Is this exam completely free?

ExamCademy offers a free preview for every exam, covering around 20% of the total questions. Full access to all questions is available for free by signing up for an account. Optional supporters unlock AstroTutor (AI tutor) and advanced study modes.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! ExamCademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our practice questions are community-created and moderator-reviewed to align with realistic exam objectives, style, and difficulty.

PT0-002 by CompTIA - Page 1 | ExamCademy

Mode Selection

Question 1

Question 2

Question 3

A penetration tester is conducting an authorized, physical penetration test to attempt to enter a client's building during non-business hours. Which of the following are MOST important for the penetration tester to have during the test? (Choose two.)

A A handheld RF spectrum analyzer
B A mask and personal protective equipment
C Caution tape for marking off insecure areas
D A dedicated point of contact at the client
E The paperwork documenting the engagement
F Knowledge of the building's normal business hours

Question 4

A penetration tester receives the following results from an Nmap scan:

Question 5

A penetration tester would like to obtain FTP credentials by deploying a workstation as an on-path attack between the target and the server that has the FTP protocol. Which of the following methods would be the BEST to accomplish this objective?

A Wait for the next login and perform a downgrade attack on the server.
B Capture traffic using Wireshark.
C Perform a brute-force attack over the server.
D Use an FTP exploit against the server.

Question 6

Appending string values onto another string is called:

A compilation
B connection
C concatenation
D conjunction

Question 7

A consultant is reviewing the following output after reports of intermittent connectivity issues:

Question 8

Which of the following web-application security risks are part of the OWASP Top 10 v2017? (Choose two.)

A Buffer overflows
B Cross-site scripting
C Race-condition attacks
D Zero-day attacks
E Injection flaws
F Ransomware attacks

Question 9

The results of an Nmap scan are as follows:

Question 10

When preparing for an engagement with an enterprise organization, which of the following is one of the MOST important items to develop fully prior to beginning the penetration testing activities?

A Clarify the statement of work
B Obtain an asset inventory from the client
C Interview all stakeholders
D Identify all third parties involved.

Question 11

A penetration tester is reviewing the following SOW prior to engaging with a client.
Network diagrams, logical and physical asset inventory, and employees' names are to be treated as client confidential. Upon completion of the engagement, the penetration tester will submit findings to the client's Chief Information Security Officer (CISO) via encrypted protocols and subsequently dispose of all findings by erasing them in a secure manner.
Based on the information in the SOW, which of the following behaviors would be considered unethical? (Choose two.)

A Utilizing proprietary penetration-testing tools that are not available to the public or to the client for auditing and inspection
B Utilizing public-key cryptography to ensure findings are delivered to the CISO upon completion of the engagement.
C Failing to share with the client critical vulnerabilities that exist within the client architecture to appease the client's senior leadership team.
D Seeking help with the engagement in underground hacker forums by sharing the client's public IP address
E Using a software-based erase tool to wipe the client's findings from the penetration tester's laptop.
F Retaining the SOW within the penetration tester's company for future use so the sales team can plan future engagements

Question 12

A penetration tester downloaded the following Perl script that can be used to identify vulnerabilities in network switches. However, the script is not working properly.

Question 13

SIMULATION -
You are a penetration tester reviewing a client's website through a web browser.

INSTRUCTIONS -
Review all components of the website through the browser to determine if vulnerabilities are present.
Remediate ONLY the highest vulnerability from either the certificate, source, or cookies.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Question 14

A penetration tester finds a PHP script used by a web application in an unprotected internal source code repository. After reviewing the code, the tester identifies the following:

Question 15

A penetration tester has obtained root access to a Linux-based file server and would like to maintain persistence after reboot. Which of the following techniques would BEST support this objective?

A Create a one-shot system service to establish a reverse shell
B Obtain /etc/shadow and brute force the root password.
C Run the nc ג€"e /bin/sh <ג€¦> command
D Move laterally to create a user account on LDAP

Question 16

A penetration tester is conducting a penetration test. The tester obtains a root-level shell on a Linux server and discovers the following data in a file named password.txt in the /home/svsacct directory:
U3VQZXIkM2NyZXQhCg==
Which of the following commands should the tester use NEXT to decode the contents of the file?

A echo U3VQZXIkM2NyZXQhCg== | base64 ג€"d
B tar zxvf password.txt
C hydra ג€"l svsacct ג€"p U3VQZXIkM2NyZXQhCg== ssh://192.168.1.0/24
D john --wordlist /usr/share/seclists/rockyou.txt password.txt

Question 17

A company has recruited a penetration tester to conduct a vulnerability scan over the network. The test is confirmed to be on a known environment. Which of the following would be the BEST option to identify a system properly prior to performing the assessment?

