PT0-002 COMPTIA PENTEST+ CERTIFICATION EXAM QUESTIONS AND ANSWERS CompTIA PT0-002 Exam
EDUSUM.COM Get complete detail on PT0-002 exam guide to crack CompTIA PenTest+. You can collect all information on PT0-002 tutorial, practice test, books, study material, exam questions, and syllabus. Firm your knowledge on CompTIA PenTest+ and get ready to crack PT0-002 certification. Explore all information on PT0-002 exam with number of questions, passing percentage and time duration to complete test.
WWW.EDUSUM.COM
Introduction to CompTIA PenTest+ Exam The CompTIA PT0-002 Exam is challenging and thorough preparation is essential for success. This exam study guide is designed to help you prepare for the PenTest+ certification exam. It contains a detailed list of the topics covered on the Professional exam, as well as a detailed list of preparation resources. This study guide for the CompTIA PenTest+ will help guide you through the study process for your certification.
PT0-002 CompTIA PenTest+ Exam Summary ● ● ● ● ● ● ●
Exam Name: CompTIA PenTest+ Exam Code: PT0-002 Exam Price: $381 (USD) Duration: 165 mins Number of Questions: 85 Passing Score: 750 / 900 Books / Training: CompTIA PenTest+ Certification Training
PT0-002: CompTIA PenTest+
1
WWW.EDUSUM.COM
● Schedule Exam: ○ CompTIA Marketplace ○ Pearson VUE ● Sample Questions: CompTIA PenTest+ Sample Questions ● Recommended Practice: CompTIA PT0-002 Certification Practice Exam
Exam Syllabus: PT0-002 CompTIA PenTest+ Topic
Details
Planning and Scoping - 15% - Understanding the target audience - Rules of engagement - Communication escalation path - Resources and requirements
Confidentiality of findings Known vs. unknown
- Budget - Impact analysis and remediation timelines - Disclaimers Explain the importance of planning for an engagement.
Point-in-time assessment Comprehensiveness
- Technical constraints - Support resources
WSDL/WADL SOAP project file SDK documentation Swagger document XSD Sample application requests Architectural diagrams
- Contracts Explain key legal concepts.
PT0-002: CompTIA PenTest+
SOW MSA
2
WWW.EDUSUM.COM
Topic
Details NDA - Environmental differences
Export restrictions Local and national government restrictions Corporate policies
- Written authorization
Obtain signature from proper signing authority Third-party provider authorization when necessary
- Types of assessment
Goals-based/objectives-based Compliance-based Red team
- Special scoping considerations
Premerger Supply chain
- Target selection
Explain the importance of scoping an engagement properly.
Targets 1. Internal - On-site vs. off-site 2. External 3. First-party vs. third-party hosted 4. Physical 5. Users 6. SSIDs 7. Applications Considerations 1. White-listed vs. black-listed 2. Security exceptions - IPS/WAF whitelist - NAC - Certificate pinning - Company’s policies
- Strategy
PT0-002: CompTIA PenTest+
3
WWW.EDUSUM.COM
Topic
Details
Black box vs. white box vs. gray box
- Risk acceptance - Tolerance to impact - Scheduling - Scope creep - Threat actors
Adversary tier 1. APT 2. Script kiddies 3. Hacktivist 4. Insider threat Capabilities Intent Threat models
- Compliance-based assessments, limitations and caveats
Explain the key aspects of compliance-based assessments.
Rules to complete assessment Password policies Data isolation Key management Limitations 1. Limited network access 2. Limited storage access
- Clearly defined objectives based on regulations
Information Gathering and Vulnerability Identification - 22% - Scanning - Enumeration Given a scenario, conduct information gathering using appropriate techniques.
