1. Home
  2. CompTIA
  3. PT0-002

CompTIA PenTest+

Exam Details

  • Exam Code
    :PT0-002
  • Exam Name
    :CompTIA PenTest+
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :455 Q&As
  • Last Updated
    :Mar 28, 2025

CompTIA CompTIA Certifications PT0-002 Questions & Answers

  • Question 351:

    Which of the following compliance requirements would be BEST suited in an environment that processes credit card data?

    A. PCI DSS

    B. ISO 27001

    C. SOX

    D. GDPR

  • Question 352:

    A penetration tester successfully infiltrated the targeted web server and created credentials with administrative privileges. After conducting data exfiltration, which of the following should be the tester's NEXT step?

    A. Determine what data is available on the web server.

    B. Change or delete the logs.

    C. Log out and migrate to a new session.

    D. Log in as the new user.

  • Question 353:

    A penetration tester uncovered a flaw in an online banking web application that allows arbitrary requests to other internal network assets through a server-side request forgery. Which of the following would BEST reduce the risk of attack?

    A. Implement multifactor authentication on the web application to prevent unauthorized access of the application.

    B. Configure a secret management solution to ensure attackers are not able to gain access to confidential information.

    C. Ensure a patch management system is in place to ensure the web server system is hardened.

    D. Sanitize and validate all input within the web application to prevent internal resources from being accessed.

    E. Ensure that enhanced logging is enabled on the web application to detect the attack.

  • Question 354:

    Which of the following actions would BEST explain why a testing team would need to reach out to a customer's emergency contact during an assessment?

    A. To confirm assessment dates

    B. To escalate the detection of a prior compromise

    C. To submit the weekly status report

    D. To announce that testing will begin

  • Question 355:

    A penetration tester calls an IT employee and pretends to be the financial director of the company. The penetration tester asks the IT employee to reset the financial director's email password. The penetration tester claims to be at an ongoing, off-site meeting with some investors and needs a presentation file quickly downloaded from the director's mailbox. Which of following techniques is the penetration tester trying to utilize? (Choose two.)

    A. Scarcity

    B. Intimidation

    C. Authority

    D. Consensus

    E. Urgency

    F. Familiarity

  • Question 356:

    While performing an assessment on a web application, a penetration tester notices the web browser creates the following request when clicking on the stock status for an item:

    POST /product/stock HTTP/1.0

    Content-Type: application/x-www-form-urlencoded Content-Length: 118 stockApi=http://stock.shop.com:8080/product/stock/check%3FproductId%3D6%26storeId%3D1 Which of the following types of attacks would the penetration tester most likely try NEXT?

    A. Cross-site scripting

    B. Command injection

    C. Local file inclusion

    D. Server-side request forgery

  • Question 357:

    A penetration tester who is performing a physical assessment has achieved physical access to a call center for the assessed company. The tester is able to move freely around the room. Which of the following attack types is most likely to result in the tester obtaining personal or confidential information quickly?

    A. Dumpster diving

    B. Warwalking

    C. Vishing

    D. Smishing

    E. Shoulder surfing

  • Question 358:

    A penetration tester is validating whether input validation mechanisms have been implemented in a web application. Which of the following should the tester use to determine whether the application is vulnerable to path traversal attacks?

    A. GET /image?filename-..%2f..%2f..%2f..%2f..%2f..%2fetc%2fhosts

    B. GET /image?filename=lefitfe;pwd

    C. POST /image?filename -

    D. POST /image?filename =yhtak;ncat --ssl 192.168.0.1 2222

  • Question 359:

    As part of an active reconnaissance, a penetration tester intercepts and analyzes network traffic, including API requests and responses. Which of the following can be gained by capturing and examining the API traffic?

    A. Assessing the performance of the network's API communication

    B. Identifying the token/authentication detail

    C. Enumerating all users of the application

    D. Extracting confidential user data from the intercepted API responses

  • Question 360:

    An external consulting firm is hired to perform a penetration test and must keep the confidentiality of the security vulnerabilities and the private data found in a customer's systems. Which of the following documents addresses this requirement?

    A. ROE

    B. NDA

    C. MOU

    D. SLA

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PT0-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.