1. Home
  2. CompTIA
  3. PT0-002 Exam Info
  4. PT0-002 Exam Questions

Master CompTIA PenTest+ Certification Exam PT0-002: Your Gateway to Cybersecurity Excellence

Ready to elevate your cybersecurity career? Our cutting-edge CompTIA PenTest+ Certification Exam PT0-002 practice questions are your secret weapon. Designed by industry experts, these materials go beyond mere memorization, immersing you in real-world scenarios that mirror the challenges faced by today's ethical hackers and penetration testers. Whether you prefer the portability of PDF, the interactivity of web-based tools, or the robust features of desktop software, we've got you covered. Don't let imposter syndrome hold you back – join thousands of successful candidates who've cracked the code to CompTIA certification success. With our comprehensive question bank, you'll build the confidence to tackle advanced persistent threats, exploit vulnerabilities, and secure critical infrastructure. Time is ticking, and cybercrime isn't waiting. Invest in your future today and unlock doors to lucrative roles in red teaming, vulnerability assessment, and more. Your path to becoming a certified cybersecurity defender starts here!

Page: 1 /
Total 433 questions
Get Free Questions & Answers PDF
Question 1

A penetration tester is performing an assessment of an application that allows users to upload documents to a cloud-based file server for easy access anywhere in the world. Which of the following would most likely allow a tester to access unintentionally exposed documents?


Correct : A

A directory traversal attack, also known as a path traversal attack, is a method used to exploit insufficient security validation or sanitization of user-supplied input file names. The goal of this attack is to access directories and files that are stored outside the web root folder. By manipulating variables that reference files with ''../'' sequences and its variations, attackers can access restricted directories and execute commands outside of the web server's root directory.

In the context of an application that allows users to upload documents to a cloud-based file server, an attacker might exploit a directory traversal vulnerability to navigate to directories that contain sensitive documents. If the file upload functionality is not properly secured, an attacker could upload a file with a payload designed to perform directory traversal. This could allow access to confidential files that are otherwise protected by the application's access control mechanisms.


OWASP Directory Traversal Cheat Sheet: OWASP Directory Traversal

Practical example from HTB Writeups like Forge and Anubis which demonstrate similar enumeration techniques leading to sensitive file disclosures.

Options Selected by Other Users:
Mark Question:

Start a Discussions

Submit Your Answer:
0 / 1500
Question 2

A security consultant wants to perform a vulnerability assessment with an application that can effortlessly generate an easy-to-read report. Which of the following should the attacker use?


Correct : B

Nessus is a comprehensive vulnerability assessment tool that is widely used for conducting vulnerability assessments. It is known for its ability to generate detailed and easy-to-read reports, which makes it a preferred choice for security consultants who need to document their findings clearly.

Nessus scans for a wide range of vulnerabilities across different systems and applications. It provides a detailed report that includes the vulnerabilities found, their severity levels, and recommendations for remediation. This feature makes it ideal for security consultants who need to perform vulnerability assessments and present their findings to stakeholders in an understandable format.


Nessus product page: Tenable Nessus

Use of Nessus in penetration testing reports: The reports generated by Nessus have been referenced in various HTB writeups such as those for Luke and Horizontall.

Options Selected by Other Users:
Mark Question:

Start a Discussions

Submit Your Answer:
0 / 1500
Question 3

A penetration tester is attempting to perform reconnaissance on a customer's external-facing footprint and reviews a summary of the fingerprinting scans:

SSH servers: 23

NTP servers: 4

Rsync servers: 5

LDAP servers: 2

Which of the following OSs is the organization most likely using?


Correct : B

The presence of specific services like SSH, NTP, Rsync, and LDAP servers is indicative of a Unix-like operating system. Among the given options, FreeBSD is the most likely operating system that would be running all these services. FreeBSD is known for its robustness and extensive use in environments requiring stable and secure networking services.

Given the context of penetration testing and the enumeration of these services, FreeBSD's configuration and service management fit well with the identified services. Other operating systems listed (Mac OS X, Microsoft Windows, Linux) might not typically run all these services in a similar configuration, particularly NTP and Rsync, which are more common in Unix-like systems.


FreeBSD documentation on NTP and Rsync: FreeBSD Handbook, FreeBSD Rsync

Enumeration examples from HTB writeups such as Gobox and Writeup which often lead to identifying specific OS based on running services.

Options Selected by Other Users:
Mark Question:

Start a Discussions

Submit Your Answer:
0 / 1500
Question 4

During an assessment, a penetration tester obtains a list of password digests using Responder. Which of the following tools would the penetration tester most likely use next?


Correct : A

When a penetration tester obtains a list of password digests using Responder, the next logical step is to attempt to crack these password hashes to retrieve the plaintext passwords. Hashcat is one of the most widely used tools for this purpose. It is a high-performance password recovery tool that supports a wide range of hashing algorithms and can utilize the power of GPU acceleration to significantly speed up the cracking process.

Hashcat is preferred over tools like Hydra, CeWL, and Medusa in this context because it is specifically designed for cracking password hashes rather than brute-forcing login credentials (Hydra, Medusa) or generating custom wordlists (CeWL).


Hashcat official website: Hashcat

Usage examples in various penetration testing reports, including those involving password cracking and hash manipulation.

Options Selected by Other Users:
Mark Question:

Start a Discussions

Submit Your Answer:
0 / 1500
Question 5

During a REST API security assessment, a penetration tester was able to sniff JSON content containing user credentials. The JSON structure was as follows:

<

transaction_id: "1234S6", content: [ {

user_id: "mrcrowley", password: ["54321#"] b <

user_id: "ozzy",

password: ["1112228"] ) ]

Assuming that the variable json contains the parsed JSON data, which of the following Python code snippets correctly returns the password for the user ozzy?


Correct : C

To correctly return the password for the user 'ozzy' from the given JSON structure, the Python code snippet should navigate the nested structure appropriately. The 'content' array contains objects with 'user_id' and 'password' fields. The correct password for 'ozzy' can be accessed using the code json['content'][1]['password'][0], which navigates to the second object in the 'content' array (index 1) and then accesses the first element (index 0) of the 'password' array for that user.


Python JSON Handling

Python JSON Path Navigation

Options Selected by Other Users:
Mark Question:

Start a Discussions

Submit Your Answer:
0 / 1500
Page:    1 / 87   
Total 433 questions