PT0-002: CompTIA PenTest+
Hosts Networks Domains Users Groups Network shares
4
WWW.EDUSUM.COM
Topic
Details Web pages Applications Services Tokens Social networking sites - Packet crafting - Packet inspection - Fingerprinting - Cryptography
Certificate inspection
- Eavesdropping
RF communication monitoring Sniffing 1. Wired 2. Wireless
- Decompilation - Debugging - Open Source Intelligence Gathering
Sources of research 1. CERT 2. NIST 3. JPCERT 4. CAPEC 5. Full disclosure 6. CVE 7. CWE
- Credentialed vs. non-credentialed - Types of scans
Given a scenario, perform a vulnerability scan.
Discovery scan Full scan Stealth scan Compliance scan
- Container security - Application scan
PT0-002: CompTIA PenTest+
5
WWW.EDUSUM.COM
Topic
Details
Dynamic vs. static analysis
- Considerations of vulnerability scanning
Time to run scans Protocols used Network topology Bandwidth limitations Query throttling Fragile systems/non-traditional assets
- Asset categorization - Adjudication
Given a scenario, analyze vulnerability scan results.
False positives
- Prioritization of vulnerabilities - Common themes
Vulnerabilities Observations Lack of best practices
- Map vulnerabilities to potential exploits - Prioritize activities in preparation for penetration test - Describe common techniques to complete attack
Explain the process of leveraging information to prepare for exploitation.
Explain weaknesses related to specialized systems.
PT0-002: CompTIA PenTest+
Cross-compiling code Exploit modification Exploit chaining Proof-of-concept development (exploit development) Social engineering Credential brute forcing Dictionary attacks Rainbow tables Deception
- ICS - SCADA - Mobile
6
WWW.EDUSUM.COM
Topic
Details - IoT - Embedded - Point-of-sale system - Biometrics - Application containers - RTOS
Attacks and Exploits - 30% - Phishing
Spear phishing SMS phishing Voice phishing Whaling
- Elicitation
Business email compromise
Compare and contrast social - Interrogation - Impersonation engineering attacks. - Shoulder surfing - USB key drop - Motivation techniques
Authority Scarcity Social proof Urgency Likeness Fear
- Name resolution exploits
NETBIOS name service LLMNR
Given a scenario, exploit network-based vulnerabilities. - SMB exploits - SNMP exploits - SMTP exploits - FTP exploits - DNS cache poisoning
PT0-002: CompTIA PenTest+
7
WWW.EDUSUM.COM
Topic
Details - Pass the hash - Man-in-the-middle
ARP spoofing Replay Relay SSL stripping Downgrade
- DoS/stress test - NAC bypass - VLAN hopping - Evil twin
Given a scenario, exploit wireless and RF-based vulnerabilities.
Karma attack Downgrade attack
- Deauthentication attacks - Fragmentation attacks - Credential harvesting - WPS implementation weakness - Bluejacking - Bluesnarfing - RFID cloning - Jamming - Repeating - Injections
Given a scenario, exploit application-based vulnerabilities.
- Authentication
PT0-002: CompTIA PenTest+
SQL HTML Command Code
Credential brute forcing Session hijacking Redirect Default credentials Weak credentials
8
WWW.EDUSUM.COM
Topic
Details Kerberos exploits - Authorization
Parameter pollution Insecure direct object reference
- Cross-site scripting (XSS)
Stored/persistent Reflected DOM
- Cross-site request forgery (CSRF/XSRF) - Clickjacking - Security misconfiguration
Directory traversal Cookie manipulation
- File inclusion
Local Remote
- Unsecure code practices
Comments in source code Lack of error handling Overly verbose error handling Hard-coded credentials Race conditions Unauthorized use of functions/unprotected APIs Hidden elements 1. Sensitive information in the DOM Lack of code signing
- OS vulnerabilities Given a scenario, exploit local host vulnerabilities.
