CompTIA PT0-002 Practice Test - Questions Answers

A Chief Information Security Officer wants a penetration tester to evaluate the security awareness level of the company's employees.

Which of the following tools can help the tester achieve this goal?

Which of the following commands will allow a penetration tester to permit a shell script to be executed by the file owner?

A compliance-based penetration test is primarily concerned with:

A penetration tester is explaining the MITRE ATT&CK framework to a company's chief legal counsel.

Which of the following would the tester MOST likely describe as a benefit of the framework?

The following line-numbered Python code snippet is being used in reconnaissance:

Which of the following line numbers from the script MOST likely contributed to the script triggering a "probable port scan" alert in the organization's IDS?

A consulting company is completing the ROE during scoping.

Which of the following should be included in the ROE?

A new client hired a penetration-testing company for a month-long contract for various security assessments against the client's new service. The client is expecting to make the new service publicly available shortly after the assessment is complete and is planning to fix any findings, except for critical issues, after the service is made public. The client wants a simple report structure and does not want to receive daily findings.

Which of the following is most important for the penetration tester to define FIRST?

A penetration tester has been hired to perform a physical penetration test to gain access to a secure room within a client's building. Exterior reconnaissance identifies two entrances, a WiFi guest network, and multiple security cameras connected to the Internet.

Which of the following tools or techniques would BEST support additional reconnaissance?

Which of the following is the MOST common vulnerability associated with IoT devices that are directly connected to the Internet?