Is this exam completely free?

ExamCademy offers a free preview for every exam, covering around 20% of the total questions. Full access to all questions is available for free by signing up for an account. Optional supporters unlock AstroTutor (AI tutor) and advanced study modes.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! ExamCademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our practice questions are community-created and moderator-reviewed to align with realistic exam objectives, style, and difficulty.

PT1-002 by CompTIA - Page 1 | ExamCademy

Mode Selection

Question 1

Question 2

Question 3

A penetration tester conducted a vulnerability scan against a client's critical servers and found the following:

Question 4

A company that developers embedded software for the automobile industry has hired a penetration-testing team to evaluate the security of its products prior to delivery. The penetration-testing team has stated its intent to subcontract to a reverse-engineering team capable of analyzing binaries to develop proof-of-concept exploits. The software company has requested additional background investigations on the reverse-engineering team prior to approval of the subcontract. Which of the following concerns would BEST support the software company's request?

A The reverse-engineering team may have a history of selling exploits to third parties.
B The reverse-engineering team may use closed-source or other non-public information feeds for its analysis.
C The reverse-engineering team may not instill safety protocols sufficient for the automobile industry.
D The reverse-engineering team will be given access to source code for analysis.

Question 5

A penetration tester has been given eight business hours to gain access to a client's financial system. Which of the following techniques will have the highest likelihood of success?

A Attempting to tailgate an employee going into the client's workplace
B Dropping a malicious USB key with the company's logo in the parking lot
C Using a brute-force attack against the external perimeter to gain a foothold
D Performing spear phishing against employees by posing as senior management

Question 6

The results of an Nmap scan are as follows:

Question 7

Which of the following BEST describes why a client would hold a lessons-learned meeting with the penetration-testing team?

A To provide feedback on the report structure and recommend improvements
B To discuss the findings and dispute any false positives
C To determine any processes that failed to meet expectations during the assessment
D To ensure the penetration-testing team destroys all company data that was gathered during the test

Question 8

A penetration tester who is performing a physical assessment of a company's security practices notices the company does not have any shredders inside the office building. Which of the following techniques would be BEST to use to gain confidential information?

A Badge cloning
B Dumpster diving
C Tailgating
D Shoulder surfing

Question 9

The results of an Nmap scan are as follows:
Starting Nmap 7.80 ( https://nmap.org ) at 2021-01-24 01:10 EST
Nmap scan report for ( 10.2.1.22 )
Host is up (0.0102s latency).

Not shown: 998 filtered ports -

OS CPE: cpe:/a:qemu:qemu -
No exact OS matches found for host (test conditions non-ideal).
OS detection performed. Please report any incorrect results at https://nmap.org/submit/.
Nmap done: 1 IP address (1 host up) scanned in 107.45 seconds
Which of the following device types will MOST likely have a similar response? (Choose two.)

A Network device
B Public-facing web server
C Active Directory domain controller
D IoT/embedded device
E Exposed RDP
F Print queue

Question 10

A penetration tester conducted an assessment on a web server. The logs from this session show the following: http://www.thecompanydomain.com/servicestatus.php?serviceID=892&serviceID=892 `˜ ; DROP TABLE SERVICES; --
Which of the following attacks is being attempted?

A Clickjacking
B Session hijacking
C Parameter pollution
D Cookie hijacking
E Cross-site scripting

Question 11

An assessment has been completed, and all reports and evidence have been turned over to the client. Which of the following should be done NEXT to ensure the confidentiality of the client's information?

A Follow the established data retention and destruction process
B Report any findings to regulatory oversight groups
C Publish the findings after the client reviews the report
D Encrypt and store any client information for future analysis

Question 12

During a penetration-testing engagement, a consultant performs reconnaissance of a client to identify potential targets for a phishing campaign. Which of the following would allow the consultant to retrieve email addresses for technical and billing contacts quickly, without triggering any of the client's cybersecurity tools?
(Choose two.)

A Scraping social media sites
B Using the WHOIS lookup tool
C Crawling the client's website
D Phishing company employees
E Utilizing DNS lookup tools
F Conducting wardriving near the client facility

Question 13

A penetration tester who is doing a company-requested assessment would like to send traffic to another system using double tagging. Which of the following techniques would BEST accomplish this goal?

A RFID cloning
B RFID tagging
C Meta tagging
D Tag nesting

Question 14

A company is concerned that its cloud service provider is not adequately protecting the VMs housing its software development. The VMs are housed in a datacenter with other companies sharing physical resources. Which of the following attack types is MOST concerning to the company?

A Data flooding
B Session riding
C Cybersquatting
D Side channel

Question 15

SIMULATION -
You are a penetration tester running port scans on a server.