PT0-002: CompTIA PenTest+
Windows Mac OS Linux Android
9
WWW.EDUSUM.COM
Topic
Details iOS - Unsecure service and protocol configurations - Privilege escalation
Linux-specific 1. SUID/SGID programs 2. Unsecure SUDO 3. Ret2libc 4. Sticky bits Windows-specific 1. Cpassword 2. Clear text credentials in LDAP 3. Kerberoasting 4. Credentials in LSASS 5. Unattended installation 6. SAM database 7. DLL hijacking Exploitable services 1. Unquoted service paths 2. Writable services Unsecure file/folder permissions Keylogger Scheduled tasks Kernel exploits
- Default account settings - Sandbox escape
Shell upgrade VM Container
- Physical device security
Cold boot attack JTAG debug Serial console
- Piggybacking/tailgating Summarize physical security - Fence jumping attacks related to facilities. - Dumpster diving - Lock picking
PT0-002: CompTIA PenTest+
10
WWW.EDUSUM.COM
Topic
Details - Lock bypass - Egress sensor - Badge cloning - Lateral movement
Given a scenario, perform post-exploitation techniques.
RPC/DCOM 1. PsExec 2. WMI 3. Scheduled tasks PS remoting/WinRM SMB RDP Apple Remote Desktop VNC X-server forwarding Telnet SSH RSH/Rlogin
- Persistence
Scheduled jobs Scheduled tasks Daemons Back doors Trojan New user creation
- Covering your tracks
Penetration Testing Tools - 17% - SYN scan (-sS) vs. full connect scan (-sT) - Port selection (-p) Given a scenario, use Nmap - Service identification (-sV) to conduct information - OS fingerprinting (-O) gathering exercises. - Disabling ping (-Pn) - Target input file (-iL)
PT0-002: CompTIA PenTest+
11
WWW.EDUSUM.COM
Topic
Details - Timing (-T) - Output parameters
oA oN oG oX
- Use cases
Compare and contrast various use cases of tools.
Reconnaissance Enumeration Vulnerability scanning Credential attacks 1. Offline password cracking 2. Brute-forcing services Persistence Configuration compliance Evasion Decompilation Forensics Debugging Software assurance 1. Fuzzing 2. SAST 3. DAST
- Tools
PT0-002: CompTIA PenTest+
Scanners 1. Nikto 2. OpenVAS 3. SQLmap 4. Nessus Credential testing tools 1. Hashcat 2. Medusa 3. Hydra 4. Cewl 5. John the Ripper 6. Cain and Abel
12
WWW.EDUSUM.COM
Topic
PT0-002: CompTIA PenTest+
Details 7. Mimikatz 8. Patator 9. Dirbuster 10. W3AF Debuggers 1. OLLYDBG 2. Immunity debugger 3. GDB 4. WinDBG 5. IDA Software assurance 1. Findbugs/findsecbugs 2. Peach 3. AFL 4. SonarQube 5. YASCA OSINT 1. Whois 2. Nslookup 3. Foca 4. Theharvester 5. Shodan 6. Maltego 7. Recon-NG 8. Censys Wireless 1. Aircrack-NG 2. Kismet 3. WiFite Web proxies 1. OWASP ZAP 2. Burp Suite Social engineering tools 1. SET 2. BeEF Remote access tools 1. SSH 2. NCAT 3. NETCAT 4. Proxychains
13
WWW.EDUSUM.COM
Topic
Details Networking tools 1. Wireshark 2. Hping Mobile tools 1. Drozer 2. APKX 3. APK studio MISC 1. Searchsploit 2. Powersploit 3. Responder 4. Impacket 5. Empire 6. Metasploit framework
- Password cracking - Pass the hash Given a scenario, analyze tool - Setting up a bind shell output or data related to a - Getting a reverse shell penetration test. - Proxying a connection - Uploading a web shell - Injections - Logic
Looping Flow control
- I/O Given a scenario, analyze a basic script (limited to Bash, Python, Ruby, and PowerShell).
File vs. terminal vs. network
- Substitutions - Variables - Common operations
String operations Comparisons
- Error handling - Arrays - Encoding/decoding
PT0-002: CompTIA PenTest+
14
WWW.EDUSUM.COM
Topic
Details
Reporting and Communication - 16%
Given a scenario, use report writing and handling best practices.
Explain post-report delivery activities.
Given a scenario, recommend mitigation strategies for discovered vulnerabilities.
