[Dec-2025] CompTIA PenTest+ PT0-002 Exam Practice Dumps
2025 PT0-002 Premium Files Test pdf - Free Dumps Collection
NEW QUESTION # 10
A penetration tester is reviewing the security of a web application running in an laaS compute instance.
Which of the following payloads should the tester send to get the running process credentials?
- A. file=http://169.254.169.254/latest/meta-data/
- B. file='%20or%2054365=54365 ;--
- C. file =.. / .. / .. /proc/self/environ
- D. file=http://192.168.
1. 78?+document.cookie
Answer: C
Explanation:
The payload file=/proc/self/environ is used to exploit Local File Inclusion (LFI) vulnerabilities in web applications running on Linux systems. This payload allows the attacker to read the environment variables of the process running the web server, which can include sensitive information such as credentials, system paths, and configuration details. The other payloads mentioned are not as directly relevant to obtaining running process credentials in the context of an LFI vulnerability.
NEW QUESTION # 11
A penetration tester finds a PHP script used by a web application in an unprotected internal source code repository. After reviewing the code, the tester identifies the following:
Which of the following combinations of tools would the penetration tester use to exploit this script?
- A. Nmap and OWASP ZAP
- B. Burp Suite and DIRB
- C. Netcat and cURL
- D. Hydra and crunch
Answer: C
NEW QUESTION # 12
A mail service company has hired a penetration tester to conduct an enumeration of all user accounts on an SMTP server to identify whether previous staff member accounts are still active. Which of the following commands should be used to accomplish the goal?
- A. VRFY and EXPN
- B. RCPT TO and VRFY
- C. EXPN and TURN
- D. VRFY and TURN
Answer: A
Explanation:
The VRFY and EXPN commands can be used to enumerate user accounts on an SMTP server, as they are used to verify the existence of users or mailing lists. VRFY (verify) asks the server to confirm that a given user name or address is valid. EXPN (expand) asks the server to expand a mailing list into its individual members. These commands can be used by a penetration tester to identify valid user names or e-mail addresses on the target SMTP server.
Reference: https://hackerone.com/reports/193314
NEW QUESTION # 13
An organization is using Android mobile devices but does not use MDM services. Which of the following describes an existing risk present in this scenario?
- A. Device log facility does not record actions.
- B. Unsigned applications can be installed.
- C. Push notification services require internet.
- D. End users have root access by default.
Answer: B
Explanation:
The risk present in an organization using Android mobile devices without Mobile Device Management (MDM) services is that unsigned applications can be installed. Without MDM, there are fewer controls over the installation of applications, which increases the risk of installing malicious or unauthorized applications. MDM services typically provide a way to enforce application signing policies, preventing the installation of unsigned apps.
Reference:
OWASP Mobile Security Project
NIST Mobile Device Management Guide
NEW QUESTION # 14
A penetration tester discovered a code repository and noticed passwords were hashed before they were stored in the database with the following code? salt = '123' hash = hashlib.pbkdf2_hmac('sha256', plaintext, salt,
10000) The tester recommended the code be updated to the following salt = os.urandom(32) hash = hashlib.pbkdf2_hmac('sha256', plaintext, salt, 10000) Which of the following steps should the penetration tester recommend?
- A. Rehashing all old passwords with the new code
- B. Replacing the SHA-256 algorithm to something more secure
- C. Changing passwords that were created before this code update
- D. Keeping hashes created by both methods for compatibility
Answer: C
Explanation:
Explanation
The penetration tester recommended the code be updated to use a random salt instead of a fixed salt for hashing passwords. A salt is a random value that is added to the plaintext password before hashing it, to prevent attacks such as rainbow tables or dictionary attacks that rely on precomputed hashes of common or weak passwords. A random salt ensures that each password hash is unique and unpredictable, even if two users have the same password. However, changing the salt does not affect the existing hashes that were created with the old salt, which may still be vulnerable to attacks. Therefore, the penetration tester should recommend changing passwords that were created before this code update, so that they can be hashed with the new salt and be more secure. The other options are not valid steps that the penetration tester should recommend. Keeping hashes created by both methods for compatibility would defeat the purpose of updating the code, as it would leave some hashes vulnerable to attacks. Rehashing all old passwords with the new code would not work, as it would require knowing the plaintext passwords, which are not stored in the database. Replacing the SHA-256 algorithm to something more secure is not necessary, as SHA-256 is a secure and widely used hashing algorithm that has no known vulnerabilities or collisions.
