Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
MuleSoft
Okta
Oracle
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. CompTIA
  3. PT0-002

CompTIA PT0-002 Exam (page: 14)
CompTIA PenTest+ Certification
Updated on: 01-Sep-2025

Viewing Page 14 of 105
PT0-002 PDF 520 Questions

A company has hired a penetration tester to deploy and set up a rogue access point on the network.
Which of the following is the BEST tool to use to accomplish this goal?

  1. Wireshark
  2. Aircrack-ng
  3. Kismet
  4. Wifite

Answer(s): B


Reference:

https://null-byte.wonderhowto.com/how-to/hack-wi-fi-stealing-wi-fi-passwords-with-evil-twin-attack-0183880/



A penetration tester was able to gain access successfully to a Windows workstation on a mobile client's laptop.
Which of the following can be used to ensure the tester is able to maintain access to the system?

  1. schtasks /create /sc /ONSTART /tr C:\Temp|WindowsUpdate.exe
  2. wmic startup get caption,command
  3. crontab -l; echo ג€@reboot sleep 200 && ncat -lvp 4242 -e /bin/bashג€) | crontab 2>/dev/null
  4. sudo useradd -ou 0 -g 0 user

Answer(s): A



A company hired a penetration-testing team to review the cyber-physical systems in a manufacturing plant. The team immediately discovered the supervisory systems and PLCs are both connected to the company intranet.
Which of the following assumptions, if made by the penetration-testing team, is MOST likely to be valid?

  1. PLCs will not act upon commands injected over the network.
  2. Supervisors and controllers are on a separate virtual network by default.
  3. Controllers will not validate the origin of commands.
  4. Supervisory systems will detect a malicious injection of code/commands.

Answer(s): C



A penetration tester downloaded a Java application file from a compromised web server and identifies how to invoke it by looking at the following log:
Which of the following is the order of steps the penetration tester needs to follow to validate whether the Java application uses encryption over sockets?

  1. Run an application vulnerability scan and then identify the TCP ports used by the application.
  2. Run the application attached to a debugger and then review the application's log.
  3. Disassemble the binary code and then identify the break points.
  4. Start a packet capture with Wireshark and then run the application.

Answer(s): D



When planning a penetration-testing effort, clearly expressing the rules surrounding the optimal time of day for test execution is important because:

  1. security compliance regulations or laws may be violated.
  2. testing can make detecting actual APT more challenging.
  3. testing adds to the workload of defensive cyber- and threat-hunting teams.
  4. business and network operations may be impacted.

Answer(s): D



Viewing Page 14 of 105



Share your comments for CompTIA PT0-002 exam with other users:

SAJI 7/20/2023 2:51:00 AM

56 question correct answer a,b
Anonymous


Summer 10/4/2023 9:57:00 PM

looking forward to the real exam
Anonymous