INSTRUCTIONS -
Part 1: Given the output, construct the command that was used to generate this output from the available options.
Part 2: Once the command is appropriately constructed, use the given output to identify the potential attack vectors that should be investigated further.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Question 16

A penetration tester is exploring a client's website. The tester performs a curl command and obtains the following:

Connected to 10.2.11.144 (::1) port 80 (#0)
> GET /readmine.html HTTP/1.1
> Host: 10.2.11.144
> User-Agent: curl/7.67.0
> Accept: /
>
Mark bundle as not supporting multiuse
< HTTP/1.1 200
< Date: Tue, 02 Feb 2021 21:46:47 GMT
< Server: Apache/2.4.41 (Debian)
< Content-Length: 317
< Content-Type: text/html; charset=iso-8859-1
<
<!DOCTYPE html>
<html lang=en>
<head>
<meta name=viewport content=width=device-width />
<meta http-equiv=Content-Type content=text/html; charset=utf-8 />
<title>WordPress › ReadMe</title>
<link rel=stylesheet href=wp-admin/css/install.css?ver=20100228 type=text/css />
</head>
Which of the following tools would be BEST for the penetration tester to use to explore this site further?

A Burp Suite
B DirBuster
C WPScan
D OWASP ZAP

Question 17

A penetration tester wrote the following script to be used in one engagement:

Question 18

A company conducted a simulated phishing attack by sending its employees emails that included a link to a site that mimicked the corporate SSO portal. Eighty percent of the employees who received the email clicked the link and provided their corporate credentials on the fake site. Which of the following recommendations would BEST address this situation?

A Implement a recurring cybersecurity awareness education program for all users.
B Implement multifactor authentication on all corporate applications.
C Restrict employees from web navigation by defining a list of unapproved sites in the corporate proxy.
D Implement an email security gateway to block spam and malware from email communications.

Question 19

A security professional wants to test an IoT device by sending an invalid packet to a proprietary service listening on TCP port 3011. Which of the following would allow the security professional to easily and programmatically manipulate the TCP header length and checksum using arbitrary numbers and to observe how the proprietary service responds?

A Nmap
B tcpdump
C Scapy
D hping3

Question 20

A penetration tester is reviewing the following SOW prior to engaging with a client:
Network diagrams, logical and physical asset inventory, and employees' names are to be treated as client confidential. Upon completion of the engagement, the penetration tester will submit findings to the client's Chief Information Security Officer (CISO) via encrypted protocols and subsequently dispose of all findings by erasing them in a secure manner.
Based on the information in the SOW, which of the following behaviors would be considered unethical? (Choose two.)

A Utilizing proprietary penetration-testing tools that are not available to the public or to the client for auditing and inspection
B Utilizing public-key cryptography to ensure findings are delivered to the CISO upon completion of the engagement
C Failing to share with the client critical vulnerabilities that exist within the client architecture to appease the client's senior leadership team
D Seeking help with the engagement in underground hacker forums by sharing the client's public IP address
E Using a software-based erase tool to wipe the client's findings from the penetration tester's laptop
F Retaining the SOW within the penetration tester's company for future use so the sales team can plan future engagements

Question 21

A company recruited a penetration tester to configure wireless IDS over the network. Which of the following tools would BEST test the effectiveness of the wireless
IDS solutions?

A Aircrack-ng
B Wireshark
C Wifite
D Kismet

Question 22

A penetration tester gains access to a system and establishes persistence, and then runs the following commands: cat /dev/null > temp touch `"r .bash_history temp mv temp .bash_history
Which of the following actions is the tester MOST likely performing?

A Redirecting Bash history to /dev/null
B Making a copy of the user's Bash history for further enumeration
C Covering tracks by clearing the Bash history
D Making decoy files on the system to confuse incident responders

That's the end of the Preview

Create a free account to unlock all questions for this exam.

Log In / Sign Up

Page 1 of 5 • Questions 1-25 of 110

1 2 3 4 5

→

Know a question that should be here? Contribute to this exam

A client wants a security assessment company to perform a penetration test against its hot site. The purpose of the test is to determine the effectiveness of the defenses that protect against disruptions to business continuity. Which of the following is the MOST important action to take before starting this type of assessment?

A Ensure the client has signed the SOW.
B Verify the client has granted network access to the hot site.
C Determine if the failover environment relies on resources not owned by the client.
D Establish communication and escalation procedures with the client.

A penetration tester ran a ping `"A command during an unknown environment test, and it returned a 128 TTL packet. Which of the following OSs would MOST likely return a packet of this type?

A Windows
B Apple
C Linux
D Android

Which of the following would be a recommendation for remediation?

A Deploy a user training program
B Implement a patch management plan
C Utilize the secure software development life cycle
D Configure access controls on each of the servers

Which of the following would be the BEST conclusion about this device?

A This device may be vulnerable to the Heartbleed bug due to the way transactions over TCP/22 handle heartbeat extension packets, allowing attackers to obtain sensitive information from process memory.
B This device is most likely a gateway with in-band management services.
C This device is most likely a proxy server forwarding requests over TCP/443.
D This device may be vulnerable to remote code execution because of a butter overflow vulnerability in the method used to extract DNS names from packets prior to DNSSEC validation.

Which of the following actions will this script perform?

A Look for open ports.
B Listen for a reverse shell.
C Attempt to flood open ports.
D Create an encrypted tunnel.