NEW QUESTION # 15
A penetration tester recently completed a review of the security of a core network device within a corporate environment. The key findings are as follows:
* The following request was intercepted going to the network device:
GET /login HTTP/1.1
Host: 10.50.100.16
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0 Accept-Language: en-US,en;q=0.5 Connection: keep-alive Authorization: Basic WU9VUilOQU1FOnNlY3JldHBhc3N3b3jk
* Network management interfaces are available on the production network.
* An Nmap scan returned the following:
Which of the following would be BEST to add to the recommendations section of the final report? (Choose two.)
- A. Disable HTTP/301 redirect configuration.
- B. Enforce enhanced password complexity requirements.
- C. Eliminate network management and control interfaces.
- D. Create an out-of-band network for management.
- E. Disable or upgrade SSH daemon.
- F. Implement a better method for authentication.
Answer: D,F
Explanation:
The key findings indicate that the network device is vulnerable to several attacks, such as sniffing, brute-forcing, or exploiting the SSH daemon. To prevent these attacks, the best recommendations are to create an out-of-band network for management, which means a separate network that is not accessible from the production network, and to implement a better method for authentication, such as SSH keys or certificates.
The other options are not as effective or relevant.
NEW QUESTION # 16
A penetration tester performs the following command:
curl -I -http2 https://www.comptia.org
Which of the following snippets of output will the tester MOST likely receive?
- A. Option A
- B. Option D
- C. Option B
- D. Option C
Answer: A
Explanation:
Reference: https://research.securitum.com/http-2-protocol-it-is-faster-but-is-it-also-safer/
NEW QUESTION # 17
Which of the following BEST describe the OWASP Top 10? (Choose two.)
- A. A checklist of Apache vulnerabilities
- B. A list of all the risks of web applications
- C. The risks defined in order of importance
- D. A web-application security standard
- E. The most critical risks of web applications
- F. A risk-governance and compliance framework
Answer: C,E
Explanation:
These two options best describe the OWASP Top 10, which stands for Open Web Application Security Project Top 10 and is a list of the most critical web application security risks based on data from various sources and experts. The list is updated periodically to reflect changes in technology and threat landscape. The list also ranks the risks in order of importance based on their prevalence, impact, and ease of exploitation or remediation. The other options are not accurate descriptions of the OWASP Top 10. The list does not cover all the risks of web applications, but rather focuses on the most common and severe ones. The list is not a web application security standard, but rather a guideline or reference for developers, testers, and security professionals. The list is not a risk-governance and compliance framework, but rather a resource or tool for identifying and mitigating web application vulnerabilities. The list is not a checklist of Apache vulnerabilities, but rather a general list of web application risks that apply to any web server or platform.
NEW QUESTION # 18
During the execution of a cloud penetration test, a tester was able to gain an initial footprint on the customer cloud infrastructure. Now the tester wants to scan the cloud resources, possible misconfigurations, and other relevant data that could be exploited. Which of the following tools should the tester most likely use?
- A. Nikto
- B. Pacu
- C. Cobalt Strike
- D. Recon-ng
Answer: D
NEW QUESTION # 19
A penetration tester who is doing a company-requested assessment would like to send traffic to another system using double tagging. Which of the following techniques would BEST accomplish this goal?
- A. RFID tagging
- B. Tag nesting
- C. Meta tagging
- D. RFID cloning
Answer: B
Explanation:
Explanation
since vlan hopping requires 2 vlans to be nested in a single packet. Double tagging occurs when an attacker adds and modifies tags on an Ethernet frame to allow the sending of packets through any VLAN. This attack takes advantage of how many switches process tags. Most switches will only remove the outer tag and forward the frame to all native VLAN ports. With that said, this exploit is only successful if the attacker belongs to the native VLAN of the trunk link.
https://cybersecurity.att.com/blogs/security-essentials/vlan-hopping-and-mitigation Tag nesting is a technique that involves inserting two VLAN tags into an Ethernet frame to bypass VLAN hopping prevention mechanisms. The first tag is stripped by the first switch, and the second tag is processed by the second switch, allowing the frame to reach a different VLAN than intended. RFID cloning is a technique that involves copying the data from an RFID tag to another tag or device. RFID tagging is a technique that involves attaching an RFID tag to an object or person for identification or tracking purposes.