A Asset inventory
B DNS records
C Web-application scan
D Full scan

Question 18

A security firm has been hired to perform an external penetration test against a company. The only information the firm received was the company name. Which of the following passive reconnaissance approaches would be MOST likely to yield positive initial results?

A Specially craft and deploy phishing emails to key company leaders.
B Run a vulnerability scan against the company's external website.
C Runtime the company's vendor/supply chain.
D Scrape web presences and social-networking sites.

Question 19

A security firm is discussing the results of a penetration test with the client. Based on the findings, the client wants to focus the remaining time on a critical network segment. Which of the following BEST describes the action taking place?

A Maximizing the likelihood of finding vulnerabilities
B Reprioritizing the goals/objectives
C Eliminating the potential for false positives
D Reducing the risk to the client environment

Question 20

Which of the following tools would be BEST suited to perform a manual web application security assessment? (Choose two.)

A OWASP ZAP
B Nmap
C Nessus
D BeEF
E Hydra
F Burp Suite

Question 21

Running a vulnerability scanner on a hybrid network segment that includes general IT servers and industrial control systems:

A will reveal vulnerabilities in the Modbus protocol
B may cause unintended failures in control systems
C may reduce the true positive rate of findings
D will create a denial-of-service condition on the IP networks

Question 22

Which of the following provides a matrix of common tactics and techniques uses by attackers along with recommended mitigations?

A NIST SP 800-53
B OWASP Top 10
C MITRE ATT&CK framework
D PTES technical guidelines

Question 23

A security engineer identified a new server on the network and wants to scan the host to determine if it is running an approved version of Linux and a patched version of Apache. Which of the following commands will accomplish this task?

A nmap ג€"f ג€"sV ג€"p80 192.168.1.20
B nmap ג€"sS ג€"sL ג€"p80 192.168.1.20
C nmap ג€"A ג€"T4 ג€"p80 192.168.1.20
D nmap ג€"O ג€"v ג€"p80 192.168.1.20

Question 24

A Chief Information Security Officer wants a penetration tester to evaluate the security awareness level of the company's employees.
Which of the following tools can help the tester achieve this goal?

A Metasploit
B Hydra
C SET
D WPScan

Question 25

A mail service company has hired a penetration tester to conduct an enumeration of all user accounts on an SMTP server to identify whether previous staff member accounts are still active. Which of the following commands should be used to accomplish the goal?

A VRFY and EXPN
B VRFY and TURN
C EXPN and TURN
D RCPT TO and VRFY

Page 1 of 19 • Questions 1-25 of 461

1 2 3 4 5

→

Know a question that should be here? Contribute to this exam

Which of the following commands will allow a penetration tester to permit a shell script to be executed by the file owner?

A chmod u+x script.sh
B chmod u+e script.sh
C chmod o+e script.sh
D chmod o+x script.sh

Which of the following is MOST important to include in the final report of a static application-security test that was written with a team of application developers as the intended audience?

A Executive summary of the penetration-testing methods used
B Bill of materials including supplies, subcontracts, and costs incurred during assessment
C Quantitative impact assessments given a successful software compromise
D Code context for instances of unsafe typecasting operations

Which of the following OSs is the target MOST likely running?

A CentOS
B Arch Linux
C Windows Server
D Ubuntu

Which of the following is MOST likely to be reported by the consultant?

A A device on the network has an IP address in the wrong subnet.
B A multicast session was initiated using the wrong multicast group.
C An ARP flooding attack is using the broadcast address to perform DDoS.
D A device on the network has poisoned the ARP cache.

Which of the following would be the BEST conclusion about this device?

A This device may be vulnerable to the Heartbleed bug due to the way transactions over TCP/22 handle heartbeat extension packets, allowing attackers to obtain sensitive information from process memory.
B This device is most likely a gateway with in-band management services.
C This device is most likely a proxy server forwarding requests over TCP/443.
D This device may be vulnerable to remote code execution because of a buffer overflow vulnerability in the method used to extract DNS names from packets prior to DNSSEC validation.

Which of the following changes should the tester apply to make the script work as intended?

A Change line 2 to $ip= ג€10.192.168.254ג€;
B Remove lines 3, 5, and 6.
C Remove line 6.
D Move all the lines below line 7 to the top of the script.

Which of the following combinations of tools would the penetration tester use to exploit this script?

A Hydra and crunch
B Netcat and cURL
C Burp Suite and DIRB
D Nmap and OWASP ZAP

PT0-002Preview