evaluation of the security of a target system or network.
- b) A focused examination of specific aspects of a target system or network.
- c) An attempt to exploit vulnerabilities in a target system or network.
- d) A review of security documentation for a target system or network.
Answer: b) A focused examination of specific aspects of a target system or network.
What is the purpose of a threat model?
- a) To identify and prioritize potential threats to a target system or network.
- b) To understand the motivations and tactics of attackers.
- c) To determine the most effective countermeasures for a target system or network.
- d) All of the above.
Answer: a) To identify and prioritize potential threats to a target system or network.
Which of the following is a commonly used tool for password cracking?
- a) John the Ripper
- b) Metasploit
- c) Nessus
- d) Aircrack-ng
Answer: a) John the Ripper
What is the difference between a false positive and a false negative in the context of vulnerability assessments?
- a) A false positive is a reported vulnerability that does not actually exist, while a false negative is a missed vulnerability.
- b) A false positive is a missed vulnerability, while a false negative is a reported vulnerability that does not actually exist.
- c) A false positive is a reported vulnerability that is actually a feature, while a false negative is a missed vulnerability that is actually a feature.
Answer: a) A false positive is a reported vulnerability that does not actually exist, while a false negative is a missed vulnerability.
What is the purpose of post-exploitation activities in a penetration test?
- a) To further compromise the target system or network.
- b) To gather additional information about the target system or network.
- c) To clean up after the penetration test.
- d) All of the above.
Answer: b) To gather additional information about the target system or network.
Basic Sample Questions
1.) A client needs a security evaluation organization to play out an entrance test against its hot site. The motivation behind the test is to decide the adequacy of the safeguards that safeguard against interruptions to business coherence. Which of coming up next is the MOST significant move to make prior to beginning this sort of evaluation?
A. Guarantee the client has marked the SOW.
B. Confirm the client has conceded network admittance to the hot site.
C. Decide whether the failover climate depends on assets not claimed by the client.
D. Layout correspondence and acceleration systems with the client.
Right Answer: A
2.) Playing out a penetration test against a climate with SCADA gadgets brings additional safety risks since they:
A. gadgets produce more intensity and consume more power.
B. gadgets are outdated and are at this point not accessible for substitution.
C. conventions are more challenging to comprehend.
D. gadgets might cause actual world impacts.
Right Answer: D
Explanation: Vulnerability Analysis of Network Scanning on SCADA Systems
3.) Which of the accompanying reports depicts explicit exercises, expectations, and timetables for a penetration tester in CompTIA PenTest+?
A. NDA
B. MSA
C. SOW
D. MOU
Right Answer: C
4.) An organization employed an entrance testing group to survey the digital actual frameworks in an assembling plant. The group promptly found the administrative frameworks and PLCs are both associate with the organization’s intranet. Which of the accompanying suspicions, whenever made by the infiltration testing group, is MOST prone to be legitimate?
A. PLCs won’t follow up on orders infused over the organization.
B. The supervisors & controllers are in a different virtual network by default
C. Controllers won’t approve the beginning of orders.
D. The supervisory system will identify a malevolent infusion of code/orders.
Right Answer: C
5.) A penetration tester was used to run a ping ‘” An order during an obscure climate test, and it returned a 128 TTL packet. Which of the accompanying OSs could MOST probable return a packet of this sort?
A. Windows
B. Apple
C. Linux
D. Android
Right Answer: A
Explanation: How to Identify Basic Internet Problems with the Ping Command
6.) A penetration tester who is doing an organization-mentioned evaluation might want to send traffic to another framework utilizing double tagging. Which of the accompanying methods could BEST achieve this objective?
A. RFID cloning
B. RFID tagging
C. Meta tagging
D. Tag nesting
Right Answer: D
7.) An organization enlisted a penetration tester to design wireless IDS over the network. Which of the accompanying devices would BEST test the viability of the wireless IDS solutions in CompTIA PenTest+?
A. Aircrack-ng
B. Wireshark
C. Wifite
D. Kismet
Right Answer: A
Explanation: How To Perform A Wireless Penetration Test
8.) A penetration tester accesses a framework and lays out constancy, and afterward runs the accompanying orders: feline/dev/invalid > temp contact ‘”r .bash_history temp mv temp .bash_history
Which of the accompanying activities is the analyzer MOST probable performing?
A. Diverting Bash history to/dev/invalid
B. Making a duplicate of the client’s Bash history for an additional enumeration
C. Covering tracks by clearing the Bash history
D. Making decoy files on the system to confound incident responders
Right Answer: C
Explanation: How to clear the Logs & Bash History on Hacked Linux Systems to Cover Your Tracks & Remain Undetected
9.) Which of the accompanying should a penetration tester do NEXT in the wake of recognizing that an application being tried has proactively been compromised with malware?
