Winter Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtreat

PT0-002 CompTIA PenTest+ Certification Exam Questions and Answers

Questions 4

The output from a penetration testing tool shows 100 hosts contained findings due to improper patch management. Which of the following did the penetration tester perform?

Options:

A.

A vulnerability scan

B.

A WHOIS lookup

C.

A packet capture

D.

An Nmap scan

Buy Now
Questions 5

A penetration tester finds a PHP script used by a web application in an unprotected internal source code repository. After reviewing the code, the tester identifies the following:

Which of the following combinations of tools would the penetration tester use to exploit this script?

Options:

A.

Hydra and crunch

B.

Netcat and cURL

C.

Burp Suite and DIRB

D.

Nmap and OWASP ZAP

Buy Now
Questions 6

During an internal penetration test against a company, a penetration tester was able to navigate to another part of the network and locate a folder containing customer information such as addresses, phone numbers, and credit card numbers. To be PCI compliant, which of the following should the company have implemented to BEST protect this data?

Options:

A.

Vulnerability scanning

B.

Network segmentation

C.

System hardening

D.

Intrusion detection

Buy Now
Questions 7

After gaining access to a previous system, a penetration tester runs an Nmap scan against a network with the following results:

The tester then runs the following command from the previous exploited system, which fails:

Which of the following explains the reason why the command failed?

Options:

A.

The tester input the incorrect IP address.

B.

The command requires the ג-port 135 option.

C.

An account for RDP does not exist on the server.

D.

PowerShell requires administrative privilege.

Buy Now
Questions 8

Penetration tester has discovered an unknown Linux 64-bit executable binary. Which of the following tools would be BEST to use to analyze this issue?

Options:

A.

Peach

B.

WinDbg

C.

GDB

D.

OllyDbg

Buy Now
Questions 9

A penetration tester is conducting a penetration test. The tester obtains a root-level shell on a Linux server and discovers the following data in a file named password.txt in the /home/svsacct directory:

U3VQZXIkM2NyZXQhCg==

Which of the following commands should the tester use NEXT to decode the contents of the file?

Options:

A.

echo U3VQZXIkM2NyZXQhCg== | base64 ג€"d

B.

tar zxvf password.txt

C.

hydra ג€"l svsacct ג€"p U3VQZXIkM2NyZXQhCg== ssh://192.168.1.0/24

D.

john --wordlist /usr/share/seclists/rockyou.txt password.txt

Buy Now
Questions 10

During a penetration test, a tester is in close proximity to a corporate mobile device belonging to a network administrator that is broadcasting Bluetooth frames.

Which of the following is an example of a Bluesnarfing attack that the penetration tester can perform?

Options:

A.

Sniff and then crack the WPS PIN on an associated WiFi device.

B.

Dump the user address book on the device.

C.

Break a connection between two Bluetooth devices.

D.

Transmit text messages to the device.

Buy Now
Questions 11

While performing the scanning phase of a penetration test, the penetration tester runs the following command:

........v -sV -p- 10.10.10.23-28

....ip scan is finished, the penetration tester notices all hosts seem to be down. Which of the following options should the penetration tester try next?

Options:

A.

-su

B.

-pn

C.

-sn

D.

-ss

Buy Now
Questions 12

Which of the following situations would MOST likely warrant revalidation of a previous security assessment?

Options:

A.

After detection of a breach

B.

After a merger or an acquisition

C.

When an organization updates its network firewall configurations

D.

When most of the vulnerabilities have been remediated

Buy Now
Questions 13

A security firm has been hired to perform an external penetration test against a company. The only information the firm received was the company name. Which of the following passive reconnaissance approaches would be MOST likely to yield positive initial results?

Options:

A.

Specially craft and deploy phishing emails to key company leaders.

B.

Run a vulnerability scan against the company's external website.

C.

Runtime the company's vendor/supply chain.

D.

Scrape web presences and social-networking sites.

Buy Now
Questions 14

During a penetration test, a tester is able to change values in the URL from example.com/login.php?id=5 to example.com/login.php?id=10 and gain access to a web application. Which of the following vulnerabilities has the penetration tester exploited?

Options:

A.

Command injection

B.

Broken authentication

C.

Direct object reference

D.

Cross-site scripting

Buy Now
Questions 15

Given the following code:

Which of the following data structures is systems?

Options:

A.

A tuple

B.

A tree

C.

An array

D.

A dictionary

Buy Now
Questions 16

Which of the following is the BEST resource for obtaining payloads against specific network infrastructure products?

Options:

A.

Exploit-DB

B.

Metasploit

C.

Shodan

D.

Retina

Buy Now
Questions 17

A penetration tester captured the following traffic during a web-application test:

Which of the following methods should the tester use to visualize the authorization information being transmitted?

Options:

A.

Decode the authorization header using UTF-8.

B.

Decrypt the authorization header using bcrypt.

C.

Decode the authorization header using Base64.

D.

Decrypt the authorization header using AES.

Buy Now
Questions 18

A client evaluating a penetration testing company requests examples of its work. Which of the following represents the BEST course of action for the penetration testers?

Options:

A.

Redact identifying information and provide a previous customer's documentation.

B.

Allow the client to only view the information while in secure spaces.

C.

Determine which reports are no longer under a period of confidentiality.

D.

Provide raw output from penetration testing tools.

Buy Now
Questions 19

Which of the following BEST explains why a penetration tester cannot scan a server that was previously scanned successfully?

Options:

A.

The IP address is wrong.

B.

The server is unreachable.

C.

The IP address is on the blocklist.

D.

The IP address is on the allow list.

Buy Now
Questions 20

Penetration tester who was exclusively authorized to conduct a physical assessment noticed there were no cameras pointed at the dumpster for company. The penetration tester returned at night and collected garbage that contained receipts for recently purchased networking :. The models of equipment purchased are vulnerable to attack. Which of the following is the most likely next step for the penetration?

Options:

A.

Alert the target company of the discovered information.

B.

Verify the discovered information is correct with the manufacturer.

C.

Scan the equipment and verify the findings.

D.

Return to the dumpster for more information.

Buy Now
Questions 21

During a code review assessment, a penetration tester finds the following vulnerable code inside one of the web application files:

<% String id = request.getParameter("id"); %>

Employee ID: <%= id %>

Which of the following is the best remediation to prevent a vulnerability from being exploited, based on this code?

Options:

A.

Parameterized queries

B.

Patch application

C.

