Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
MuleSoft
Okta
Oracle
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. CompTIA
  3. PT0-002

CompTIA PT0-002 Exam (page: 4)
CompTIA PenTest+ Certification
Updated on: 25-Aug-2025

Viewing Page 4 of 105
PT0-002 PDF 520 Questions

A penetration tester was brute forcing an internal web server and ran a command that produced the following output:
However, when the penetration tester tried to browse the URL http://172.16.100.10:3000/profile, a blank page was displayed.
Which of the following is the MOST likely reason for the lack of output?

  1. The HTTP port is not open on the firewall.
  2. The tester did not run sudo before the command.
  3. The web server is using HTTPS instead of HTTP.
  4. This URI returned a server error.

Answer(s): D



A penetration tester was conducting a penetration test and discovered the network traffic was no longer reaching the client's IP address. The tester later discovered the SOC had used sinkholing on the penetration tester's IP address.
Which of the following MOST likely describes what happened?

  1. The penetration tester was testing the wrong assets.
  2. The planning process failed to ensure all teams were notified.
  3. The client was not ready for the assessment to start.
  4. The penetration tester had incorrect contact information.

Answer(s): B



An Nmap scan shows open ports on web servers and databases. A penetration tester decides to run WPScan and SQLmap to identify vulnerabilities and additional information about those systems.
Which of the following is the penetration tester trying to accomplish?

  1. Uncover potential criminal activity based on the evidence gathered.
  2. Identify all the vulnerabilities in the environment.
  3. Limit invasiveness based on scope.
  4. Maintain confidentiality of the findings.

Answer(s): B



A company hired a penetration tester to do a social-engineering test against its employees. Although the tester did not find any employees' phone numbers on the company's website, the tester has learned the complete phone catalog was published there a few months ago.
In which of the following places should the penetration tester look FIRST for the employees' numbers?

  1. Web archive
  2. GitHub
  3. File metadata
  4. Underground forums

Answer(s): A



A penetration tester wants to identify CVEs that can be leveraged to gain execution on a Linux server that has an SSHD running.
Which of the following would BEST support this task?

  1. Run nmap with the -O, -p22, and -sC options set against the target.
  2. Run nmap with the -sV and -p22 options set against the target.
  3. Run nmap with the --script vulners option set against the target.
  4. Run nmap with the -sA option set against the target.

Answer(s): C



Viewing Page 4 of 105



Share your comments for CompTIA PT0-002 exam with other users:

SAJI 7/20/2023 2:51:00 AM

56 question correct answer a,b
Anonymous


Summer 10/4/2023 9:57:00 PM

looking forward to the real exam
Anonymous