[Sep-2025] CompTIA PenTest+ PT0-002 Exam Practice Dumps [Q26-Q45]

Share

[Sep-2025] CompTIA PenTest+ PT0-002 Exam Practice Dumps

2025 PT0-002 Premium Files Test pdf - Free Dumps Collection

NEW QUESTION # 26
A penetration tester gained access to one of the target company's servers. During the enumeration phase, the penetration tester lists the bash history and observes the following row:
Which of the following steps should the penetration tester take next?

  • A. Download hashes.
  • B. Brute force all mail users.
  • C. Enumerate mail server users.
  • D. Attempt to read email.

Answer: D


NEW QUESTION # 27
A private investigation firm is requesting a penetration test to determine the likelihood that attackers can gain access to mobile devices and then exfiltrate data from those devices. Which of the following is a social-engineering method that, if successful, would MOST likely enable both objectives?

  • A. Perform vishing on the IT help desk to gather a list of approved device IMEIs for masquerading.
  • B. Infest a website that is often used by employees with malware targeted toward x86 architectures.
  • C. Exploit a vulnerability in the MDM and create a new account and device profile.
  • D. Send an SMS with a spoofed service number including a link to download a malicious application.

Answer: D

Explanation:
Explanation
Since it doesn't indicate company owned devices, sending a text to download an application is best. And it says social-engineering so a spoofed text falls under that area.


NEW QUESTION # 28
Which of the following web-application security risks are part of the OWASP Top 10 v2017? (Choose two.)

  • A. Buffer overflows
  • B. Zero-day attacks
  • C. Race-condition attacks
  • D. Cross-site scripting
  • E. Injection flaws
  • F. Ransomware attacks

Answer: D,E

Explanation:
Explanation
A01-Injection
A02-Broken Authentication
A03-Sensitive Data Exposure
A04-XXE
A05-Broken Access Control
A06-Security Misconfiguration
A07-XSS
A08-Insecure Deserialization
A09-Using Components with Known Vulnerabilities
A10-Insufficient Logging & Monitoring


NEW QUESTION # 29
A company hired a penetration-testing team to review the cyber-physical systems in a manufacturing plant.
The team immediately discovered the supervisory systems and PLCs are both connected to the company intranet. Which of the following assumptions, if made by the penetration-testing team, is MOST likely to be valid?

  • A. Supervisors and controllers are on a separate virtual network by default.
  • B. Supervisory systems will detect a malicious injection of code/commands.
  • C. Controllers will not validate the origin of commands.
  • D. PLCs will not act upon commands injected over the network.

Answer: C

Explanation:
PLCs are programmable logic controllers that execute logic operations on input signals from sensors and output signals to actuators. They are often connected to supervisory systems that provide human-machine interfaces and data acquisition functions. If both systems are connected to the company intranet, they are exposed to potential attacks from internal or external adversaries. A valid assumption is that controllers will not validate the origin of commands, meaning that an attacker can send malicious commands to manipulate or sabotage the industrial process. The other assumptions are not valid because they contradict the facts or common practices.


NEW QUESTION # 30
A penetration tester has prepared the following phishing email for an upcoming penetration test:

Which of the following is the penetration tester using MOST to influence phishing targets to click on the link?

  • A. Authority and urgency
  • B. Social proof and greed
  • C. Familiarity and likeness
  • D. Scarcity and fear

Answer: A


NEW QUESTION # 31
Which of the following is the most secure method for sending the penetration test report to the client?

  • A. Sending the penetration test report via webmail using an HTTPS connection.
  • B. Sending the penetration test report on an online storage system.
  • C. Encrypting the penetration test report with the client's public key and sending it via email.
  • D. Sending the penetration test report inside a password-protected ZIP file.

Answer: C

Explanation:
Explanation
This is the most secure method for sending the penetration test report to the client because it ensures that only the client can decrypt and read the report using their private key. Encrypting the report with the client's public key prevents anyone else from accessing the report, even if they intercept or compromise the email. The other methods are not as secure because they rely on weaker or no encryption, or they expose the report to third-party services that may not be trustworthy or compliant.


NEW QUESTION # 32
A penetration tester found several critical SQL injection vulnerabilities during an assessment of a client's system. The tester would like to suggest mitigation to the client as soon as possible.
Which of the following remediation techniques would be the BEST to recommend? (Choose two.)