Output encoding

Buy Now
Questions 22

During a REST API security assessment, a penetration tester was able to sniff JSON content containing user credentials. The JSON structure was as follows:

<

transaction_id: "1234S6", content: [ {

user_id: "mrcrowley", password: ["€54321#"] b <

user_id: "ozzy",

password: ["1112228"] ) ]

Assuming that the variable json contains the parsed JSON data, which of the following Python code snippets correctly returns the password for the user ozzy?

Options:

A.

json['content']['password'][1]

B.

json['user_id']['password'][0][1]

C.

json['content'][1]['password'][0]

D.

json['content'][0]['password'][1]

Buy Now
Questions 23

Which of the following is the most important aspect to consider when calculating the price of a penetration test service for a client?

Options:

A.

Operating cost

B.

Required scope of work

C.

Non-disclosure agreement

D.

Client's budget

Buy Now
Questions 24

A penetration tester is looking for a particular type of service and obtains the output below:

I Target is synchronized with 127.127.38.0 (reference clock)

I Alternative Target Interfaces:

I 10.17.4.20

I Private Servers (0)

I Public Servers (0)

I Private Peers (0)

I Public Peers (0)

I Private Clients (2)

I 10.20.8.69 169.254.138.63

I Public Clients (597)

I 4.79.17.248 68.70.72.194 74.247.37.194 99.190.119.152

I 12.10.160.20 68.80.36.133 75.1.39.42 108.7.58.118

I 68.56.205.98

I 2001:1400:0:0:0:0:0:1 2001:16d8:ddOO:38:0:0:0:2

I 2002:db5a:bccd:l:21d:e0ff:feb7:b96f 2002:b6ef:81c4:0:0:1145:59c5:3682

I Other Associations (1)

|_ 127.0.0.1 seen 1949869 times, last tx was unicast v2 mode 7

Which of the following commands was executed by the tester?

Options:

A.

nmap-sU-pU:517-Pn-n—script=supermicro-ipmi-config

B.

nmap-sU-pU:123-Pn-n—script=ntp-monlist

C.

nmap-sU-pU:161-Pn-n—script«voldemort-info

D.

nmap-sU-pU:37 -Pn -n —script=icap-info

Buy Now
Questions 25

A penetration tester managed to get control of an internal web server that is hosting the IT knowledge base. Which of the following attacks should the penetration tester attempt next?

Options:

A.

Vishing

B.

Watering hole

C.

Whaling

D.

Spear phishing

Buy Now
Questions 26

A penetration tester gained access to one of the target company's servers. During the enumeration phase, the penetration tester lists the bash history and observes the following row:

Which of the following steps should the penetration tester take next?

Options:

A.

Brute force all mail users.

B.

Enumerate mail server users.

C.

Attempt to read email.

D.

Download hashes.

Buy Now
Questions 27

A penetration tester discovered a vulnerability that has the following CVEs:

Which of the following CVEs should be remediated first?

Options:

A.

CVE-2007-6750

B.

CVE-2011-3192

C.

CVE-2012-2122

D.

CVE-2014-0160

E.

CVE-2017-7494

Buy Now
Questions 28

A penetration tester discovers a file, key.enc. on a shared drive and then executes the following command, which yields the following output:

Which of the following are the best recommendations for the penetration tester to suggest? (Select two).

Options:

A.

Implementing password management

B.

Switching to using DSA keys

C.

Using stronger encryption for private key files

D.

Deleting unencrypted files from the share

E.

Disabling the openssl command

F.

Initiating key rotation

Buy Now
Questions 29

A penetration tester has been provided with only the public domain name and must enumerate additional information for the public-facing assets.

INSTRUCTIONS

Select the appropriate answer(s), given the output from each section.

Output 1

Options:

Buy Now
Questions 30

In Python socket programming, SOCK_DGRAM type is:

Options:

A.

reliable.

B.

matrixed.

C.

connectionless.

D.

slower.

Buy Now
Questions 31

Which of the following is the MOST important information to have on a penetration testing report that is written for the developers?

Options:

A.

Executive summary

B.

Remediation

C.

Methodology

D.

Metrics and measures

Buy Now
Questions 32

A penetration tester wrote the following comment in the final report: "Eighty-five percent of the systems tested were found to be prone to unauthorized access from the internet." Which of the following audiences was this message intended?

Options:

A.

Systems administrators

B.

C-suite executives

C.

Data privacy ombudsman

D.

Regulatory officials

Buy Now
Questions 33

Given the following Nmap scan command:

[root@kali ~]# nmap 192.168.0 .* -- exclude 192.168.0.101

Which of the following is the total number of servers that Nmap will attempt to scan?

Options:

A.

1

B.

101

C.

255

D.

256

Buy Now
Questions 34

A penetration tester captures SMB network traffic and discovers that users are mistyping the name of a fileshare server. This causes the workstations to send out requests attempting to resolve the fileshare server's name. Which of the following is the best way for a penetration tester to exploit this situation?

Options:

A.

Relay the traffic to the real file server and steal documents as they pass through.

B.

Host a malicious file to compromise the workstation.

C.

Reply to the broadcasts with a fake IP address to deny access to the real file server.

D.

Respond to the requests with the tester's IP address and steal authentication credentials.

Buy Now
Questions 35

A penetration tester will be performing a vulnerability scan as part of the penetration test on a client's website. The tester plans to run several Nmap scripts that probe for vulnerabilities while avoiding detection. Which of the following Nmap options will the penetration tester MOST likely utilize?

Options:

A.

-а8 -T0

B.

--script "http*vuln*"

C.

-sn

D.

-O -A

Buy Now
Questions 36

A penetration tester ran a simple Python-based scanner. The following is a snippet of the code:

Which of the following BEST describes why this script triggered a `probable port scan` alert in the organization's IDS?

Options:

A.

sock.settimeout(20) on line 7 caused each next socket to be created every 20 milliseconds.

B.

*range(1, 1025) on line 1 populated the portList list in numerical order.

C.

Line 6 uses socket.SOCK_STREAM instead of socket.SOCK_DGRAM

D.

The remoteSvr variable has neither been type-hinted nor initialized.

Buy Now
Questions 37

A penetration tester learned that when users request password resets, help desk analysts change users' passwords to 123change. The penetration tester decides to brute force an internet-facing webmail to check which users are still using the temporary password. The tester configures the brute-force tool to test usernames found on a text file and the... Which of the following techniques is the penetration tester using?

