jkhgfds
M
TEST BANK
PR
for
CompTIA PenTest+ PT0-002 Cert Guide (Certification
Guide) 2nd Edition
ES
by Omar Santos
SI
VE
G
All Chapters Included
R
AD
All Answers Included
ES
8uytrew
, jkhgfds
CompTIA® PenTest+ PT0-002 Cert Guide
Chapter 1 Introduction to Ethical Hacking and Penetration Testing
M
1) Which of these describes a scenario in which the tester is provided credentials but not full
documentation of the network infrastructure?
A) Unknown-environment test
B) Known-environment test
PR
C) Partially known environment test
D) Unspecified environment test
Answer: C
2) Which of the following would an ethical hacker not participate in?
A) Unauthorized access
ES
B) Responsible disclosure
C) Documentation
D) Unknown-environment test
Answer: A
3) Which of these attack types involves tricking the user into disclosing information or taking
SI
action?
A) DDoS
B) Ransomware
C) Social engineering
D) Botnet
VE
Answer: C
4) What type of attacker is most likely to be motivated purely by financial profit?
A) Hacktivist
B) Nation-state
C) Insider threat
G
D) Organized crime
Answer: D
5) Cyber war and cyber espionage are two terms that best fit into this category:
R
A) State-sponsored attackers
B) Hacktivists
C) Insider threats
AD
D) Organized crime
Answer: A
6) Which of the following frameworks is a collection of different matrices of tactics, techniques,
and subtechniques?
A) WSTG
ES
B) MITRE ATT&CK
C) NIST
D) OSSTMM
Answer: B
8uytrew
, jkhgfds
7) What type of attacker steals sensitive data and then reveals it to the public in order to
embarrass the target?
M
A) Kidnapper
B) Nation state
C) Organized crime
D) Hacktivist
PR
Answer: D
8) What type of tests would be most important to conduct to find out whether hackers could use
the Internet to compromise your client’s online ordering system?
A) Application-based tests
B) Network infrastructure tests
ES
C) Penetration testing in the cloud
D) Physical facility tests
Answer: A
9) What is the first phase of the Penetration Testing Execution Standard testing methodology?
A) Intelligence gathering
SI
B) Vulnerability analysis
C) Pre-engagement interactions
D) Threat modeling
Answer: C
VE
10) What type of tests would be most important to conduct to find out whether unauthorized
people can reach the company’s server rooms?
A) Web application tests
B) Network infrastructure tests
C) Wireless network tests
D) Physical facility tests
G
Answer: D
11) What type of tests would be most important to conduct to find out whether there are any
R
poorly secured switches, firewalls, routers, and supporting resources?
A) Web application tests
B) Network infrastructure tests
C) Wireless network tests
AD
D) Physical facility tests
Answer: B
12) Which testing methodology involves seven phases, including pre-engagement interactions,
intelligence gathering, threat modeling, and vulnerability analysis?
A) PTES
ES
B) PCI DSS
C) Penetration Testing Framework
D) OSSTMM
Answer: A
8uytrew
, jkhgfds
13) Which testing methodology has key sections including Operational Security Metrics, Trust
Analysis, Work Flow, and Human Security Testing?
A) PTES
M
B) PCI DSS
C) Penetration Testing Framework
D) OSSTMM
Answer: D
PR
14) In this type of test, the tester would normally be provided things like network diagrams, IP
addresses, configurations, and a set of user credentials:
A) Unknown-environment test
B) Known-environment test
C) Partially known environment test
ES
D) Black-box test
Answer: B
15) ISSAF covers which of the following phases?
A) Information gathering
B) Network mapping
SI
C) Vulnerability identification
D) All of the above
Answer: D
16) What document created by the National Institute of Standards and Technology provides
VE
organizations with guidelines on planning and conducting information security testing?
A) Special Publication (SP) 800-115
B) General Publication (GP) 2006-110
C) Special Publication (SP) 2018-01
D) International Publication (IP) 2016-330
Answer: A
G
17) Which of these is not a requirement for a typical penetration testing environment?
A) Closed network
R
B) Virtualized computing environment
C) Sign-in credentials for the systems to be tested
D) Practice targets
Answer: C
AD
18) Which of these can help protect the client in the event that you break something during a
test?
A) Health monitoring
B) WPA
C) Open network
ES
D) Virtualized computing environment
Answer: D
19) Which type of hacker has consent to attempt to access the target?