  • A. Closing open services
  • B. Output encoding
  • C. Encryption users' passwords
  • D. Users' input validation
  • E. Randomizing users' credentials
  • F. Parameterized queries

Answer: D,F

Explanation:
SQL injection is a type of attack that exploits a vulnerability in a web application that allows an attacker to execute malicious SQL statements on a database server. SQL injection can result in data theft, data corruption, authentication bypass, or command execution. To mitigate SQL injection vulnerabilities, the following remediation techniques are recommended:
* Users' input validation: This involves checking and sanitizing the user input before passing it to the database server. Input validation can prevent malicious or unexpected input from reaching the database server and causing harm. Input validation can be done by using whitelists, blacklists, regular expressions, or escaping mechanisms.
* Parameterized queries: This involves using placeholders or parameters for user input instead of concatenating it with the SQL statement. Parameterized queries can separate the user input from the SQL logic and prevent it from being interpreted as part of the SQL statement. Parameterized queries can be implemented by using prepared statements, stored procedures, or frameworks that support them. The other options are not relevant or effective remediation techniques for SQL injection vulnerabilities.


NEW QUESTION # 33
A penetration tester developed the following script:
bash
Copy code
for ip in $(seq 1 254);
do echo $(echo "192.168.15.$ip ") $(host 192.168.15.$ip dns.company.com | grep "domain name pointer")
done | grep "domain name pointer" | cut -d" " -f1,6
Which of the following best explains the purpose of this script?

  • A. To search for DNS servers among the IP addresses in a subnet
  • B. To query the DNS for IP addresses and corresponding hostnames in a subnet
  • C. To ping every IP address in a subnet to discover live hosts
  • D. To output a list of all IP addresses in a subnet for later scanning

Answer: B

Explanation:
The script queries DNS records for hostnames corresponding to IP addresses in the 192.168.15.0/24 subnet. It uses host to resolve domain names and extracts relevant results, aligning with CompTIA Pentest+ objectives on information gathering and network enumeration.


NEW QUESTION # 34
A client evaluating a penetration testing company requests examples of its work. Which of the following represents the BEST course of action for the penetration testers?

  • A. Provide raw output from penetration testing tools.
  • B. Allow the client to only view the information while in secure spaces.
  • C. Determine which reports are no longer under a period of confidentiality.
  • D. Redact identifying information and provide a previous customer's documentation.

Answer: C

Explanation:
Penetration testing reports contain sensitive information about the vulnerabilities and risks of a customer's systems and networks. Therefore, penetration testers should respect the confidentiality and privacy of their customers and only share their reports with authorized parties. Penetration testers should also follow the terms and conditions of their contracts with their customers, which may include a period of confidentiality that prohibits them from disclosing any information related to the testing without the customer's consent.


NEW QUESTION # 35
A penetration tester has obtained root access to a Linux-based file server and would like to maintain persistence after reboot. Which of the following techniques would BEST support this objective?

  • A. Run the nc -e /bin/sh <...> command.
  • B. Obtain /etc/shadow and brute force the root password.
  • C. Create a one-shot system service to establish a reverse shell.
  • D. Move laterally to create a user account on LDAP

Answer: C

Explanation:
https://hosakacorp.net/p/systemd-user.html
Creating a one-shot system service to establish a reverse shell is a technique that would best support maintaining persistence after reboot on a Linux-based file server. A system service is a program that runs in the background and performs various tasks without user interaction. A one-shot system service is a type of service that runs only once and then exits. A reverse shell is a type of shell that connects back to an attacker-controlled machine and allows remote command execution. By creating a one-shot system service that runs a reverse shell script at boot time, the penetration tester can ensure persistent access to the file server even after reboot.


NEW QUESTION # 36
A penetration tester ran a simple Python-based scanner. The following is a snippet of the code:

Which of the following BEST describes why this script triggered a `probable port scan` alert in the organization's IDS?

  • A. The remoteSvr variable has neither been type-hinted nor initialized.
  • B. *range(1, 1025) on line 1 populated the portList list in numerical order.
  • C. sock.settimeout(20) on line 7 caused each next socket to be created every 20 milliseconds.
  • D. Line 6 uses socket.SOCK_STREAM instead of socket.SOCK_DGRAM

Answer: B

Explanation:
Port randomization is widely used in port scanners. By default, Nmap randomizes the scanned port order (except that certain commonly accessible ports are moved near the beginning for efficiency reasons)
https://nmap.org/book/man-port-specification.html


NEW QUESTION # 37
The results of an Nmap scan are as follows:

Which of the following would be the BEST conclusion about this device?

  • A. This device may be vulnerable to the Heartbleed bug due to the way transactions over TCP/22 handle heartbeat extension packets, allowing attackers to obtain sensitive information from process memory.
  • B. This device may be vulnerable to remote code execution because of a butter overflow vulnerability in the method used to extract DNS names from packets prior to DNSSEC validation.
  • C. This device is most likely a gateway with in-band management services.
  • D. This device is most likely a proxy server forwarding requests over TCP/443.

