New Year Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

  1. Home
  2. CompTIA
  3. PenTest+
  4. PT0-002 - CompTIA PenTest+ Certification Exam

PT0-002 Exam Dumps - CompTIA PenTest+ Certification Exam

Go to page:
Question # 129

PCI DSS requires which of the following as part of the penetration-testing process?

A.

The penetration tester must have cybersecurity certifications.

B.

The network must be segmented.

C.

Only externally facing systems should be tested.

D.

The assessment must be performed during non-working hours.

Full Access
Question # 130

A new client hired a penetration-testing company for a month-long contract for various security assessments against the client’s new service. The client is expecting to make the new service publicly available shortly after the assessment is complete and is planning to fix any findings, except for critical issues, after the service is made public. The client wants a simple report structure and does not want to receive daily findings.

Which of the following is most important for the penetration tester to define FIRST?

A.

Establish the format required by the client.

B.

Establish the threshold of risk to escalate to the client immediately.

C.

Establish the method of potential false positives.

D.

Establish the preferred day of the week for reporting.

Full Access
Question # 131

Which of the following describe the GREATEST concerns about using third-party open-source libraries in application code? (Choose two.)

A.

The libraries may be vulnerable

B.

The licensing of software is ambiguous

C.

The libraries’ code bases could be read by anyone

D.

The provenance of code is unknown

E.

The libraries may be unsupported

F.

The libraries may break the application

Full Access
Question # 132

Which of the following provides a matrix of common tactics and techniques used by attackers along with recommended mitigations?

A.

NIST SP 800-53

B.

OWASP Top 10

C.

MITRE ATT&CK framework

D.

PTES technical guidelines

Full Access
Question # 133

A penetration tester conducted an assessment on a web server. The logs from this session show the following:

http://www.thecompanydomain.com/servicestatus.php?serviceID=892 &serviceID=892 ‘ ; DROP TABLE SERVICES; --

Which of the following attacks is being attempted?

A.

Clickjacking

B.

Session hijacking

C.

Parameter pollution

D.

Cookie hijacking

E.

Cross-site scripting

Full Access
Go to page:

Hot Exams

ADM-201 Dumps
Platform-App-Builder Dumps
AZ-500 Dumps
350-701 Dumps
SY0-601 Dumps
NCSE-Core Dumps
PDP9 Dumps
DP-203 Dumps
AZ-700 Dumps
NSE7_EFW-7.0 Dumps
Integration-Architect Dumps
CS0-003 Dumps