CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. CompTIA
  5. PT0-002

Free PT0-002 Exam Braindumps (page: 27)

Page 27 of 93
PDF with 366 Questions

Which of the following web-application security risks are part of the OWASP Top 10 v2017? (Choose two.)

  1. Buffer overflows
  2. Cross-site scripting
  3. Race-condition attacks
  4. Zero-day attacks
  5. Injection flaws
  6. Ransomware attacks

Answer(s): B,E



The results of an Nmap scan are as follows:



Which of the following would be the BEST conclusion about this device?

  1. This device may be vulnerable to the Heartbleed bug due to the way transactions over TCP/22 handle heartbeat extension packets, allowing attackers to obtain sensitive information from process memory.
  2. This device is most likely a gateway with in-band management services.
  3. This device is most likely a proxy server forwarding requests over TCP/443.
  4. This device may be vulnerable to remote code execution because of a buffer overflow vulnerability in the method used to extract DNS names from packets prior to DNSSEC validation.

Answer(s): B



When preparing for an engagement with an enterprise organization, which of the following is one of the MOST important items to develop fully prior to beginning the penetration testing activities?

  1. Clarify the statement of work
  2. Obtain an asset inventory from the client
  3. Interview all stakeholders
  4. Identify all third parties involved.

Answer(s): A



A penetration tester is reviewing the following SOW prior to engaging with a client.

`Network diagrams, logical and physical asset inventory, and employees' names are to be treated as client confidential. Upon completion of the engagement, the penetration tester will submit findings to the client's Chief Information Security Officer (CISO) via encrypted protocols and subsequently dispose of all findings by erasing them in a secure manner.`

Based on the information in the SOW, which of the following behaviors would be considered unethical? (Choose two.)

  1. Utilizing proprietary penetration-testing tools that are not available to the public or to the client for auditing and inspection
  2. Utilizing public-key cryptography to ensure findings are delivered to the CISO upon completion of the engagement.
  3. Failing to share with the client critical vulnerabilities that exist within the client architecture to appease the client's senior leadership team.
  4. Seeking help with the engagement in underground hacker forums by sharing the client's public IP address
  5. Using a software-based erase tool to wipe the client's findings from the penetration tester's laptop.
  6. Retaining the SOW within the penetration tester's company for future use so the sales team can plan future engagements

Answer(s): C,D



Page 27 of 93



Post your Comments and Discuss CompTIA PT0-002 exam with other Community members:

Evan Couture commented on December 03, 2024
These questions are exactly what you will see on exam day, but they are good study. The exam may have questions covering similar objectives, but you will still need to study the material and perform hands on labs to be fully prepared. I used certmaster learn, infosec labs, pentest+ for dummies, pluralsight, wordwall user(markutree has some useful matching exercises), quizlet, and of course this resource. Hope this helps.
Anonymous
upvote

Nate commented on October 04, 2024
I worked really hard to pass this exam. It is a very hard exam. These questions are you best buddy. So use them.
UNITED STATES
upvote

Anon commented on August 01, 2024
Good content and useful practice questions. However I run some of the content against ChatGPT and the accuracy was around 90%. I know ChatGPT is not always correct but 90% match is pretty good to me.
UNITED STATES
upvote

Briyan commented on June 18, 2024
Good for passing the exam with a high mark but not ideal for deep learning. This helped me pass the exam and I got the high mark but I learned very little as they are all questions from the real exam.
UNITED STATES
upvote

anon commented on June 05, 2024
Question 20 regarding SSHD nmap scan doesnt add up. why would you do -sA ack scan?? why not a script or something?
UNITED STATES
upvote

SAJI commented on July 20, 2023
56 question correct answer a,b
Anonymous
upvote

Summer commented on October 04, 2023
looking forward to the real exam
Anonymous
upvote

Summer commented on October 04, 2023
looking forward to the real exam
Anonymous
upvote

Wale commented on August 19, 2023
I am new here , just started going through the questions
EUROPEAN UNION
upvote

Doddy commented on July 31, 2023
I have passed PT0-002, thanks!
Anonymous
upvote

SAJI commented on July 20, 2023
56 question correct answer A,B
Anonymous
upvote

Danny commented on August 12, 2021
Well worth... cheap and very helpful.
UNITED STATES
upvote

Frank commented on July 22, 2021
Focus on these questions and your are going to pass. That is what I did. Good luck guys.
SOUTH AFRICA
upvote