Options:

A.

Password brute force attack

B.

SQL injection

C.

Password spraying

D.

Kerberoasting

Buy Now
Questions 38

A penetration tester wants to find hidden information in documents available on the web at a particular domain. Which of the following should the penetration tester use?

Options:

A.

Netcraft

B.

CentralOps

C.

Responder

D.

FOCA

Buy Now
Questions 39

A company obtained permission for a vulnerability scan from its cloud service provider and now wants to test the security of its hosted data.

Which of the following should the tester verify FIRST to assess this risk?

Options:

A.

Whether sensitive client data is publicly accessible

B.

Whether the connection between the cloud and the client is secure

C.

Whether the client's employees are trained properly to use the platform

D.

Whether the cloud applications were developed using a secure SDLC

Buy Now
Questions 40

Which of the following protocols or technologies would provide in-transit confidentiality protection for emailing the final security assessment report?

Options:

A.

S/MIME

B.

FTPS

C.

DNSSEC

D.

AS2

Buy Now
Questions 41

Which of the following describe the GREATEST concerns about using third-party open-source libraries in application code? (Choose two.)

Options:

A.

The libraries may be vulnerable

B.

The licensing of software is ambiguous

C.

The libraries’ code bases could be read by anyone

D.

The provenance of code is unknown

E.

The libraries may be unsupported

F.

The libraries may break the application

Buy Now
Questions 42

A Chief Information Security Officer wants a penetration tester to evaluate the security awareness level of the company’s employees.

Which of the following tools can help the tester achieve this goal?

Options:

A.

Metasploit

B.

Hydra

C.

SET

D.

WPScan

Buy Now
Questions 43

A security professional wants to test an IoT device by sending an invalid packet to a proprietary service listening on TCP port 3011. Which of the following would allow the security professional to easily and programmatically manipulate the TCP header length and checksum using arbitrary numbers and to observe how the proprietary service responds?

Options:

A.

Nmap

B.

tcpdump

C.

Scapy

D.

hping3

Buy Now
Questions 44

A client wants a security assessment company to perform a penetration test against its hot site. The purpose of the test is to determine the effectiveness of the defenses that protect against disruptions to business continuity. Which of the following is the MOST important action to take before starting this type of assessment?

Options:

A.

Ensure the client has signed the SOW.

B.

Verify the client has granted network access to the hot site.

C.

Determine if the failover environment relies on resources not owned by the client.

D.

Establish communication and escalation procedures with the client.

Buy Now
Questions 45

A mail service company has hired a penetration tester to conduct an enumeration of all user accounts on an SMTP server to identify whether previous staff member accounts are still active. Which of the following commands should be used to accomplish the goal?

Options:

A.

VRFY and EXPN

B.

VRFY and TURN

C.

EXPN and TURN

D.

RCPT TO and VRFY

Buy Now
Questions 46

An Nmap scan shows open ports on web servers and databases. A penetration tester decides to run WPScan and SQLmap to identify vulnerabilities and additional information about those systems.

Which of the following is the penetration tester trying to accomplish?

Options:

A.

Uncover potential criminal activity based on the evidence gathered.

B.

Identify all the vulnerabilities in the environment.

C.

Limit invasiveness based on scope.

D.

Maintain confidentiality of the findings.

Buy Now
Questions 47

The following line-numbered Python code snippet is being used in reconnaissance:

Which of the following line numbers from the script MOST likely contributed to the script triggering a “probable port scan” alert in the organization’s IDS?

Options:

A.

Line 01

B.

Line 02

C.

Line 07

D.

Line 08

Buy Now
Questions 48

An Nmap network scan has found five open ports with identified services. Which of the following tools should a penetration tester use NEXT to determine if any vulnerabilities with associated exploits exist on the open ports?

Options:

A.

OpenVAS

B.

Drozer

C.

Burp Suite

D.

OWASP ZAP

Buy Now
Questions 49

A penetration tester has obtained shell access to a Windows host and wants to run a specially crafted binary for later execution using the wmic.exe process call create function. Which of the following OS or filesystem mechanisms is MOST likely to support this objective?

Options:

A.

Alternate data streams

B.

PowerShell modules

C.

MP4 steganography

D.

PsExec

Buy Now
Questions 50

A penetration tester needs to access a building that is guarded by locked gates, a security team, and cameras. Which of the following is a technique the tester can use to gain access to the IT framework without being detected?

Options:

A.

Pick a lock.

B.

Disable the cameras remotely.

C.

Impersonate a package delivery worker.

D.

Send a phishing email.

Buy Now
Questions 51

During a penetration-testing engagement, a consultant performs reconnaissance of a client to identify potential targets for a phishing campaign. Which of the following would allow the consultant to retrieve email addresses for technical and billing contacts quickly, without triggering any of the client’s cybersecurity tools? (Choose two.)

Options:

A.

Scraping social media sites

B.

Using the WHOIS lookup tool

C.

Crawling the client’s website

D.

Phishing company employees

E.

Utilizing DNS lookup tools

F.

Conducting wardriving near the client facility

Buy Now
Questions 52

Which of the following expressions in Python increase a variable val by one (Choose two.)

Options:

A.

val++

B.

+val

C.

val=(val+1)

D.

++val

E.

val=val++

F.

val+=1

Buy Now
Questions 53

A company has hired a penetration tester to deploy and set up a rogue access point on the network.

Which of the following is the BEST tool to use to accomplish this goal?

Options:

A.

Wireshark

B.

Aircrack-ng

C.

Kismet

D.

Wifite

Buy Now
Questions 54

A company hired a penetration-testing team to review the cyber-physical systems in a manufacturing plant. The team immediately discovered the supervisory systems and PLCs are both connected to the company intranet. Which of the following assumptions, if made by the penetration-testing team, is MOST likely to be

valid?

Options:

A.

PLCs will not act upon commands injected over the network.

B.

Supervisors and controllers are on a separate virtual network by default.

C.

Controllers will not validate the origin of commands.

D.

Supervisory systems will detect a malicious injection of code/commands.

Buy Now
Questions 55

You are a security analyst tasked with hardening a web server.

You have been given a list of HTTP payloads that were flagged as malicious.

INSTRUCTIONS

Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Options:

Buy Now
Questions 56

A penetration tester completed a vulnerability scan against a web server and identified a single but severe vulnerability.

Which of the following is the BEST way to ensure this is a true positive?

Options:

A.

Run another scanner to compare.