8uytrew
M
TEST BANK
PR
for
CompTIA PenTest+ PT0-002 Cert Guide (Certification
Guide) 2nd Edition
ES
by Omar Santos
SI
VE
G
All Chapters Included
R
AD
All Answers Included
ES
8uytrew
, jkhgfds
CompTIA® PenTest+ PT0-002 Cert Guide
Chapter 1 Introduction to Ethical Hacking and Penetration Testing
M
1) Which of these describes a scenario in which the tester is provided credentials but not full
documentation of the network infrastructure?
A) Unknown-environment test
B) Known-environment test
PR
C) Partially known environment test
D) Unspecified environment test
Answer: C
2) Which of the following would an ethical hacker not participate in?
A) Unauthorized access
ES
B) Responsible disclosure
C) Documentation
D) Unknown-environment test
Answer: A
3) Which of these attack types involves tricking the user into disclosing information or taking
SI
action?
A) DDoS
B) Ransomware
C) Social engineering
D) Botnet
VE
Answer: C
4) What type of attacker is most likely to be motivated purely by financial profit?
A) Hacktivist
B) Nation-state
C) Insider threat
G
D) Organized crime
Answer: D
5) Cyber war and cyber espionage are two terms that best fit into this category:
R
A) State-sponsored attackers
B) Hacktivists
C) Insider threats
AD
D) Organized crime
Answer: A
6) Which of the following frameworks is a collection of different matrices of tactics, techniques,
and subtechniques?
A) WSTG
ES
B) MITRE ATT&CK
C) NIST
D) OSSTMM
Answer: B
8uytrew
, jkhgfds
7) What type of attacker steals sensitive data and then reveals it to the public in order to
embarrass the target?
M
A) Kidnapper
B) Nation state
C) Organized crime
D) Hacktivist
PR
Answer: D
8) What type of tests would be most important to conduct to find out whether hackers could use
the Internet to compromise your client’s online ordering system?
A) Application-based tests
B) Network infrastructure tests
ES
C) Penetration testing in the cloud
D) Physical facility tests
Answer: A
9) What is the first phase of the Penetration Testing Execution Standard testing methodology?
A) Intelligence gathering
SI
B) Vulnerability analysis
C) Pre-engagement interactions
D) Threat modeling
Answer: C
VE
10) What type of tests would be most important to conduct to find out whether unauthorized
people can reach the company’s server rooms?
A) Web application tests
B) Network infrastructure tests
C) Wireless network tests
D) Physical facility tests
G
Answer: D
11) What type of tests would be most important to conduct to find out whether there are any
R
poorly secured switches, firewalls, routers, and supporting resources?
A) Web application tests
B) Network infrastructure tests
C) Wireless network tests
AD
D) Physical facility tests
Answer: B
12) Which testing methodology involves seven phases, including pre-engagement interactions,
intelligence gathering, threat modeling, and vulnerability analysis?
A) PTES
ES
B) PCI DSS
C) Penetration Testing Framework
D) OSSTMM
Answer: A
8uytrew
, jkhgfds
13) Which testing methodology has key sections including Operational Security Metrics, Trust
Analysis, Work Flow, and Human Security Testing?
A) PTES
M
B) PCI DSS
C) Penetration Testing Framework
D) OSSTMM
Answer: D
PR
14) In this type of test, the tester would normally be provided things like network diagrams, IP
addresses, configurations, and a set of user credentials:
A) Unknown-environment test
B) Known-environment test
C) Partially known environment test
ES
D) Black-box test
Answer: B
15) ISSAF covers which of the following phases?
A) Information gathering
B) Network mapping
SI
C) Vulnerability identification
D) All of the above
Answer: D
16) What document created by the National Institute of Standards and Technology provides
VE
organizations with guidelines on planning and conducting information security testing?
A) Special Publication (SP) 800-115
B) General Publication (GP) 2006-110
C) Special Publication (SP) 2018-01
D) International Publication (IP) 2016-330
Answer: A
G
17) Which of these is not a requirement for a typical penetration testing environment?
A) Closed network
R
B) Virtualized computing environment
C) Sign-in credentials for the systems to be tested
D) Practice targets
Answer: C
AD
18) Which of these can help protect the client in the event that you break something during a
test?
A) Health monitoring
B) WPA
C) Open network
ES
D) Virtualized computing environment
Answer: D
19) Which type of hacker has consent to attempt to access the target?
8uytrew
