2027 Updated Practice Exam | 150+
Actual Most Tested Questions Collections
& Verified Detailed Answers From Past
Papers | Expert Verified Success Exam)
Graded A+
QUESTION 1 ✔
A penetration tester is conducting reconnaissance and wants to gather publicly
available domain registration details without directly interacting with the target
systems. Which tool is MOST appropriate?
A. Nmap
B. WHOIS lookup
C. Metasploit
D. Netcat
Answer: B — WHOIS lookup ✔
Rationale: WHOIS is used for passive reconnaissance to obtain domain
registration data without direct interaction with target systems.
QUESTION 2 ✔
During a penetration test, the client explicitly restricts any activity that could
cause service disruption. Which testing approach should be used?
,A. Active exploitation
B. Passive reconnaissance only
C. Grey-box testing with exploitation
D. Denial-of-service testing
Answer: B — Passive reconnaissance only ✔
Rationale: Passive reconnaissance ensures no direct interaction or disruption of
systems.
QUESTION 3 ✔
Which phase of a penetration test involves identifying potential vulnerabilities
using automated tools such as Nessus?
A. Post-exploitation
B. Scanning and enumeration
C. Reporting
D. Cleanup
Answer: B — Scanning and enumeration ✔
Rationale: Vulnerability scanning occurs during scanning and enumeration to
identify weaknesses.
QUESTION 4 ✔
A tester wants to escalate privileges on a compromised Windows system. Which
technique is MOST relevant?
A. SQL injection
B. Kerberoasting
C. DNS poisoning
D. ARP spoofing
,Answer: B — Kerberoasting ✔
Rationale: Kerberoasting targets service account credentials in Active Directory
for privilege escalation.
QUESTION 5 ✔
Which tool is commonly used for network packet analysis during penetration
testing?
A. Wireshark
B. Hydra
C. Burp Suite
D. Aircrack-ng
Answer: A — Wireshark ✔
Rationale: Wireshark is used for deep packet inspection and network traffic
analysis.
QUESTION 6 ✔
A tester finds an SQL injection vulnerability. What is the BEST next step?
A. Immediately exploit production database
B. Validate the vulnerability safely
C. Run denial-of-service attack
D. Delete logs
Answer: B — Validate the vulnerability safely ✔
Rationale: Ethical testing requires safe validation before exploitation.
QUESTION 7 ✔
Which attack manipulates a user into executing malicious commands via a fake
login page?
, A. Phishing
B. Spoofing
C. ARP poisoning
D. Buffer overflow
Answer: A — Phishing ✔
Rationale: Phishing uses fake interfaces to trick users into revealing credentials.
QUESTION 8 ✔
What is the PRIMARY purpose of threat modeling during a penetration test?
A. Exploit vulnerabilities
B. Identify potential attack paths
C. Install backdoors
D. Disable logging systems
Answer: B — Identify potential attack paths ✔
Rationale: Threat modeling maps possible attacker entry points and risks.
QUESTION 9 ✔
Which port is commonly associated with HTTPS traffic?
A. 21
B. 80
C. 443
D. 3389
Answer: C — 443 ✔
Rationale: HTTPS uses port 443 for secure web communication.
QUESTION 10 ✔