Pentest+ Exam 2025/2026 Exam
Questions and Correct Answers | New
Update
A penetration tester has compromised a Windows server and is attempting
to achieve persistence. Which of the following would achieve that goal? -
🧠ANSWER ✔✔reg save HKLM\System\CurrentControlSet\Services\Sv.reg
A client has scheduled a wireless penetration test. Which of the following
describes the scoping target information MOST likely needed before testing
can begin? - 🧠ANSWER ✔✔The bands and frequencies used by the client's
devices
Which of the following BEST describes some significant security
weaknesses with an ICS, such as those used in electrical utility facilities,
natural gas facilities, dams, and nuclear facilities? - 🧠ANSWER ✔✔ICS
staff are not adequately trained to perform basic duties.
A security analyst was provided with a detailed penetration report, which
was performed against the organization's DMZ environment. It was noted
on the report that a finding has a CVSS base score of 10.0. Which of the
1
COPYRIGHT©JOSHCLAY 2025/2026. YEAR PUBLISHED 2025. COMPANY REGISTRATION NUMBER: 619652435. TERMS OF USE. PRIVACY
STATEMENT. ALL RIGHTS RESERVED
,following levels of difficulty would be required to exploit this vulnerability? -
🧠ANSWER ✔✔Trivial; little effort is required to exploit this finding.
A penetration tester has gained access to a marketing employee's device.
The penetration tester wants to ensure that if the access is discovered,
control of the device can be regained. Which of the following actions should
the penetration tester use to maintain persistence to the device? (Select
TWO.) - 🧠ANSWER ✔✔Place an entry in
HKLM\Software\Microsoft\CurrentVersion\Run to call au57d.ps1.
Place a script in
C:\users\%username\local\appdata\roaming\temp\au57d.ps1.
Which of the following tools is used to perform a credential brute force
attack? - 🧠ANSWER ✔✔Hydra
Which of the following situations would cause a penetration tester to
communicate with a system owner/client during the course of a test?
(Select TWO.) - 🧠ANSWER ✔✔The system shows evidence of prior
unauthorized compromise.
The system becomes unavailable following an attempted exploit.
2
COPYRIGHT©JOSHCLAY 2025/2026. YEAR PUBLISHED 2025. COMPANY REGISTRATION NUMBER: 619652435. TERMS OF USE. PRIVACY
STATEMENT. ALL RIGHTS RESERVED
, A penetration tester has performed a security assessment for a startup
firm. The report lists a total of ten vulnerabilities, with five identified as
critical. The client does not have the resources to immediately remediate all
vulnerabilities. Under such circumstances, which of the following would be
the BEST suggestion for the client? - 🧠ANSWER ✔✔Fix the most critical
vulnerability first, even if it means fixing the other vulnerabilities may take a
very long lime.
Which of the following is the reason why a penetration tester would run the
chkconfig --del servicename command at the end of an engagement? -
🧠ANSWER ✔✔To remove the persistence
A penetration tester wants to target NETBIOS name service. Which of the
following is the MOST likely command to exploit the NETBIOS name
service? - 🧠ANSWER ✔✔nmap
A security consultant receives a document outlining the scope of an
upcoming penetration test. This document contains IP addresses and times
that each can be scanned. Which of the following would contain this
information? - 🧠ANSWER ✔✔Rules of engagement
A penetration tester executes the following commands:
3
COPYRIGHT©JOSHCLAY 2025/2026. YEAR PUBLISHED 2025. COMPANY REGISTRATION NUMBER: 619652435. TERMS OF USE. PRIVACY
STATEMENT. ALL RIGHTS RESERVED
Questions and Correct Answers | New
Update
A penetration tester has compromised a Windows server and is attempting
to achieve persistence. Which of the following would achieve that goal? -
🧠ANSWER ✔✔reg save HKLM\System\CurrentControlSet\Services\Sv.reg
A client has scheduled a wireless penetration test. Which of the following
describes the scoping target information MOST likely needed before testing
can begin? - 🧠ANSWER ✔✔The bands and frequencies used by the client's
devices
Which of the following BEST describes some significant security
weaknesses with an ICS, such as those used in electrical utility facilities,
natural gas facilities, dams, and nuclear facilities? - 🧠ANSWER ✔✔ICS
staff are not adequately trained to perform basic duties.
A security analyst was provided with a detailed penetration report, which
was performed against the organization's DMZ environment. It was noted
on the report that a finding has a CVSS base score of 10.0. Which of the
1
COPYRIGHT©JOSHCLAY 2025/2026. YEAR PUBLISHED 2025. COMPANY REGISTRATION NUMBER: 619652435. TERMS OF USE. PRIVACY
STATEMENT. ALL RIGHTS RESERVED
,following levels of difficulty would be required to exploit this vulnerability? -
🧠ANSWER ✔✔Trivial; little effort is required to exploit this finding.
A penetration tester has gained access to a marketing employee's device.
The penetration tester wants to ensure that if the access is discovered,
control of the device can be regained. Which of the following actions should
the penetration tester use to maintain persistence to the device? (Select
TWO.) - 🧠ANSWER ✔✔Place an entry in
HKLM\Software\Microsoft\CurrentVersion\Run to call au57d.ps1.
Place a script in
C:\users\%username\local\appdata\roaming\temp\au57d.ps1.
Which of the following tools is used to perform a credential brute force
attack? - 🧠ANSWER ✔✔Hydra
Which of the following situations would cause a penetration tester to
communicate with a system owner/client during the course of a test?
(Select TWO.) - 🧠ANSWER ✔✔The system shows evidence of prior
unauthorized compromise.
The system becomes unavailable following an attempted exploit.
2
COPYRIGHT©JOSHCLAY 2025/2026. YEAR PUBLISHED 2025. COMPANY REGISTRATION NUMBER: 619652435. TERMS OF USE. PRIVACY
STATEMENT. ALL RIGHTS RESERVED
, A penetration tester has performed a security assessment for a startup
firm. The report lists a total of ten vulnerabilities, with five identified as
critical. The client does not have the resources to immediately remediate all
vulnerabilities. Under such circumstances, which of the following would be
the BEST suggestion for the client? - 🧠ANSWER ✔✔Fix the most critical
vulnerability first, even if it means fixing the other vulnerabilities may take a
very long lime.
Which of the following is the reason why a penetration tester would run the
chkconfig --del servicename command at the end of an engagement? -
🧠ANSWER ✔✔To remove the persistence
A penetration tester wants to target NETBIOS name service. Which of the
following is the MOST likely command to exploit the NETBIOS name
service? - 🧠ANSWER ✔✔nmap
A security consultant receives a document outlining the scope of an
upcoming penetration test. This document contains IP addresses and times
that each can be scanned. Which of the following would contain this
information? - 🧠ANSWER ✔✔Rules of engagement
A penetration tester executes the following commands:
3
COPYRIGHT©JOSHCLAY 2025/2026. YEAR PUBLISHED 2025. COMPANY REGISTRATION NUMBER: 619652435. TERMS OF USE. PRIVACY
STATEMENT. ALL RIGHTS RESERVED
