Comptia Pentest+ CH 2 Practice 2025/2026 Exam Questions and Detailed Answers | Get it 100% Correct Answers

Comptia Pentest+ CH 2 Practice
2025/2026 Exam Questions and Detailed
Answers | Get it 100% Correct Answers



You have been asked to perform a black box penetration test for a

medium-sized organization that sells imported motorcycles and ATVs

online. In which phase of this assessment will you likely spend most of your

time?




A. Planning and scoping

B. Information gathering and vulnerability identification

C. Attacking and exploiting


D. Reporting and communicating results - 🧠ANSWER ✔✔B.




A black box penetration test is called for in this scenario, so you will likely

spend most of your time in the information gathering and vulnerability

identification phase of the assessment. This is because, by definition, you


1
COPYRIGHT©JOSHCLAY 2025/2026. YEAR PUBLISHED 2025. COMPANY REGISTRATION NUMBER: 619652435. TERMS OF USE. PRIVACY
STATEMENT. ALL RIGHTS RESERVED

,should have little or no knowledge of the organization or its network prior to

running the test.

You are performing a black box penetration test for a medium-sized

organization that sells imported motorcycles and ATVs through its online

storefront. You need to discover who owns the organization's domain.

Which tool in your penetration testing toolkit should you use?




A. nslookup

B. whois

C. Shodan


D. Maltego - 🧠ANSWER ✔✔B.




The whois command can be used to gather information from public records

about who owns a particular domain.

You are performing a black box penetration test for a medium-sized

organization that sells imported clothing through its online storefront. You

need to discover which IP addresses are associated with the organization's

domain. Which tool in your penetration testing toolkit should you use?

2
COPYRIGHT©JOSHCLAY 2025/2026. YEAR PUBLISHED 2025. COMPANY REGISTRATION NUMBER: 619652435. TERMS OF USE. PRIVACY
STATEMENT. ALL RIGHTS RESERVED

,A. nslookup

B. whois

C. theHarvester

D. Fingerprinting Organizations with Collected Archives (FOCA) -

🧠ANSWER ✔✔A.




The nslookup command is included with most operating systems, including

Windows and Linux, and can be used to resolve an organization's domain

name into its associated IP addresses.

You are performing a black box penetration test for a medium-sized

organization that sells imported clothing through its online storefront. You

want to query search engines and other resources to discover email

addresses, employee names, and other details about the target. Which tool

in your penetration testing toolkit should you use?




A. nmap



3
COPYRIGHT©JOSHCLAY 2025/2026. YEAR PUBLISHED 2025. COMPANY REGISTRATION NUMBER: 619652435. TERMS OF USE. PRIVACY
STATEMENT. ALL RIGHTS RESERVED

, B. Shodan

C. theHarvester

D. Fingerprinting Organizations with Collected Archives (FOCA) -

🧠ANSWER ✔✔C.




theHarvester is a tool available on some Linux distributions, such as Kali

Linux, that can be used to query search engines to discover email

addresses, employee names, and other details about the target

organization.

You are performing a black box penetration test for a large organization

that wholesales imported electronic devices in the United States. You need

to uncover any information you can find about the organization using open

source intelligence (OSINT). Which tool in your penetration testing toolkit

could you use to do this?




A. Censys

B. whois

C. recon-ng

4
COPYRIGHT©JOSHCLAY 2025/2026. YEAR PUBLISHED 2025. COMPANY REGISTRATION NUMBER: 619652435. TERMS OF USE. PRIVACY
STATEMENT. ALL RIGHTS RESERVED