Browse Exams Pricing

ExamsPT0-002Questions

PT0-002 Exam Questions

593 real PT0-002 exam questions with expert-verified answers and explanations. Page 9 of 12.

Question #419Vulnerability discovery and analysis
A penetration tester is conducting an assessment of an organization that has both a web and mobile application. While testing the user profile page, the penetration tester notices...
API testingData exposureInformation leakageVulnerability analysis
Question #420Reporting and Communication
A penetration tester is conducting an assessment for an e-commerce company and successfully copies the user database to the local machine. After a closer review, the penetration te...
Client communicationCritical vulnerability disclosurePenetration testing ethics
Question #421Vulnerability discovery and analysis
A penetration tester is reviewing the logs of a proxy server and discovers the following URLs: https://test.comptia.com/profile.php?userid=1546 https://test.cpmptia.com/profile.php...
Insecure Direct Object ReferenceAccess ControlWeb Application SecurityParameter Tampering
Question #422Attacks and Exploits
Given the following user-supplied data: Which of the following attack techniques is the penetration tester likely implementing?
SQL InjectionBoolean-based attacksWeb application attacksExploitation techniques
Question #423Attacks and Exploits
During an assessment, a penetration tester discovers the following code sample in a web application: "(&(userid=*)(userid=*))(|(userid=*) (userPwd={SHA1}a9993e364706816aba3e2571785...
LDAP InjectionInjection AttacksWeb Application SecurityPayload Analysis
Question #424Information Gathering and Vulnerability Scanning
A penetration tester is preparing a credential stuffing attack against a company's website. Which of the following can be used to passively get the most relevant information?
Credential StuffingPassive ReconnaissanceOSINT ToolsBreach Data
Question #426Post-exploitation and lateral movement
During an assessment, a penetration tester emailed the following Python script to CompTIA's employees: import pyHook, sys, logging, pythoncom, datetime log_file='C:\\Windows\\Temp\...
KeyloggerPython scriptingPost-exploitationInformation gathering
Question #427Post-exploitation and lateral movement
For an engagement, a penetration tester is required to use only local operating system tools for file transfer. Which of the following options should the penetration tester conside...
NetcatFile TransferPenetration Testing ToolsPost-exploitation Techniques
Question #428Tools and Code Analysis
Which of the following would be the most efficient way to write a Python script that interacts with a web application?
Python scriptingWeb interactionHTTP requestsLibraries
Question #429Reporting and Communication
Which of the following describes how a penetration tester could prioritize findings in a report?
Findings prioritizationReportingCyberthreatsRisk assessment
Question #433Attacks and Exploits
A penetration tester is conducting an on-path link layer attack in order to take control of a key fob that controls an electric vehicle. Which of the following wireless attacks wou...
BLE attacksWireless attacksKey fob securityOn-path attacks
Question #434Reporting and Communication
Which of the following elements of a penetration testing report aims to provide a normalized and standardized representation of discovered vulnerabilities and the overall threat th...
Penetration test reportsVulnerability severityRisk assessmentReporting standards
Question #435Attacks and Exploits
A penetration tester is performing an assessment for an application that is used by large organizations operating in the heavily regulated financial services industry. The penetrat...
access controlremediationdefault accountsnetwork security
Question #436Vulnerability discovery and analysis
A penetration tester discovers a file, key.enc. on a shared drive and then executes the following command, which yields the following output: Which of the following are the best re...
Key managementVulnerability remediationPassword securityPenetration testing recommendations
Question #437Reporting and Communication
Which of the following best explains why communication is a vital phase of a penetration test?
CommunicationPenetration Testing ProcessClient InteractionSituational Awareness
Question #438Reconnaissance and enumeration
During a security assessment, a penetration tester decides to write the following Python script: import requests x= ['OPTIONS', 'TRACE', 'TEST'l for y in x; print(y, z.status_code,...
HTTP MethodsWeb Server FingerprintingReconnaissanceEnumeration
Question #439Reporting and Communication
Which of the following documents should be consulted if a client has an issue accepting a penetration test report that was provided?
Rules of engagementReportingClient communicationReport acceptance