B.

Perform a manual test on the server.

C.

Check the results on the scanner.

D.

Look for the vulnerability online.

Buy Now
Questions 57

A penetration tester received a 16-bit network block that was scoped for an assessment. During the assessment, the tester realized no hosts were active in the provided block of IPs and reported this to the company. The company then provided an updated block of IPs to the tester. Which of the following would be the most appropriate NEXT step?

Options:

A.

Terminate the contract.

B.

Update the ROE with new signatures. Most Voted

C.

Scan the 8-bit block to map additional missed hosts.

D.

Continue the assessment.

Buy Now
Questions 58

Running a vulnerability scanner on a hybrid network segment that includes general IT servers and industrial control systems:

Options:

A.

will reveal vulnerabilities in the Modbus protocol.

B.

may cause unintended failures in control systems.

C.

may reduce the true positive rate of findings.

D.

will create a denial-of-service condition on the IP networks.

Buy Now
Questions 59

A penetration tester is assessing a wireless network. Although monitoring the correct channel and SSID, the tester is unable to capture a handshake between the clients and the AP. Which of the following attacks is the MOST effective to allow the penetration tester to capture a handshake?

Options:

A.

Key reinstallation

B.

Deauthentication

C.

Evil twin

D.

Replay

Buy Now
Questions 60

A penetration tester is exploring a client’s website. The tester performs a curl command and obtains the following:

* Connected to 10.2.11.144 (::1) port 80 (#0)

> GET /readmine.html HTTP/1.1

> Host: 10.2.11.144

> User-Agent: curl/7.67.0

> Accept: */*

>

* Mark bundle as not supporting multiuse

< HTTP/1.1 200

< Date: Tue, 02 Feb 2021 21:46:47 GMT

< Server: Apache/2.4.41 (Debian)

< Content-Length: 317

< Content-Type: text/html; charset=iso-8859-1

<

WordPress › ReadMe

Which of the following tools would be BEST for the penetration tester to use to explore this site further?

Options:

A.

Burp Suite

B.

DirBuster

C.

WPScan

D.

OWASP ZAP

Buy Now
Questions 61

When preparing for an engagement with an enterprise organization, which of the following is one of the MOST important items to develop fully prior to beginning the penetration testing activities?

Options:

A.

Clarify the statement of work.

B.

Obtain an asset inventory from the client.

C.

Interview all stakeholders.

D.

Identify all third parties involved.

Buy Now
Questions 62

Which of the following commands will allow a penetration tester to permit a shell script to be executed by the file owner?

Options:

A.

chmod u+x script.sh

B.

chmod u+e script.sh

C.

chmod o+e script.sh

D.

chmod o+x script.sh

Buy Now
Questions 63

A company that requires minimal disruption to its daily activities needs a penetration tester to perform information gathering around the company’s web presence. Which of the following would the tester find MOST helpful in the initial information-gathering steps? (Choose two.)

Options:

A.

IP addresses and subdomains

B.

Zone transfers

C.

DNS forward and reverse lookups

D.

Internet search engines

E.

Externally facing open ports

F.

Shodan results

Buy Now
Questions 64

A penetration tester discovers during a recent test that an employee in the accounting department has been making changes to a payment system and redirecting money into a personal bank account. The penetration test was immediately stopped. Which of the following would be the BEST recommendation to prevent this type of activity in the future?

Options:

A.

Enforce mandatory employee vacations

B.

Implement multifactor authentication

C.

Install video surveillance equipment in the office

D.

Encrypt passwords for bank account information

Buy Now
Questions 65

A penetration tester has been given an assignment to attack a series of targets in the 192.168.1.0/24 range, triggering as few alarms and countermeasures as possible.

Which of the following Nmap scan syntaxes would BEST accomplish this objective?

Options:

A.

nmap -sT -vvv -O 192.168.1.2/24 -PO

B.

nmap -sV 192.168.1.2/24 -PO

C.

nmap -sA -v -O 192.168.1.2/24

D.

nmap -sS -O 192.168.1.2/24 -T1

Buy Now
Questions 66

Which of the following BEST describe the OWASP Top 10? (Choose two.)

Options:

A.

The most critical risks of web applications

B.

A list of all the risks of web applications

C.

The risks defined in order of importance

D.

A web-application security standard

E.

A risk-governance and compliance framework

F.

A checklist of Apache vulnerabilities

Buy Now
Questions 67

A penetration tester wrote the following script to be used in one engagement:

Which of the following actions will this script perform?

Options:

A.

Look for open ports.

B.

Listen for a reverse shell.

C.

Attempt to flood open ports.

D.

Create an encrypted tunnel.

Buy Now
Questions 68

A penetration tester writes the following script:

Which of the following objectives is the tester attempting to achieve?

Options:

A.

Determine active hosts on the network.

B.

Set the TTL of ping packets for stealth.

C.

Fill the ARP table of the networked devices.

D.

Scan the system on the most used ports.

Buy Now
Questions 69

A red-team tester has been contracted to emulate the threat posed by a malicious insider on a company’s network, with the constrained objective of gaining access to sensitive personnel files. During the assessment, the red-team tester identifies an artifact indicating possible prior compromise within the target environment.

Which of the following actions should the tester take?

Options:

A.

Perform forensic analysis to isolate the means of compromise and determine attribution.

B.

Incorporate the newly identified method of compromise into the red team’s approach.

C.

Create a detailed document of findings before continuing with the assessment.

D.

Halt the assessment and follow the reporting procedures as outlined in the contract.

Buy Now
Questions 70

Deconfliction is necessary when the penetration test:

Options:

A.

determines that proprietary information is being stored in cleartext.

B.

occurs during the monthly vulnerability scanning.

C.

uncovers indicators of prior compromise over the course of the assessment.

D.

proceeds in parallel with a criminal digital forensic investigation.

Buy Now
Questions 71

A penetration tester who is doing a company-requested assessment would like to send traffic to another system using double tagging. Which of the following techniques would BEST accomplish this goal?

Options:

A.

RFID cloning

B.

RFID tagging

C.

Meta tagging

D.

Tag nesting

Buy Now
Questions 72

A penetration tester who is conducting a vulnerability assessment discovers that ICMP is disabled on a network segment. Which of the following could be used for a denial-of-service attack on the network segment?

Options:

A.

Smurf

B.

Ping flood

C.

Fraggle

D.

