Comptia Pentest + 2025/2026 Exam
Questions Marking Scheme New Update
| A+ Rated
MR - 🧠ANSWER ✔✔See llR adjudication The process of evaluating and
ranking vulnerabilities in terms of the potential threat they may pose to an
organization
ADS - 🧠ANSWER ✔✔A feature of Microsoft's NT File System (NTFS) that
enables multiple data streams for a single file name by forking one or more
files to another
anti- forensics - 🧠ANSWER ✔✔The process of disputing or impeding a
forensic investigation
APT - 🧠ANSWER ✔✔A threat that uses multiple attack vectors to gain
unauthorized access to sensitive resources
ARP poisoning - 🧠ANSWER ✔✔The deliberate mapping of an incorrect
MAC address to a correct IP address
array - 🧠ANSWER ✔✔A programming object that is a collection of values
1
COPYRIGHT©JOSHCLAY 2025/2026. YEAR PUBLISHED 2025. COMPANY REGISTRATION NUMBER: 619652435. TERMS OF USE. PRIVACY
STATEMENT. ALL RIGHTS RESERVED
,asset categorization - 🧠ANSWER ✔✔The process of placing business
assets with similar characteristics into the same group
asset classification - 🧠ANSWER ✔✔See asset categorization
attestation - 🧠ANSWER ✔✔The act of showing or evidence showing that a
certain item exists or is true
backdoor - 🧠ANSWER ✔✔A hidden mechanism that provides you with
access to a system through some alternative means
badge cloning - 🧠ANSWER ✔✔The act of copying authentication data from
an RFID badge's microchip to another badge
baiting - 🧠ANSWER ✔✔A social engineering attack in which an attacker
leaves physical media in a location where someone else might pick it up
and use it
banner grabbing - 🧠ANSWER ✔✔An enumeration tactic that involves typing
to open a session with a service and getting the service to identify itself
Bash - 🧠ANSWER ✔✔A scripting language and command shell for Unix-
like systems
2
COPYRIGHT©JOSHCLAY 2025/2026. YEAR PUBLISHED 2025. COMPANY REGISTRATION NUMBER: 619652435. TERMS OF USE. PRIVACY
STATEMENT. ALL RIGHTS RESERVED
,BEC - 🧠ANSWER ✔✔A type of phishing where an attacker impersonates a
high-level executive or directly hijacks their email account so that they can
send an email to financial personnel, requesting money via a method like a
wire transfer
bind shell - 🧠ANSWER ✔✔A shell that is bound to a local network port on a
target system
black box - 🧠ANSWER ✔✔A pen testing strategy where the tester is
provided little or no information about the systems and networks being
targeted
black-box app testing - 🧠ANSWER ✔✔See DAST
bluejacking - 🧠ANSWER ✔✔A wireless attack where the attacker sends
unwanted Bluetooth signals from a smartphone, mobile phone, tablet, or
laptop to other Bluetooth-enabled devices
bluesnarfing - 🧠ANSWER ✔✔A wireless attack where the attacker gains
access to unauthorized information on a wireless device by using a
Bluetooth connection
3
COPYRIGHT©JOSHCLAY 2025/2026. YEAR PUBLISHED 2025. COMPANY REGISTRATION NUMBER: 619652435. TERMS OF USE. PRIVACY
STATEMENT. ALL RIGHTS RESERVED
, Bluetooth - 🧠ANSWER ✔✔A short-range wireless radio network
transmission medium normally used to connect two personal devices, such
as a mobile phone and a wireless headset
clickjacking - 🧠ANSWER ✔✔An application attack where an attacker tricks
a user into clicking on a web page link that is different from where they had
intended to go
code injection - 🧠ANSWER ✔✔An application attack that introduces
malicious code into a vulnerable application to compromise the security of
that application
cold boot attack - 🧠ANSWER ✔✔An attack where an attacker with physical
access to a computer that contains an encrypted drive may be able to
retrieve encryption keys after starting the computer from its off state
command injection - 🧠ANSWER ✔✔An application attack that supplies
malicious input to a web server, which then passes this input to a system
shell for execution
community string - 🧠ANSWER ✔✔A text identifier that must be the same on
a SNMP manager and a SNMP device
4
COPYRIGHT©JOSHCLAY 2025/2026. YEAR PUBLISHED 2025. COMPANY REGISTRATION NUMBER: 619652435. TERMS OF USE. PRIVACY