Question #441Attacks and Exploits
A penetration tester captures SMB network traffic and discovers that users are mistyping the name of a fileshare server. This causes the workstations to send out requests attemptin...
LLMNR SpoofingNetBIOS-NS SpoofingCredential TheftNetwork Attacks
Question #442Vulnerability discovery and analysis
During a security assessment of a web application, a penetration tester was able to generate the following application response: Unclosed quotation mark after the character string...
SQL injectionWeb application securityVulnerability identificationError message analysis
Question #443Attacks and Exploits
A penetration tester approaches a company employee in the smoking area and starts a conversation about the company's recent social event. After a few minutes, the employee holds th...
TailgatingSocial EngineeringPhysical SecurityAccess Control Bypass
Question #444Attacks and Exploits
A penetration tester noticed that an employee was using a wireless headset with a smartphone. Which of the following methods would be best to use to intercept the communications?
Bluetooth attacksWireless securityMobile securityInterception techniques
Question #445Reporting and Communication
An organization's Chief Information Security Officer debates the validity of a critical finding from a penetration assessment that was completed six months ago. Which of the follow...
Post-report activitiesClient acceptanceEngagement closureReport communication
Question #446Engagement management
A penetration testing firm wants to hire three additional consultants to support a newly signed long-term contract with a major customer. The following is a summary of candidate ba...
Professional EthicsLegal ComplianceBackground ChecksPersonnel Management
Question #447Vulnerability discovery and analysis
A penetration tester uses Hashcat to crack hashes discovered during a penetration test and obtains the following output: ad09cd16529b5f5a40a3e15344e57649f4a43a267a97f008af01af80360...
Password crackingPassword securityRemediationPassword policies
Question #449Post-exploitation and lateral movement
After successfully compromising a remote host, a security consultant notices an endpoint protection software is running on the host. Which of the following commands would be best f...
taskkillPost-exploitationEndpoint protection evasionWindows commands
Question #450Attacks and Exploits
A penetration tester is performing an assessment of an application that allows users to upload documents to a cloud-based file server for easy access anywhere in the world. Which o...
Directory TraversalPath TraversalWeb Application VulnerabilitiesFile Access
Question #451Information Gathering and Vulnerability Scanning
A security consultant wants to perform a vulnerability assessment with an application that can effortlessly generate an easy-to-read report. Which of the following should the attac...
Vulnerability assessmentVulnerability scanningNessusReporting
Question #452Reconnaissance and enumeration
A penetration tester is attempting to perform reconnaissance on a customer's external-facing footprint and reviews a summary of the fingerprinting scans: SSH servers: 23 NTP server...
ReconnaissanceFingerprintingOS IdentificationNetwork Services
Question #454Information Gathering and Vulnerability Scanning
During an assessment, a penetration tester needs to perform a cloud asset discovery of an organization. Which of the following tools would most likely provide more accurate results...
Cloud securityAsset discoveryCloud penetration testing toolsVulnerability scanning
Question #455Post-exploitation and lateral movement
A penetration tester managed to get control of an internal web server that is hosting the IT knowledge base. Which of the following attacks should the penetration tester attempt ne...
Post-exploitationLateral movementWatering hole attackPenetration testing techniques
Question #456Attacks and Exploits
A penetration tester wants to perform a SQL injection test. Which of the following characters should the tester use to start the SQL injection attempt?
SQL injectionWeb application attacksPayload constructionPenetration testing techniques
Question #457Post-exploitation and lateral movement
After obtaining a reverse shell connection, a penetration tester runs the following command: Which of the following is the fastest way to escalate privileges on this server?
Privilege EscalationSudo VulnerabilitiesLinux ExploitationPost-exploitation
Question #458Reconnaissance and enumeration
A penetration tester is performing DNS reconnaissance and has obtained the following output using different dig comrr Which of the following can be concluded from the output the pe...
DNS Reconnaissancedig commandDNS recordsInformation Gathering
Question #459Post-exploitation and lateral movement