Ping of death

Buy Now
Questions 73

A penetration tester who is doing a security assessment discovers that a critical vulnerability is being actively exploited by cybercriminals. Which of the following should the tester do NEXT?

Options:

A.

Reach out to the primary point of contact

B.

Try to take down the attackers

C.

Call law enforcement officials immediately

D.

Collect the proper evidence and add to the final report

Buy Now
Questions 74

A consultant is reviewing the following output after reports of intermittent connectivity issues:

? (192.168.1.1) at 0a:d1:fa:b1:01:67 on en0 ifscope [ethernet]

? (192.168.1.12) at 34:a4:be:09:44:f4 on en0 ifscope [ethernet]

? (192.168.1.17) at 92:60:29:12:ac:d2 on en0 ifscope [ethernet]

? (192.168.1.34) at 88:de:a9:12:ce:fb on en0 ifscope [ethernet]

? (192.168.1.136) at 0a:d1:fa:b1:01:67 on en0 ifscope [ethernet]

? (192.168.1.255) at ff:ff:ff:ff:ff:ff on en0 ifscope [ethernet]

? (224.0.0.251) at 01:02:5e:7f:ff:fa on en0 ifscope permanent [ethernet]

? (239.255.255.250) at ff:ff:ff:ff:ff:ff on en0 ifscope permanent [ethernet]

Which of the following is MOST likely to be reported by the consultant?

Options:

A.

A device on the network has an IP address in the wrong subnet.

B.

A multicast session was initiated using the wrong multicast group.

C.

An ARP flooding attack is using the broadcast address to perform DDoS.

D.

A device on the network has poisoned the ARP cache.

Buy Now
Questions 75

A penetration tester finds a PHP script used by a web application in an unprotected internal source code repository. After reviewing the code, the tester identifies the following:

Which of the following tools will help the tester prepare an attack for this scenario?

Options:

A.

Hydra and crunch

B.

Netcat and cURL

C.

Burp Suite and DIRB

D.

Nmap and OWASP ZAP

Buy Now
Questions 76

A company recruited a penetration tester to configure wireless IDS over the network. Which of the following tools would BEST test the effectiveness of the wireless IDS solutions?

Options:

A.

Aircrack-ng

B.

Wireshark

C.

Wifite

D.

Kismet

Buy Now
Questions 77

Which of the following describes the reason why a penetration tester would run the command sdelete mimikatz. * on a Windows server that the tester compromised?

Options:

A.

To remove hash-cracking registry entries

B.

To remove the tester-created Mimikatz account

C.

To remove tools from the server

D.

To remove a reverse shell from the system

Buy Now
Questions 78

A software development team is concerned that a new product's 64-bit Windows binaries can be deconstructed to the underlying code. Which of the following tools can a penetration tester utilize to help the team gauge what an attacker might see in the binaries?

Options:

A.

Immunity Debugger

B.

OllyDbg

C.

GDB

D.

Drozer

Buy Now
Questions 79

A client has requested that the penetration test scan include the following UDP services: SNMP, NetBIOS, and DNS. Which of the following Nmap commands will perform the scan?

Options:

A.

nmap –vv sUV –p 53, 123-159 10.10.1.20/24 –oA udpscan

B.

nmap –vv sUV –p 53,123,161-162 10.10.1.20/24 –oA udpscan

C.

nmap –vv sUV –p 53,137-139,161-162 10.10.1.20/24 –oA udpscan

D.

nmap –vv sUV –p 53, 122-123, 160-161 10.10.1.20/24 –oA udpscan

Buy Now
Questions 80

A tester who is performing a penetration test on a website receives the following output:

Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /var/www/search.php on line 62

Which of the following commands can be used to further attack the website?

Options:

A.

B.

../../../../../../../../../../etc/passwd

C.

/var/www/html/index.php;whoami

D.

1 UNION SELECT 1, DATABASE(),3--

Buy Now
Questions 81

A new security firm is onboarding its first client. The client only allowed testing over the weekend and needed the results Monday morning. However, the assessment team was not able to access the environment as expected until Monday. Which of the following should the security company have acquired BEFORE the start of the assessment?

Options:

A.

A signed statement of work

B.

The correct user accounts and associated passwords

C.

The expected time frame of the assessment

D.

The proper emergency contacts for the client

Buy Now
Questions 82

A penetration tester would like to know if any web servers or mail servers are running on the in-scope network segment. Which of the following is the best to use in this scenario?

Options:

A.

ARP scans

B.

Website crawling

C.

DNS lookups

D.

Nmap probes

Buy Now
Questions 83

During a vulnerability scanning phase, a penetration tester wants to execute an Nmap scan using custom NSE scripts stored in the following folder:

/home/user/scripts

Which of the following commands should the penetration tester use to perform this scan?

Options:

A.

nmap resume "not intrusive"

B.

nmap script default safe

C.

nmap script /home/user/scripts

D.

nmap -load /home/user/scripts

Buy Now
Questions 84

During an engagement, a junior penetration tester found a multihomed host that led to an unknown network segment. The penetration tester ran a port scan against the network segment, which caused an outage at the customer's factory. Which of the following documents should the junior penetration tester most likely follow to avoid this issue in the future?

Options:

A.

NDA

B.

MSA

C.

ROE

D.

SLA

Buy Now
Questions 85

A penetration tester issues the following command after obtaining a low-privilege reverse shell: wmic service get name,pathname,startmode

Which of the following is the most likely reason the penetration tester ran this command?

Options:

A.

To search for passwords in the service directory

B.

To list scheduled tasks that may be exploitable

C.

To register a service to run as System

D.

To find services that have unquoted service paths

Buy Now
Questions 86

During a client engagement, a penetration tester runs the following Nmap command and obtains the following output:

nmap -sV -- script ssl-enum-ciphers -p 443 remotehost

| TLS_ECDHE_ECDSA_WITH_RC4_128_SHA

| TLS_ECDHE_RSA_WITH_RC4_128_SHA

TLS_RSA_WITH_RC4_128_SHA (rsa 2048)

TLS_RSA_WITH_RC4_128_MD5 (rsa 2048)

Which of the following should the penetration tester include in the report?

Options:

A.

Old, insecure ciphers are in use.

B.

The 3DES algorithm should be deprecated.

C.

2,048-bit symmetric keys are incompatible with MD5.

D.

This server should be upgraded to TLS 1.2.

Buy Now
Questions 87

A penetration tester runs a reconnaissance script and would like the output in a standardized machine-readable format in order to pass the data to another application. Which of the following is the best for the tester to use?

Options:

A.

JSON

B.

Lists

C.

XLS

D.

Trees

Buy Now
Questions 88

Which of the following documents should be consulted if a client has an issue accepting a penetration test report that was provided?

Options:

A.

Rules of engagement

B.

Signed authorization letter

C.

Statement of work

D.

Non-disclosure agreement

Buy Now
Questions 89

An executive needs to use Wi-Fi to connect to the company's server while traveling. While looking for available Wi-Fi connections, the executive notices an available access point to a hotel chain that is not available where the executive is staying. Which of the following attacks is the executive most likely experiencing?

Options:

A.

Data modification

B.

Amplification

C.

Captive portal

D.

Evil twin

Buy Now
Questions 90

A penetration testing team has gained access to an organization’s data center, but the team requires more time to test the attack strategy. Which of the following wireless attack techniques would be the most successful in preventing unintended interruptions?

Options:

A.

Captive portal

B.

Evil twin

C.

Bluejacking

D.

Jamming

Buy Now
Questions 91

A penetration tester exploits a vulnerable service to gain a shell on a target server. The tester receives the following:

Directory of C:\Users\Guest 05/13/2022 09:23 PM mimikatz.exe 05/18/2022 09:24 PM mimidrv.sys 05/18/2022 09:24 PM mimilib.dll

Which of the following best describes these findings?

Options:

A.

Indicators of prior compromise

B.

Password encryption tools

C.

False positives

D.

De-escalation attempts

Buy Now
Questions 92

During an assessment, a penetration tester emailed the following Python script to CompTIA's employees:

import pyHook, sys, logging, pythoncom, datetime

log_file='C:\\Windows\\Temp\\log_comptia.txt' def KbrdEvent(event):

logging.basicConfig(filename=log_file,level=logging.DEBUG, format='%(messages)s') chr(event.Ascii)

logging.log(10, chr(event.Ascii))

return True

hooks_manager = pyHook.HookManager()

hooks_manager.KeyDown = KbrdEvent

hooks_manager.HookKeyboard()

pythoncom.PumpMessages()

Which of the following is the intended effect of this script?

Options:

A.

Debugging an exploit

B.

Keylogging

C.

Collecting logs

D.

Scheduling tasks

Buy Now
Questions 93

A vulnerability assessor is looking to establish a baseline of all IPv4 network traffic on the local VLAN without a local IP address. Which of the following Nmap command sequences would best provide this information?

Options:

A.

sudonmap—script=bro* -e ethO

B.

sudonmap-sF—script=* -e ethO

C.

sudonmap-sV-sT -p 0-65535 -e ethO

D.

sudonmap-sV-p 0-65535 0.0.0.0/0

Buy Now
Questions 94

A penetration tester wants to find the password for any account in the domain without locking any of the accounts. Which of the following commands should the tester use?

Options:

A.

enum4linux -u userl -p /passwordList.txt 192.168.0.1

B.

enum4linux -u userl -p Passwordl 192.168.0.1

C.

cme smb 192.168.0.0/24 -u /userList.txt -p /passwordList.txt

D.

cme smb 192.168.0.0/24 -u /userList.txt -p Summer123

Buy Now
Questions 95

A penetration tester is trying to bypass an active response tool that blocks IP addresses that have more than 100 connections per minute. Which of the following commands would allow the tester to finish the test without being blocked?

Options:

A.

nmap -sU -p 1-1024 10.0.0.15

B.

nmap -p 22,25, 80, 3389 -T2 10.0.0.15 -Pn

C.

nmap -T5 -p 1-65535 -A 10.0.0.15

D.

nmap -T3 -F 10.0.0.15

Buy Now
Questions 96

Which of the following describes how a penetration tester could prioritize findings in a report?

Options:

A.

Business mission and goals

B.

Cyberassets

C.

Network infrastructure

D.

Cyberthreats

Buy Now
Questions 97

A penetration tester is performing reconnaissance for a web application assessment. Upon investigation, the tester reviews the robots.txt file for items of interest.

INSTRUCTIONS

Select the tool the penetration tester should use for further investigation.

Select the two entries in the robots.txt file that the penetration tester should recommend for removal.

Options:

Buy Now
Questions 98

A penetration tester runs the unshadow command on a machine. Which of the following tools will the tester most likely use NEXT?

Options:

A.

John the Ripper

B.

Hydra

C.

Mimikatz

D.

Cain and Abel

Buy Now
Questions 99

A penetration tester has obtained root access to a Linux-based file server and would like to maintain persistence after reboot. Which of the following techniques would BEST support this objective?

Options:

A.

Create a one-shot system service to establish a reverse shell.

B.

Obtain /etc/shadow and brute force the root password.

C.

Run the nc -e /bin/sh <...> command.

D.

Move laterally to create a user account on LDAP

Buy Now
Questions 100

A penetration tester wants to test a list of common passwords against the SSH daemon on a network device. Which of the following tools would be BEST to use for this purpose?

Options:

A.

Hashcat

B.

Mimikatz

C.

Patator

D.

John the Ripper

Buy Now
Questions 101

A penetration tester is looking for a vulnerability that enables attackers to open doors via a specialized TCP service that is used for a physical access control system. The service exists on more than 100 different hosts, so the tester would like to automate the assessment. Identification requires the penetration tester to:

    Have a full TCP connection

    Send a “hello” payload

    Walt for a response

    Send a string of characters longer than 16 bytes

Which of the following approaches would BEST support the objective?

Options:

A.

Run nmap –Pn –sV –script vuln .

B.

Employ an OpenVAS simple scan against the TCP port of the host.

C.

Create a script in the Lua language and use it with NSE.

D.

Perform a credentialed scan with Nessus.

Buy Now
Questions 102

A penetration tester noticed that an employee was using a wireless headset with a smartphone. Which of the following methods would be best to use to intercept the communications?

Options:

A.

Multiplexing

B.

Bluejacking

C.

Zero-day attack

D.

Smurf attack

Buy Now
Questions 103

A penetration tester is performing an assessment against a customer’s web application that is hosted in a major cloud provider’s environment. The penetration tester observes that the majority of the attacks attempted are being blocked by the organization's WAF. Which of the following attacks would be most likely to succeed?

Options:

A.

Reflected XSS

B.

Brute-force

C.

DDoS

D.

Direct-to-origin

Buy Now
Questions 104

A penetration tester performs several Nmap scans against the web application for a client.