A. Analyzing the malware to see what it does.
B. Gather the appropriate proof and afterward eliminate the malware.
C. Do an underlying driver examination to figure out how the malware got in.
D. Eliminate the malware right away.
E. Stop the evaluation and illuminate the crisis contact.
Right Answer: D
Explanation: If a company has been hack, what to do?
10.) A penetration tester runs the accompanying order on a framework:
find/ – client root ‘”perm – 4000 ‘”print 2>/dev/invalid
Which of coming up next is the analyzer attempting to achieve?
A. Set the SGID on all records in the/catalog
B. View as the/root catalog on the framework
C. Find records with the SUID bit set Most Voted
D. Find documents that were made during abuse and move them to/dev/invalid
Right Answer: C
Explanation: Find command in Linux
11.) Which of the accompanying could MOST possible be remember for the last report of a static application-security test that was compose with a group of use designers as the target group?
A. Chief synopsis of the infiltration testing techniques utilized
B. Bill of materials including supplies, subcontracts, and costs brought about during the appraisal
C. Quantitative effect evaluations are given fruitful programming split the difference
D. Code setting for examples of dangerous kind projecting activities
Right Answer: D
12.) Which of the accompanying apparatuses gives Python classes to connect with network conventions?
A. Responder
B. Impacket
C. Empire
D. PowerSploit
Right Answer: B
Explanation: Impacket
13.) A penetration tester has gotten shell admittance to a Windows host and needs to run an extraordinarily create twofold for later execution utilizing the wmic.exe cycle call make capability. Which of the accompanying OS or filesystem systems is MOST prone to help this goal?
A. Substitute information streams
B. PowerShell modules
C. MP4 steganography
D. PsExec
Right Answer: D
14.) A penetration tester finds during a new test that a worker in the bookkeeping office has been making changes to an installment framework and diverting cash into an individual ledger. The entrance test was quickly halt. Which of the accompanying could be the BEST proposal to forestall this kind of movement later on?
A. Authorize obligatory worker get-aways
B. Carry out multifaceted confirmation
C. Introduce video observation gear in the workplace
D. Scramble passwords for financial balance data
Right Answer: B
15.) A penetration tester needs to filter an objective organization without being identify by the client’s IDS. Which of the accompanying sweeps is MOST liable to stay away from discovery?
A. nmap ג€”p0 ג€” T0 ג€” sS 192.168.1.10 Most Voted
B. nmap ג€”sA ג€”sV – – have break 60 192.168.1.10
C. nmap ג€”f – – badsum 192.168.1.10
D. nmap ג€”A ג€”n 192.168.1.10
Right Answer: A
16.) A penetration tester has distinguished a few recently delivered CVEs on a VoIP call director. The checking apparatus the analyzer utilized decided the conceivable presence of the CVEs in light of the form number of the help. Which of the accompanying strategies could BEST help approval of the potential discoveries?
A. Physically check the variant number of the VoIP administration against the CVE discharge
B. Test with evidence of idea code from an adventure data set
C. Audit SIP traffic from an on-way position to search for signs of giving and take
D. Use a Nmap ג€”SV check against the assistance
Right Answer: D
17.) A penetration tester is checking a corporate lab network for possibly weak administrations. Which of the accompanying Nmap orders will return weak ports that may be intriguing to an expected aggressor in CompTIA PenTest+?
A. nmap 192.168.1.1-5 ג€” PU22-25,80
B. nmap 192.168.1.1-5 ג€”PA22-25,80
C. nmap 192.168.1.1-5 ג€”PS22-25,80
D. nmap 192.168.1.1-5 ג€”Ss22-25,80
Right Answer: C
18.) A software development group is worried that another item’s 64-cycle Windows pairs can be dismantle to the basic code. Which of the accompanying devices could an entrance analyzer at any point use to assist the group with measuring what an aggressor could find in the doubles in CompTIA PenTest+?
A. Immunity Debugger
B. OllyDbg
C. GDB
D. Drozer
Right Answer: B
19.) A mail administration organization has recruited an entrance analyzer to direct a specification of all client accounts on an SMTP server to recognize whether past staff part accounts are as yet dynamic. Which of the accompanying orders ought to be utilize to achieve the objective?
A. VRFY and EXPN
B. VRFY and TURN
C. EXPN and TURN
D. RCPT TO and VRFY
Right Answer: A
Explanation: SMTP
20.) A penetration tester was leading a penetration test and found the organization traffic was done arriving at the client’s IP address. The analyzer later found the SOC had utilized sinkholing on the infiltration analyzer’s IP address. Which of the accompanying BEST depicts what was the deal?
A. The penetration tester was trying some unacceptable resources
B. The arranging system neglect to guarantee all groups were inform
C. The client was not prepare for the appraisal to begin
D. The penetration tester had erroneous contact data
Right Answer: B