A penetration tester was able to gain access to a plaintext file on a user workstation. Upon opening the file, the tester notices some strings of randomly generated text. The teste...
Credential managementLateral movementSecure storageRemediation
Question #460Planning and Scoping
A penetration tester is hired to test a client's systems. The client's systems are hosted by the client at its headquarters. The production environment is hosted by a private cloud...
ScopingRules of EngagementThird-party assetsLegal & Ethical Considerations
Question #461Engagement management
Which of the following is a ROE component that provides a penetration tester with guidance on who and how to contact the necessary individuals in the event of a disaster during an...
Rules of Engagement (ROE)Communication planEscalation proceduresIncident management
Question #462Post-exploitation and lateral movement
After compromising a remote host, a penetration tester is able to obtain a web shell. A firewall is blocking outbound traffic. Which of the following commands would allow the penet...
Bind shellNetcatPost-exploitationFirewall bypass
Question #465Vulnerability discovery and analysis
A penetration tester enters a command into the shell and receives the following output: C:\Users\UserX\Desktop>vmic service get name, pathname, displayname, startmode | findstr /i...
Unquoted Service PathWindows ServicesPrivilege EscalationVulnerability Identification
Question #466Reporting and Communication
Which of the following is the most secure way to protect a final report file when delivering the report to the client/customer?
PGP EncryptionSecure CommunicationReport DeliveryData Confidentiality
Question #467Planning and Scoping
During an engagement, a junior penetration tester found a multihomed host that led to an unknown network segment. The penetration tester ran a port scan against the network segment...
Rules of EngagementEngagement ScopingPenetration Testing EthicsRisk Management
Question #468Attacks and Exploits
A penetration tester is performing an assessment for an organization and must gather valid user credentials. Which of the following attacks would be best for the tester to use to a...
Wireless attacksCredential harvestingDeauthenticationPenetration testing techniques
Question #469Planning and Scoping
Which of the following is the most important to include in the scope of a wireless security assessment?
Wireless securityAssessment scopingAccess pointsPentest planning
Question #470Reconnaissance and enumeration
As part of active reconnaissance, penetration testers need to determine whether a protection mechanism is in place to safeguard the target's website against web application attacks...
WAF detectionActive reconnaissanceWeb application securitySecurity controls
Question #471Vulnerability discovery and analysis
During an assessment, a penetration tester found an application with the default credentials enabled. Which of the following best describes the technical control required to fix th...
System HardeningDefault CredentialsVulnerability RemediationSecurity Controls
Question #472Reconnaissance and enumeration
A penetration tester runs a reconnaissance script and would like the output in a standardized machine-readable format in order to pass the data to another application. Which of the...
JSONMachine-readable formatData exchangeReconnaissance output
Question #474Reporting and Communication
Which of the following components should a penetration tester most likely include in a report at the end of an assessment?
Penetration testing reportReport componentsMetrics and measuresReporting best practices
Question #475Attacks and Exploits
A penetration testing team has gained access to an organization's data center, but the team requires more time to test the attack strategy. Which of the following wireless attack t...
Wireless attacksEvil twinPenetration testingNetwork deception
Question #476Attacks and Exploits
A penetration tester would like to crack a hash using a list of hashes and a predefined set of rules. The tester runs the following command: hashcat.exe -a 0 .\hash.txt .\rockyou.t...
Hash crackingHashcatDictionary attackPenetration testing tools
Question #477Tools and Code Analysis
During a REST API security assessment, a penetration tester was able to sniff JSON content containing user credentials. The JSON structure was as follows: Assuming that the variabl...
JSON ParsingPython Data StructuresAPI SecurityCredential Exposure
Question #478Reconnaissance and enumeration
A vulnerability assessor is looking to establish a baseline of all IPv4 network traffic on the local VLAN without a local IP address. Which of the following Nmap command sequences...
NmapNetwork monitoringPassive reconnaissanceTraffic baseline

PreviousPage 9 of 12Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.