CompTIA Pen Test+ PT0-002 Practice
Questions with complete solution 2025
Which of the following should a penetration tester attack to gain control of the
state in the HTTP protocol after the user is logged in?
A. HTTPS communication
B. Public and private keys
C. Password encryption
D. Sessions and cookies - correct answer ✔D. Sessions and Cookies
A penetration tester exploited a unique flaw on a recent penetration test of a
bank. After the test was completed, the tester posted information about the
exploit online along with the IP addresses of the exploited machines. Which of
the following documents could hold the penetration tester accountable for this
action?
A. ROE
B. SLA
C. MSA
D. NDA - correct answer ✔D. NDA
A penetration tester conducted a vulnerability scan against a client's critical
servers and found the following:
Host name Ispan OS Security uspandates
addc01.local 10.1.1.20 Windows Server 2012 KB4581001, KB4585587,
KB4586007
, addc02.local 10.1.1.21 Windows Server 2012 KB4586007
dnsint.local 10.1.1.22 Windows Server 2012 KB4581001, KB4585587,
KB4586007, KB4586010
wwwint.local 10.1.1.23 Windows Server 2012 KB4581001
Which of the following would be a recommendation for remediation?
A. Deploy a user training program.
B. Implement a patch management plan.
C. Utilize the secure software development life cycle.
D. Configure access controls on each of the servers. - correct answer ✔B.
Implement a patch management plan
A client requires all penetration testers to sign an NDA before beginning an
assessment. Which of the following explains the reason why the client would
require this?
A. To establish the rules of engagement for the assessment
B. To establish a proper communication channel during the assessment
C. To protect information that may be disclosed during the assessment
D. To acknowledge the assessment deliverables - correct answer ✔C. To
protect information that may be disclosed during the assessment
A penetration tester discovers a system that appears to be exfiltrating data
and reports it to the management team. Further investigation reveals malware
artifacts have been residing on the host for some time. Which of the following
BEST describes what the tester discovered?
A. A system software bug
B. Critical system vulnerabilities
Questions with complete solution 2025
Which of the following should a penetration tester attack to gain control of the
state in the HTTP protocol after the user is logged in?
A. HTTPS communication
B. Public and private keys
C. Password encryption
D. Sessions and cookies - correct answer ✔D. Sessions and Cookies
A penetration tester exploited a unique flaw on a recent penetration test of a
bank. After the test was completed, the tester posted information about the
exploit online along with the IP addresses of the exploited machines. Which of
the following documents could hold the penetration tester accountable for this
action?
A. ROE
B. SLA
C. MSA
D. NDA - correct answer ✔D. NDA
A penetration tester conducted a vulnerability scan against a client's critical
servers and found the following:
Host name Ispan OS Security uspandates
addc01.local 10.1.1.20 Windows Server 2012 KB4581001, KB4585587,
KB4586007
, addc02.local 10.1.1.21 Windows Server 2012 KB4586007
dnsint.local 10.1.1.22 Windows Server 2012 KB4581001, KB4585587,
KB4586007, KB4586010
wwwint.local 10.1.1.23 Windows Server 2012 KB4581001
Which of the following would be a recommendation for remediation?
A. Deploy a user training program.
B. Implement a patch management plan.
C. Utilize the secure software development life cycle.
D. Configure access controls on each of the servers. - correct answer ✔B.
Implement a patch management plan
A client requires all penetration testers to sign an NDA before beginning an
assessment. Which of the following explains the reason why the client would
require this?
A. To establish the rules of engagement for the assessment
B. To establish a proper communication channel during the assessment
C. To protect information that may be disclosed during the assessment
D. To acknowledge the assessment deliverables - correct answer ✔C. To
protect information that may be disclosed during the assessment
A penetration tester discovers a system that appears to be exfiltrating data
and reports it to the management team. Further investigation reveals malware
artifacts have been residing on the host for some time. Which of the following
BEST describes what the tester discovered?
A. A system software bug
B. Critical system vulnerabilities
