CompTIA Pen Test+ Guide to Penetra on Tes ng 2nd
Edi on by Rob Wilson (Ques ons And Correct Answers
With Solu ons )
Ques on 1
Before beginning a penetra on test, what document should define the scope, objec ves, and
authoriza on?
A. Service Level Agreement (SLA)
B. Rules of Engagement (RoE)
C. Incident Response Plan
D. Business Con nuity Plan
Answer: B
Explana on:
The Rules of Engagement (RoE) establish the scope, tes ng windows, authorized systems,
communica on procedures, and limita ons for the engagement.
Ques on 2
Which ac vity is considered passive reconnaissance?
A. Port scanning
B. Banner grabbing
C. Reviewing public social media profiles
D. Running vulnerability scans
Answer: C
,Explana on:
Passive reconnaissance collects informa on without directly interac ng with the target,
reducing the likelihood of detec on.
Ques on 3
Which protocol commonly provides informa on about domain registra on?
A. FTP
B. WHOIS
C. SMTP
D. SNMP
Answer: B
Explana on:
WHOIS databases contain publicly available domain registra on informa on, such as registrar
details and registra on dates.
Ques on 4
Which tool is primarily used to perform DNS lookups?
A. Wireshark
B. Nmap
C. nslookup
D. Metasploit
Answer: C
Explana on:
nslookup queries DNS servers to obtain records such as A, MX, and NS records.
Ques on 5
A penetra on tester wants to iden fy open TCP ports on a host. Which tool is most
appropriate?
, A. Hydra
B. Burp Suite
C. Nmap
D. John the Ripper
Answer: C
Explana on:
Nmap is widely used for network discovery, host iden fica on, and port scanning.
Ques on 6
What is the purpose of banner grabbing?
A. Encrypt network traffic
B. Discover so ware versions running on services
C. Crack passwords
D. Hide scan ac vity
Answer: B
Ques on 7
Which Nmap scan completes the TCP three-way handshake?
A. SYN scan
B. FIN scan
C. Connect scan
D. NULL scan
Answer: C
Explana on:
A TCP Connect scan establishes a full connec on before closing it.
Ques on 8