Meta tagging is a technique that involves adding metadata to web pages or files for search engine optimization or classification purposes.
NEW QUESTION # 20
After gaining access to a previous system, a penetration tester runs an Nmap scan against a network with the following results:
The tester then runs the following command from the previous exploited system, which fails:
Which of the following explains the reason why the command failed?
- A. PowerShell requires administrative privilege.
- B. An account for RDP does not exist on the server.
- C. The command requires the -port 135 option.
- D. The tester input the incorrect IP address.
Answer: B
NEW QUESTION # 21
A penetration tester is conducting an on-path link layer attack in order to take control of a key fob that controls an electric vehicle. Which of the following wireless attacks would allow a penetration tester to achieve a successful attack?
- A. Bluesnarfing
- B. WPS PIN attack
- C. BLE attack
- D. Bluejacking
Answer: C
Explanation:
A BLE (Bluetooth Low Energy) attack is specifically designed to exploit vulnerabilities in the Bluetooth Low Energy protocol, which is commonly used in modern wireless devices, including key fobs for electric vehicles.
This type of attack can allow a penetration tester to intercept, manipulate, or take control of the communication between the key fob and the vehicle. Bluejacking and Bluesnarfing are older Bluetooth attacks that are less effective against modern BLE implementations. WPS PIN attacks target Wi-Fi Protected Setup, which is unrelated to key fobs and electric vehicles.
NEW QUESTION # 22
A penetration tester is explaining the MITRE ATT&CK framework to a company's chief legal counsel.
Which of the following would the tester MOST likely describe as a benefit of the framework?
- A. Scripts that are part of the framework can be imported directly into SIEM tools.
- B. The methodology can be used to estimate the cost of an incident better.
- C. Understanding the tactics of a security intrusion can help disrupt them.
- D. The framework is static and ensures stability of a security program overtime.
Answer: C
NEW QUESTION # 23
A Chief Information Security Officer wants to evaluate the security of the company's e-commerce application. Which of the following tools should a penetration tester use FIRST to obtain relevant information from the application without triggering alarms?
- A. w3af
- B. DirBuster
- C. SQLmap
- D. OWASP ZAP
Answer: D
NEW QUESTION # 24
A penetration tester, who is doing an assessment, discovers an administrator has been exfiltrating proprietary company information. The administrator offers to pay the tester to keep quiet. Which of the following is the BEST action for the tester to take?
- A. Stop the penetration test.
- B. Escalate the issue.
- C. Check the scoping document to determine if exfiltration is within scope.
- D. Include the discovery and interaction in the daily report.
Answer: D
NEW QUESTION # 25
A penetration tester has been provided with only the public domain name and must enumerate additional information for the public-facing assets.
INSTRUCTIONS
Select the appropriate answer(s), given the output from each section.
Output 1





- A. See all the solutions below in Explanation
Answer: A
Explanation:


NEW QUESTION # 26
A penetration tester logs in as a user in the cloud environment of a company. Which of the following Pacu modules will enable the tester to determine the level of access of the existing user?
- A. iam_privesc_scan
- B. iam_enum_permissions
- C. iam_bruteforce_permissions
- D. iam_backdoor_assume_role
Answer: B
Explanation:
The iam_enum_permissions module will enable the tester to determine the level of access of the existing user in the cloud environment of a company, as it will list all permissions associated with an IAM user3. IAM (Identity and Access Management) is a service that enables users to manage access and permissions for AWS resources. Pacu is a tool that can be used to perform penetration testing on AWS environments4.
NEW QUESTION # 27
A penetration tester utilized Nmap to scan host 64.13.134.52 and received the following results:
Based on the output, which of the following services are MOST likely to be exploited? (Choose two.)
- A. SMTP
- B. HTTP
- C. Telnet
- D. NTP
- E. SNMP
- F. DNS
Answer: B,F
NEW QUESTION # 28
......
Get ready to pass the PT0-002 Exam right now using our CompTIA PenTest+ Exam Package: https://realpdf.pass4suresvce.com/PT0-002-pass4sure-vce-dumps.html