Answer: C

Explanation:
The heart bleed bug is an open ssl bug which does not affect SSH Ref:
https://www.sos-berlin.com/en/news-heartbleed-bug-does-not-affect-jobscheduler-or-ssh


NEW QUESTION # 38
A tester who is performing a penetration test on a website receives the following output:
Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /var/www/search.php on line 62
Which of the following commands can be used to further attack the website?

  • A. ../../../../../../../../../../etc/passwd
  • B. 1 UNION SELECT 1, DATABASE(),3--
  • C. <script>var adr= '../evil.php?test=' + escape(document.cookie);</script>
  • D. /var/www/html/index.php;whoami

Answer: B


NEW QUESTION # 39
A penetration tester was brute forcing an internal web server and ran a command that produced the following output:

However, when the penetration tester tried to browse the URL http://172.16.100.10:3000/profile, a blank page was displayed.
Which of the following is the MOST likely reason for the lack of output?

  • A. The tester did not run sudo before the command.
  • B. This URI returned a server error.
  • C. The web server is using HTTPS instead of HTTP.
  • D. The HTTP port is not open on the firewall.

Answer: D


NEW QUESTION # 40
A penetration tester needs to perform a vulnerability scan against a web server. Which of the following tools is the tester MOST likely to choose?

  • A. Ethercap
  • B. Cain and Abel
  • C. Nikto
  • D. Nmap

Answer: C

Explanation:
Explanation
https://hackertarget.com/nikto-website-scanner/


NEW QUESTION # 41
Which of the following tools is commonly used for network scanning and enumeration during a penetration test?

  • A. Nmap
  • B. Metasploit
  • C. Burp Suite
  • D. Wireshark

Answer: A

Explanation:
Nmap is widely used for network scanning and enumeration. It identifies open ports, services, and vulnerabilities on a network. This directly relates to CompTIA Pentest+ objectives on scanning and enumeration methodologies.


NEW QUESTION # 42
During a security assessment, a penetration tester decides to implement a simple TCP port scanner to check the open ports from 1000 to 2000. Which of the following Python scripts would achieve this task?

  • A. fori in range(1000, 2001): s = socket(AF-INET, SOCK_DGRAM) conn = s.connect-ex((host_IP, i)) if (conn == 0): print(f'Port {i} OPEN') s.close ()
  • B. fori in range(1001, 2000): s = socket(AF_INET, SOCK_STREAM) conn = s.connect-ex((host_IP, i)) if (conn == 0): print (f'Port {i} OPEN') s.close ()
  • C. fori in range(1000, 2001): s = socket(AF_INET, SOCK_STREAM)
    conn = s.connect_ex((host_IP, i))
    if (conn == 0):
    print(fPort {i} OPEN')
  • D. close ()
  • E. fori in range (1000, 2000): s = socket(SOCK_STREAM, AF_INET) conn = s.connect-ex((host-IP, i)) if (conn == 0): print (f'Port {i} OPEN') s.close()

Answer: C

Explanation:
The correct Python script for implementing a simple TCP port scanner that checks for open ports from 1000 to
2000 is option A. This script uses a for loop to iterate through the range of ports, creates a socket object for each port using the socket.AF_INET address family (indicating IPv4) and socket.SOCK_STREAM socket type (indicating TCP), and attempts to connect to each port. If the connection attempt (connect_ex) returns 0, it indicates the port is open, and the script prints a message stating that the port is open before closing the socket. The other options contain syntax errors, use incorrect socket types, or have incorrect ranges that do not fully cover the specified ports.


NEW QUESTION # 43
For a penetration test engagement, a security engineer decides to impersonate the IT help desk. The security engineer sends a phishing email containing an urgent request for users to change their passwords and a link to
https://example.com/index.html. The engineer has designed the attack so that once the users enter the credentials, the index.html page takes the credentials and then forwards them to another server that the security engineer is controlling. Given the following information:

Which of the following lines of code should the security engineer add to make the attack successful?

  • A. crossDomain: true
  • B. redirectUrl = 'https://example.com'
  • C. window.location.= 'https://evilcorp.com'
  • D. geturlparameter ('username')

Answer: A


NEW QUESTION # 44
You are a penetration tester reviewing a client's website through a web browser.
INSTRUCTIONS
Review all components of the website through the browser to determine if vulnerabilities are present.
Remediate ONLY the highest vulnerability from either the certificate, source, or cookies.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.






Answer:

Explanation:


NEW QUESTION # 45
......

Get ready to pass the PT0-002 Exam right now using our CompTIA PenTest+ Exam Package: https://www.pass4guide.com/PT0-002-exam-guide-torrent.html

A fully updated 2025 PT0-002 Exam Dumps exam guide from training expert Pass4guide: https://drive.google.com/open?id=1aBHJqoSp6uZBX2mKqYVWyZUa0QjGixpQ