PT0-002: CompTIA PenTest+
- Normalization of data - Written report of findings and remediation Executive summary Methodology Findings and remediation Metrics and measures 1. Risk rating Conclusion - Risk appetite - Storage time for report - Secure handling and disposition of reports - Post-engagement cleanup Removing shells Removing tester-created credentials Removing tools - Client acceptance - Lessons learned - Follow-up actions/retest - Attestation of findings - Solutions People Process Technology - Findings Shared local administrator credentials Weak password complexity Plain text passwords No multifactor authentication SQL injection Unnecessary open services - Remediation Randomize credentials/LAPS Minimum password requirements/password filters Encrypt the passwords
15
WWW.EDUSUM.COM
Topic
Details Implement multifactor authentication Sanitize user input/parameterize queries System hardening
Explain the importance of communication during the penetration testing process.
- Communication path - Communication triggers Critical findings Stages Indicators of prior compromise - Reasons for communication Situational awareness De-escalation De-confliction - Goal reprioritization
CompTIA PT0-002 Certification Sample Questions and Answers To make you familiar with CompTIA PenTest+ (PT0-002) certification exam structure, we have prepared this sample question set. We suggest you to try our Sample Questions for PenTest Plus PT0-002 Certification to test your understanding of CompTIA PT0-002 process with real CompTIA certification exam environment.
PT0-002 CompTIA PenTest+ Sample Questions:01. A company conducted a simulated phishing attack by sending its employees emails that included a link to a site that mimicked the corporate SSO portal. Eighty percent of the employees who received the email clicked the link and provided their corporate credentials on the fake site. Which of the following recommendations would BEST address this situation? a) Restrict employees from web navigation by defining a list of unapproved sites in the corporate proxy. b) Implement a recurring cybersecurity awareness education program for all users. c) Implement multifactor authentication on all corporate applications.
PT0-002: CompTIA PenTest+
16
WWW.EDUSUM.COM
d) Implement an email security gateway to block spam and malware from email communications. 02. Bash is a command shell and language interpreter that is available for operating systems such as Linux, macOS, and even Windows. The name Bash is an acronym for Bourne-Again shell. What does a shell do? a) It deletes temporary files. b) It deletes application logs. c) It suppresses Syslog messages. d) It allows for interactive or non-interactive command execution. 03. What type of attack uses a password hash collected from a compromised system and then uses the same hash to log in to another client or server system? a) Brute force b) Evil twin c) Pass-the-hash attack d) Pass-the-password attack 04. When was the Security Standards for the Protection of Electronic Protected Health Information, known as the HIPAA Security Rule, published? a) March 1963 b) July 2021 c) February 2003 d) September 1970 05. Which of the following is the process of distributing, installing, and applying software updates? a) Patch management b) Key rotation c) Encryption of passwords d) Process-level remediation 06. Cyber war and cyber espionage are both related to which type of threat actors? a) Hacktivists b) State-sponsored attackers c) Organized crime d) Insider threats
PT0-002: CompTIA PenTest+
17
WWW.EDUSUM.COM
07. Organizations sometimes require which of the following to feel comfortable with the penetration testing team that they are giving access to their environment and information? a) Fingerprints b) Polygraphs c) Down payment d) Background checks 08. Job rotation, mandatory vacations, and user training are examples of which types of controls? a) Operational controls b) Administrative controls c) Physical controls d) None of these answers are correct. 09. How can an attacker maintain persistence of a compromised system? a) Send phishing email links b) Create a bind or reverse shell c) Use an evil twin d) Ping the core processor 10. During which phase of a penetration testing engagement does a penetration tester clearly define the scope of the engagement? a) Master penetration rules agreement b) Service level agreement c) Planning and preparation phase d) Pre-setup phase
Answers:Answer 1:- b Answer 2:- d Answer 3:- c Answer 4:- c Answer 5:- a Answer 6:- b Answer 7:- d Answer 8:- a Answer 9:- b
PT0-002: CompTIA PenTest+
18
WWW.EDUSUM.COM
Answer 10:- c
PT0-002: CompTIA PenTest+
19