最新的CompTIA PenTest+ Certification - PT0-002免費考試真題

問題1
A penetration tester runs the following command:
nmap -p- -A 10.0.1.10
Given the execution of this command, which of the following quantities of ports will Nmap scan?

正確答案: D
說明:(僅 VCESoft 成員可見)
問題2
A penetration tester who is performing an engagement notices a specific host is vulnerable to EternalBlue. Which of the following would BEST protect against this vulnerability?

正確答案: A
說明:(僅 VCESoft 成員可見)
問題3
Which of the following are the MOST important items to include in the final report for a penetration test? (Choose two.)

正確答案: A,C
問題4
Within a Python script, a line that states print (var) outputs the following:
[{'1' : 'CentOS', '2' : 'Ubuntu'), {'1' : 'Windows 10', '2' : 'Windows Server 2016'}]
Which of the following objects or data structures is var ?

正確答案: C
說明:(僅 VCESoft 成員可見)
問題5
Which of the following concepts defines the specific set of steps and approaches that are conducted during a penetration test?

正確答案: A
問題6
A company provided the following network scope for a penetration test:
169.137.1.0/24
221.10.1.0/24
149.14.1.0/24
A penetration tester discovered a remote command injection on IP address 149.14.1.24 and exploited the system. Later, the tester learned that this particular IP address belongs to a third party. Which of the following stakeholders is responsible for this mistake?

正確答案: D
說明:(僅 VCESoft 成員可見)
問題7
A potential reason for communicating with the client point of contact during a penetration test is to provide resolution if a testing component crashes a system or service and leaves them unavailable for both legitimate users and further testing. Which of the following best describes this concept?

正確答案: B
說明:(僅 VCESoft 成員可見)
問題8
A penetration tester performs the following command:
curl -I -http2 https://www.comptia.org
Which of the following snippets of output will the tester MOST likely receive?

正確答案: D
問題9
A penetration tester needs to access a building that is guarded by locked gates, a security team, and cameras.
Which of the following is a technique the tester can use to gain access to the IT framework without being detected?

正確答案: D