Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
MuleSoft
Okta
Oracle
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. CompTIA
  3. PT0-002

CompTIA PT0-002 Exam (page: 15)
CompTIA PenTest+ Certification
Updated on: 01-Sep-2025

Viewing Page 15 of 105
PT0-002 PDF 520 Questions

A company uses a cloud provider with shared network bandwidth to host a web application on dedicated servers. The company's contact with the cloud provider prevents any activities that would interfere with the cloud provider's other customers. When engaging with a penetration-testing company to test the application, which of the following should the company avoid?

  1. Crawling the web application's URLs looking for vulnerabilities
  2. Fingerprinting all the IP addresses of the application's servers
  3. Brute forcing the application's passwords
  4. Sending many web requests per second to test DDoS protection

Answer(s): D



A penetration tester is cleaning up and covering tracks at the conclusion of a penetration test. Which of the following should the tester be sure to remove from the system? (Choose two.)

  1. Spawned shells
  2. Created user accounts
  3. Server logs
  4. Administrator accounts
  5. Reboot system
  6. ARP cache

Answer(s): A,B



A software company has hired a security consultant to assess the security of the company's software development practices. The consultant opts to begin reconnaissance by performing fuzzing on a software binary. Which of the following vulnerabilities is the security consultant MOST likely to identify?

  1. Weak authentication schemes
  2. Credentials stored in strings
  3. Buffer overflows
  4. Non-optimized resource management

Answer(s): C



A penetration tester has prepared the following phishing email for an upcoming penetration test:
Which of the following is the penetration tester using MOST to influence phishing targets to click on the link?

  1. Familiarity and likeness
  2. Authority and urgency
  3. Scarcity and fear
  4. Social proof and greed

Answer(s): B



During a penetration test, a tester is able to change values in the URL from example.com/login.php?id=5 to example.com/login.php?id=10 and gain access to a web application. Which of the following vulnerabilities has the penetration tester exploited?

  1. Command injection
  2. Broken authentication
  3. Direct object reference
  4. Cross-site scripting

Answer(s): C



Viewing Page 15 of 105



Share your comments for CompTIA PT0-002 exam with other users:

SAJI 7/20/2023 2:51:00 AM

56 question correct answer a,b
Anonymous


Summer 10/4/2023 9:57:00 PM

looking forward to the real exam
Anonymous