comptia pt1-002 practice test

CompTIA PenTest+

Question 1

Which of the following describe the GREATEST concerns about using third-party open-source libraries in application code?
(Choose two.)

  • A. The libraries may be vulnerable
  • B. The licensing of software is ambiguous
  • C. The libraries’ code bases could be read by anyone
  • D. The provenance of code is unknown
  • E. The libraries may be unsupported
  • F. The libraries may break the application




Question 2

Which of the following would MOST likely be included in the final report of a static application-security test that was written
with a team of application developers as the intended audience?

  • A. Executive summary of the penetration-testing methods used
  • B. Bill of materials including supplies, subcontracts, and costs incurred during assessment
  • C. Quantitative impact assessments given a successful software compromise
  • D. Code context for instances of unsafe type-casting operations



Question 3

A penetration tester wants to perform reconnaissance without being detected. Which of the following activities have a
MINIMAL chance of detection? (Choose two.)

  • A. Open-source research
  • B. A ping sweep
  • C. Traffic sniffing
  • D. Port knocking
  • E. A vulnerability scan
  • F. An Nmap scan




Question 4

In the process of active service enumeration, a penetration tester identifies an SMTP daemon running on one of the target
companys servers. Which of the following actions would BEST enable the tester to perform phishing in a later stage of the

  • A. Test for RFC-defined protocol conformance.
  • B. Attempt to brute force authentication to the service.
  • C. Perform a reverse DNS query and match to the service banner.
  • D. Check for an open relay configuration.



Question 5

A client wants a security assessment company to perform a penetration test against its hot site. The purpose of the test is to
determine the effectiveness of the defenses that protect against disruptions to business continuity. Which of the following is
the MOST important action to take before starting this type of assessment?

  • A. Ensure the client has signed the SOW.
  • B. Verify the client has granted network access to the hot site.
  • C. Determine if the failover environment relies on resources not owned by the client.
  • D. Establish communication and escalation procedures with the client.



Question 6

Which of the following BEST describes why a client would hold a lessons-learned meeting with the penetration-testing team?

  • A. To provide feedback on the report structure and recommend improvements
  • B. To discuss the findings and dispute any false positives
  • C. To determine any processes that failed to meet expectations during the assessment
  • D. To ensure the penetration-testing team destroys all company data that was gathered during the test



Question 7

A company that requires minimal disruption to its daily activities needs a penetration tester to perform information gathering
around the companys web presence. Which of the following would the tester find MOST helpful in the initial information-
gathering steps? (Choose two.)

  • A. IP addresses and subdomains
  • B. Zone transfers
  • C. DNS forward and reverse lookups
  • D. Internet search engines
  • E. Externally facing open ports
  • F. Shodan results



Question 8

A penetration tester runs a scan against a server and obtains the following output:
21/tcp open ftp Microsoft ftpd
| ftp-anon: Anonymous FTP login allowed (FTP code 230) | 03-12-20 09:23AM 331 index.aspx
| ftp-syst:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
445/tcp open microsoft-ds Microsoft Windows Server 2012 Std 3389/tcp open ssl/ms-wbt-server
| rdp-ntlm-info:
| Target Name: WEB3
| NetBIOS_Computer_Name: WEB3
| Product_Version: 6.3.9600
|_ System_Time: 2021-01-15T11:32:06+00:00
8443/tcp open http Microsoft IIS httpd 8.5
| http-methods:
|_ Potentially risky methods: TRACE
|_http-server-header: Microsoft-IIS/8.5 |_http-title: IIS Windows Server
Which of the following command sequences should the penetration tester try NEXT?

  • A. ftp
  • B. smbclient \\\\WEB3\\IPC$ -I –U guest
  • C. ncrack –u Administrator –P 15worst_passwords.txt –p rdp
  • D. curl –X TRACE
  • E. nmap –-script vuln –sV



Question 9

A penetration tester wants to scan a target network without being detected by the clients IDS. Which of the following scans
is MOST likely to avoid detection?

  • A. nmap –p0 –T0 –sS
  • B. nmap –sA –sV --host-timeout 60
  • C. nmap –f --badsum
  • D. nmap –A –n



Question 10

A new security firm is onboarding its first client. The client only allowed testing over the weekend and needed the results
Monday morning. However, the assessment team was not able to access the environment as expected until Monday. Which
of the following should the security company have acquired BEFORE the start of the assessment?

  • A. A signed statement of work
  • B. The correct user accounts and associated passwords
  • C. The expected time frame of the assessment
  • D. The proper emergency contacts for the client


To page 2