INSTRUCTIONS

Click on the WAF and servers to review the results of the Nmap scans. Then click on

each tab to select the appropriate vulnerability and remediation options.

If at any time you would like to bring back the initial state of the simulation, please

click the Reset All button.

Options:

Buy Now
Questions 105

During a test of a custom-built web application, a penetration tester identifies several vulnerabilities. Which of the following would be the most interested in the steps to reproduce these vulnerabilities?

Options:

A.

Operations staff

B.

Developers

C.

Third-party stakeholders

D.

C-suite executives

Buy Now
Questions 106

In a standard engagement, a post-report document is provided outside of the report. This document:

• Does not contain specific findings

• Exposes vulnerabilities

• Can be shared publicly with outside parties that do not have an in-depth understanding about the client's network

Which of the following documents is described?

Options:

A.

Attestation letter

B.

Findings report

C.

Executive summary

D.

Non-disclosure agreement

Buy Now
Questions 107

A penetration tester is configuring a vulnerability management solution to perform a scan of Linux servers on an enterprise network. The client wants to reduce potential disruptions as much as possible. Which of the following types of accounts should the tester use?

Options:

A.

Read-only user

B.

SSH LDAP user

C.

Domain administrator

D.

Unprivileged user

Buy Now
Questions 108

Which of the following elements of a penetration testing report aims to provide a normalized and standardized representation of discovered vulnerabilities and the overall threat they present to an affected system or network?

Options:

A.

Executive summary

B.

Vulnerability severity rating

C.

Recommendations of mitigation

D.

Methodology

Buy Now
Questions 109

A penetration tester is enumerating shares and receives the following output:

Which of the following should the penetration tester enumerate next?

Options:

A.

dev

B.

print$

C.

home

D.

notes

Buy Now
Questions 110

A penetration tester requested, without express authorization, that a CVE number be assigned for a new vulnerability found on an internal client application. Which of the following did the penetration tester most likely breach?

Options:

A.

ROE

B.

SLA

C.

NDA

D.

SOW

Buy Now
Questions 111

During a security assessment, a penetration tester decides to write the following Python script: import requests

x= ['OPTIONS', 'TRACE', 'TEST'l

for y in x;

z - requests.request(y, 'http://server.net ')

print(y, z.status_code, z.reason)

Which of the following is the penetration tester trying to accomplish? (Select two).

Options:

A.

Web server denial of service

B.

HTTP methods availability

C.

'Web application firewall detection

D.

'Web server fingerprinting

E.

Web server error handling

F.

Web server banner grabbing

Buy Now
Questions 112

During an assessment, a penetration tester discovers the following code sample in a web application:

"(&(userid=*)(userid=*))(I(userid=*)(userPwd=(SHAl}a9993e364706816aba3e25717850c26c9cd0d89d==))

Which of the following injections is being performed?

Options:

A.

Boolean SQL

B.

Command

C.

Blind SQL

D.

LDAP

Buy Now
Questions 113

As part of an active reconnaissance, a penetration tester intercepts and analyzes network traffic, including API requests and responses. Which of the following can be gained by capturing and examining the API traffic?

Options:

A.

Assessing the performance of the network's API communication

B.

Identifying the token/authentication detail

C.

Enumerating all users of the application

D.

Extracting confidential user data from the intercepted API responses

Buy Now
Questions 114

A penetration tester discovers passwords in a publicly available data breach during the reconnaissance phase of the penetration test. Which of the following is the best action for the tester to take?

Options:

A.

Add thepasswords to an appendix in the penetration test report.

B.

Do nothing. Using passwords from breached data is unethical.

C.

Contactthe client and inform them of the breach.

D.

Use thepasswords in a credential stuffing attack when the external penetration test begins.

Buy Now
Questions 115

Which of the following tools can a penetration tester use to brute force a user password over SSH using multiple threads?

Options:

A.

CeWL

B.

John the Ripper

C.

Hashcat

D.

Hydra

Buy Now
Questions 116

A company developed a new web application to allow its customers to submit loan applications. A penetration tester is reviewing the application and discovers that the application was developed in ASP and used MSSQL for its back-end database. Using the application's search form, the penetration tester inputs the following code in the search input field:

IMG SRC=vbscript:msgbox ("Vulnerable_to_Attack") ; >originalAttribute="SRC"originalPath="vbscript;msgbox ("Vulnerable_to_Attack ") ;>"

When the tester checks the submit button on the search form, the web browser returns a pop-up windows that displays "Vulnerable_to_Attack." Which of the following vulnerabilities did the tester discover in the web application?

Options:

A.

SQL injection

B.

Command injection

C.

Cross-site request forgery

D.

Cross-site scripting

Buy Now
Questions 117

A penetration tester is preparing a credential stuffing attack against a company's website. Which of the following can be used to passively get the most relevant information?

Options:

A.

Shodan

B.

BeEF

C.

HavelBeenPwned

D.

Maltego

Buy Now
Questions 118

A penetration tester observes an application enforcing strict access controls. Which of the following would allow the tester to bypass these controls and successfully access the organization's sensitive files?

Options:

A.

Remote file inclusion

B.

Cross-site scripting

C.

SQL injection

D.

Insecure direct object references

Buy Now
Questions 119

Options:

A.

Provide an example report from a prior penetration test engagement.

B.

Allow the client to only view the information while in secure spaces.

C.

Determine which reports are no longer under a period of confidentiality.

D.

Provide raw output from penetration testing tools.

Buy Now
Questions 120

An organization is using Android mobile devices but does not use MDM services. Which of the following describes an existing risk present in this scenario?

Options:

A.

Device log facility does not record actions.

B.

End users have root access by default.

C.

Unsigned applications can be installed.

D.

Push notification services require internet.

Buy Now
Questions 121

Which of the following legal concepts specifically outlines the scope, deliverables, and timelines of a project or engagement?

Options:

A.

MSA

B.

NDA

C.

SLA

D.

SOW

Buy Now
Questions 122

The following output is from reconnaissance on a public-facing banking website:

Based on these results, which of the following attacks is MOST likely to succeed?

Options:

A.

A birthday attack on 64-bit ciphers (Sweet32)

B.

An attack that breaks RC4 encryption

C.

An attack on a session ticket extension (Ticketbleed)

D.

A Heartbleed attack

Buy Now
Questions 123

A penetration tester attempted a DNS poisoning attack. After the attempt, no traffic was seen from the target machine. Which of the following MOST likely caused the attack to fail?

