PenTest+ PT0-002 Passing Score

CompTIA PenTest+ Certification Exam Questions and Answers

Question 17

A company hired a penetration tester to do a social-engineering test against its employees. Although the tester did not find any employees’ phone numbers on the company’s website, the tester has learned the complete phone catalog was published there a few months ago.

In which of the following places should the penetration tester look FIRST for the employees’ numbers?

Options:

Web archive

GitHub

File metadata

Underground forums

Question 18

A penetration tester performs the following command:

curl –I –http2

Which of the following snippets of output will the tester MOST likely receive?

Options:

Option A

Option B

Option C

Option D

Question 19

A company obtained permission for a vulnerability scan from its cloud service provider and now wants to test the security of its hosted data.

Which of the following should the tester verify FIRST to assess this risk?

Options:

Whether sensitive client data is publicly accessible

Whether the connection between the cloud and the client is secure

Whether the client's employees are trained properly to use the platform

Whether the cloud applications were developed using a secure SDLC

Question 20

A tester who is performing a penetration test on a website receives the following output:

Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /var/www/search.php on line 62

Which of the following commands can be used to further attack the website?

Options:

../../../../../../../../../../etc/passwd

/var/www/html/index.php;whoami

1 UNION SELECT 1, DATABASE(),3--

Weekend Sale Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

CompTIA PenTest+ Certification Exam Questions and Answers

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer: