Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. CompTIA
  5. PT1-002

CompTIA PT1-002 Exam Questions
CompTIA PenTest+ (Page 8 )

Updated On: 12-Apr-2026
Page 4 of 23
PDF with 110 Questions

A penetration tester who is doing a company-requested assessment would like to send tra c to another system using double tagging.
Which of the following techniques would BEST accomplish this goal?

  1. RFID cloning
  2. RFID tagging
  3. Meta tagging
  4. Tag nesting

Answer(s): C



SIMULATION
You are a penetration tester running port scans on a server.

INSTRUCTIONS:
Part 1: Given the output, construct the command that was used to generate this output from the available options. Part 2: Once the command is appropriately constructed, use the given output to identify the potential attack vectors that should be investigated further.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.




  1. See Explanation section for answer.

Answer(s): A

Explanation:

Part 1 - nmap 192.168.2.2 -sV -O
Part 2 - Weak SMB le permissions



A penetration tester is exploring a client's website. The tester performs a curl command and obtains the following:
* Connected to 10.2.11.144 (::1) port 80 (#0)
> GET /readmine.html HTTP/1.1
> Host: 10.2.11.144
> User-Agent: curl/7.67.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200
< Date: Tue, 02 Feb 2021 21:46:47 GMT
< Server: Apache/2.4.41 (Debian)
< Content-Length: 317
< Content-Type: text/html; charset=iso-8859-1
<
<!DOCTYPE html>
<html lang=`en`>
<head>
<meta name=`viewport` content=`width=device-width` />
<meta http-equiv=`Content-Type` content=`text/html; charset=utf-8` />
<title>WordPress > ReadMe</title>
<link rel=`stylesheet` href=`wp-admin/css/install.css?ver=20100228` type=`text/css` /> </head>
Which of the following tools would be BEST for the penetration tester to use to explore this site further?

  1. Burp Suite
  2. DirBuster
  3. WPScan
  4. OWASP ZAP

Answer(s): A


Reference:

https://tools.kali.org/web-applications/burpsuite



A penetration tester wrote the following script to be used in one engagement:



Which of the following actions will this script perform?

  1. Look for open ports.
  2. Listen for a reverse shell.
  3. Attempt to ood open ports.
  4. Create an encrypted tunnel.

Answer(s): A



A company conducted a simulated phishing attack by sending its employees emails that included a link to a site that mimicked the corporate SSO portal. Eighty percent of the employees who received the email clicked the link and provided their corporate credentials on the fake site.
Which of the following recommendations would BEST address this situation?

  1. Implement a recurring cybersecurity awareness education program for all users.
  2. Implement multifactor authentication on all corporate applications.
  3. Restrict employees from web navigation by de ning a list of unapproved sites in the corporate proxy.
  4. Implement an email security gateway to block spam and malware from email communications.

Answer(s): A


Reference:

https://resources.infosecinstitute.com/topic/top-9-free-phishing-simulators/



Viewing page 8 of 23
Viewing questions 36 - 40 out of 110 questions



Post your Comments and Discuss CompTIA PT1-002 exam dumps with other Community members:

PT1-002 Exam Discussions & Posts

AI Tutor AI Tutor 👋 I’m here to help!

© 2026 Free-Braindumps.com - A Community of Learners.

Disclaimer:

The resources, practice tests, and study guides on Free-Braindumps.com are strictly for educational and research purposes. We are an independent community platform and are not affiliated with, endorsed by, or sponsored by any official certification vendors, including Microsoft, Cisco, Amazon, CompTIA, or others. All certification names, trademarks, and logos are the property of their respective owners. Our content is user-contributed or independently developed to assist with exam preparation and skill assessment; we do not host or provide access to proprietary, confidential, or live exam questions.