STATEMENT. ALL RIGHTS RESERVED
Questions Marking Scheme New Update
| A+ Rated
MR - 🧠ANSWER ✔✔See llR adjudication The process of evaluating and
ranking vulnerabilities in terms of the potential threat they may pose to an
organization
ADS - 🧠ANSWER ✔✔A feature of Microsoft's NT File System (NTFS) that
enables multiple data streams for a single file name by forking one or more
files to another
anti- forensics - 🧠ANSWER ✔✔The process of disputing or impeding a
forensic investigation
APT - 🧠ANSWER ✔✔A threat that uses multiple attack vectors to gain
unauthorized access to sensitive resources
ARP poisoning - 🧠ANSWER ✔✔The deliberate mapping of an incorrect
MAC address to a correct IP address
array - 🧠ANSWER ✔✔A programming object that is a collection of values
1
COPYRIGHT©JOSHCLAY 2025/2026. YEAR PUBLISHED 2025. COMPANY REGISTRATION NUMBER: 619652435. TERMS OF USE. PRIVACY
STATEMENT. ALL RIGHTS RESERVED
,asset categorization - 🧠ANSWER ✔✔The process of placing business
assets with similar characteristics into the same group
asset classification - 🧠ANSWER ✔✔See asset categorization
attestation - 🧠ANSWER ✔✔The act of showing or evidence showing that a
certain item exists or is true
backdoor - 🧠ANSWER ✔✔A hidden mechanism that provides you with
access to a system through some alternative means
badge cloning - 🧠ANSWER ✔✔The act of copying authentication data from
an RFID badge's microchip to another badge
baiting - 🧠ANSWER ✔✔A social engineering attack in which an attacker
leaves physical media in a location where someone else might pick it up
and use it
banner grabbing - 🧠ANSWER ✔✔An enumeration tactic that involves typing
to open a session with a service and getting the service to identify itself
Bash - 🧠ANSWER ✔✔A scripting language and command shell for Unix-
like systems
2
COPYRIGHT©JOSHCLAY 2025/2026. YEAR PUBLISHED 2025. COMPANY REGISTRATION NUMBER: 619652435. TERMS OF USE. PRIVACY
STATEMENT. ALL RIGHTS RESERVED
,BEC - 🧠ANSWER ✔✔A type of phishing where an attacker impersonates a
high-level executive or directly hijacks their email account so that they can
send an email to financial personnel, requesting money via a method like a
wire transfer
bind shell - 🧠ANSWER ✔✔A shell that is bound to a local network port on a
target system
black box - 🧠ANSWER ✔✔A pen testing strategy where the tester is
provided little or no information about the systems and networks being
targeted
black-box app testing - 🧠ANSWER ✔✔See DAST
bluejacking - 🧠ANSWER ✔✔A wireless attack where the attacker sends
unwanted Bluetooth signals from a smartphone, mobile phone, tablet, or
laptop to other Bluetooth-enabled devices
bluesnarfing - 🧠ANSWER ✔✔A wireless attack where the attacker gains
access to unauthorized information on a wireless device by using a
Bluetooth connection
3
COPYRIGHT©JOSHCLAY 2025/2026. YEAR PUBLISHED 2025. COMPANY REGISTRATION NUMBER: 619652435. TERMS OF USE. PRIVACY
STATEMENT. ALL RIGHTS RESERVED
, Bluetooth - 🧠ANSWER ✔✔A short-range wireless radio network
transmission medium normally used to connect two personal devices, such
as a mobile phone and a wireless headset
clickjacking - 🧠ANSWER ✔✔An application attack where an attacker tricks
a user into clicking on a web page link that is different from where they had
intended to go
code injection - 🧠ANSWER ✔✔An application attack that introduces
malicious code into a vulnerable application to compromise the security of
that application
cold boot attack - 🧠ANSWER ✔✔An attack where an attacker with physical
access to a computer that contains an encrypted drive may be able to
retrieve encryption keys after starting the computer from its off state
command injection - 🧠ANSWER ✔✔An application attack that supplies
malicious input to a web server, which then passes this input to a system
shell for execution
community string - 🧠ANSWER ✔✔A text identifier that must be the same on
a SNMP manager and a SNMP device
4
COPYRIGHT©JOSHCLAY 2025/2026. YEAR PUBLISHED 2025. COMPANY REGISTRATION NUMBER: 619652435. TERMS OF USE. PRIVACY
STATEMENT. ALL RIGHTS RESERVED