Options:

A.

The injection was too slow.

B.

The DNS information was incorrect.

C.

The DNS cache was not refreshed.

D.

The client did not receive a trusted response.

Buy Now
Questions 124

A penetration tester has extracted password hashes from the lsass.exe memory process. Which of the following should the tester perform NEXT to pass the hash and provide persistence with the newly acquired credentials?

Options:

A.

Use Patator to pass the hash and Responder for persistence.

B.

Use Hashcat to pass the hash and Empire for persistence.

C.

Use a bind shell to pass the hash and WMI for persistence.

D.

Use Mimikatz to pass the hash and PsExec for persistence.

Buy Now
Questions 125

During the scoping phase of an assessment, a client requested that any remote code exploits discovered during testing would be reported immediately so the vulnerability could be fixed as soon as possible. The penetration tester did not agree with this request, and after testing began, the tester discovered a vulnerability and gained internal access to the system. Additionally, this scenario led to a loss of confidential credit card data and a hole in the system. At the end of the test, the penetration tester willfully failed to report this information and left the vulnerability in place. A few months later, the client was breached and credit card data was stolen. After being notified about the breach, which of the following steps should the company take NEXT?

Options:

A.

Deny that the vulnerability existed

B.

Investigate the penetration tester.

C.

Accept that the client was right.

D.

Fire the penetration tester.

Buy Now
Questions 126

A penetration tester, who is doing an assessment, discovers an administrator has been exfiltrating proprietary company information. The administrator offers to pay the tester to keep quiet. Which of the following is the BEST action for the tester to take?

Options:

A.

Check the scoping document to determine if exfiltration is within scope.

B.

Stop the penetration test.

C.

Escalate the issue.

D.

Include the discovery and interaction in the daily report.

Buy Now
Questions 127

A penetration tester is trying to restrict searches on Google to a specific domain. Which of the following commands should the penetration tester consider?

Options:

A.

inurl:

B.

link:

C.

site:

D.

intitle:

Buy Now
Questions 128

Which of the following provides an exploitation suite with payload modules that cover the broadest range of target system types?

Options:

A.

Nessus

B.

Metasploit

C.

Burp Suite

D.

Ethercap

Buy Now
Questions 129

A CentOS computer was exploited during a penetration test. During initial reconnaissance, the penetration tester discovered that port 25 was open on an internal

Sendmail server. To remain stealthy, the tester ran the following command from the attack machine:

Which of the following would be the BEST command to use for further progress into the targeted network?

Options:

A.

nc 10.10.1.2

B.

ssh 10.10.1.2

C.

nc 127.0.0.1 5555

D.

ssh 127.0.0.1 5555

Buy Now
Questions 130

Which of the following documents must be signed between the penetration tester and the client to govern how any provided information is managed before, during, and after the engagement?

Options:

A.

MSA

B.

NDA

C.

SOW

D.

ROE

Buy Now
Questions 131

A physical penetration tester needs to get inside an organization's office and collect sensitive information without acting suspiciously or being noticed by the security guards. The tester has observed that the company's ticket gate does not scan the badges, and employees leave their badges on the table while going to the restroom. Which of the following techniques can the tester use to gain physical access to the office? (Choose two.)

Options:

A.

Shoulder surfing

B.

Call spoofing

C.

Badge stealing

D.

Tailgating

E.

Dumpster diving

F.

Email phishing

Buy Now
Questions 132

After gaining access to a Linux system with a non-privileged account, a penetration tester identifies the following file:

Which of the following actions should the tester perform FIRST?

Options:

A.

Change the file permissions.

B.

Use privilege escalation.

C.

Cover tracks.

D.

Start a reverse shell.

Buy Now
Questions 133

A penetration tester has been hired to examine a website for flaws. During one of the time windows for testing, a network engineer notices a flood of GET requests to the web server, reducing the website’s response time by 80%. The network engineer contacts the penetration tester to determine if these GET requests are part of the test. Which of the following BEST describes the purpose of checking with the penetration tester?

Options:

A.

Situational awareness

B.

Rescheduling

C.

DDoS defense

D.

Deconfliction

Buy Now
Questions 134

A penetration tester needs to perform a vulnerability scan against a web server. Which of the following tools is the tester MOST likely to choose?

Options:

A.

Nmap

B.

Nikto

C.

Cain and Abel

D.

Ethercap

Buy Now
Questions 135

Which of the following situations would require a penetration tester to notify the emergency contact for the engagement?

Options:

A.

The team exploits a critical server within the organization.

B.

The team exfiltrates PII or credit card data from the organization.

C.

The team loses access to the network remotely.

D.

The team discovers another actor on a system on the network.

Buy Now
Questions 136

A client would like to have a penetration test performed that leverages a continuously updated TTPs framework and covers a wide variety of enterprise systems and networks. Which of the following methodologies should be used to BEST meet the client's expectations?

Options:

A.

OWASP Top 10

B.

MITRE ATT&CK framework

C.

NIST Cybersecurity Framework

D.

The Diamond Model of Intrusion Analysis

Buy Now
Questions 137

Company.com has hired a penetration tester to conduct a phishing test. The tester wants to set up a fake log-in page and harvest credentials when target employees click on links in a phishing email. Which of the following commands would best help the tester determine which cloud email provider the log-in page needs to mimic?

Options:

A.

dig company.com MX

B.

whois company.com

C.

cur1 www.company.com

D.

dig company.com A

Buy Now
Questions 138

Which of the following is the most secure method for sending the penetration test report to the client?

Options:

A.

Sending the penetration test report on an online storage system.

B.

Sending the penetration test report inside a password-protected ZIP file.

C.

Sending the penetration test report via webmail using an HTTPS connection.

D.

Encrypting the penetration test report with the client’s public key and sending it via email.

Buy Now
Questions 139

During a penetration test, the domain names, IP ranges, hosts, and applications are defined in the:

Options:

A.

SOW.

B.

SLA.

C.

ROE.

D.

NDA

Buy Now
Exam Code: PT0-002
Exam Name: CompTIA PenTest+ Certification Exam
Last Update: Jan 19, 2025
Questions: 464
PT0-002 pdf

PT0-002 PDF

$29.75  $84.99
PT0-002 Engine

PT0-002 Testing Engine

$35  $99.99
PT0-002 PDF + Engine

PT0-002 PDF + Testing Engine

$47.25  $134.99