Free Access CompTIA.PT0-002.v2022-04-29.q49 Practice Test (Page 6)

Question 21

A company that developers embedded software for the automobile industry has hired a penetration-testing team to evaluate the security of its products prior to delivery. The penetration-testing team has stated its intent to subcontract to a reverse-engineering team capable of analyzing binaries to develop proof-of-concept exploits. The software company has requested additional background investigations on the reverse- engineering team prior to approval of the subcontract. Which of the following concerns would BEST support the software company's request?

A.The reverse-engineering team may have a history of selling exploits to third parties.

B.The reverse-engineering team may use closed-source or other non-public information feeds for its analysis.

C.The reverse-engineering team will be given access to source code for analysis.

D.The reverse-engineering team may not instill safety protocols sufficient for the automobile industry.

Question 22

A penetration tester has been given eight business hours to gain access to a client's financial system. Which of the following techniques will have the highest likelihood of success?

A.Performing spear phishing against employees by posing as senior management

B.Dropping a malicious USB key with the company's logo in the parking lot

C.Attempting to tailgate an employee going into the client's workplace

D.Using a brute-force attack against the external perimeter to gain a foothold

Question 23

A company becomes concerned when the security alarms are triggered during a penetration test. Which of the following should the company do NEXT?

A.Halt the penetration test.

B.Deconflict with the penetration tester.

C.Contact law enforcement.

D.Assume the alert is from the penetration test.

Question 24

An Nmap scan shows open ports on web servers and databases. A penetration tester decides to run WPScan and SQLmap to identify vulnerabilities and additional information about those systems.
Which of the following is the penetration tester trying to accomplish?

A.Identity all the vulnerabilities in the environment.

B.Uncover potential criminal activity based on the evidence gathered.

C.Limit invasiveness based on scope.

D.Maintain confidentiality of the findings.

Question 25

In the process of active service enumeration, a penetration tester identifies an SMTP daemon running on one of the target company's servers. Which of the following actions would BEST enable the tester to perform phishing in a later stage of the assessment?

A.Attempt to brute force authentication to the service.

B.Perform a reverse DNS query and match to the service banner.

C.Test for RFC-defined protocol conformance.

D.Check for an open relay configuration.

Other Version: 714CompTIA.PT0-002.v2025-07-15.q245; 1398CompTIA.PT0-002.v2024-06-12.q330; 1159CompTIA.PT0-002.v2023-02-20.q55; 1745CompTIA.PT0-002.v2022-07-29.q85; 1522CompTIA.PT0-002.v2022-04-23.q65; 95CompTIA.Trainingdump.PT0-002.v2021-12-19.by.barlow.38q.pdf

Latest Upload: 101OCEG.GRCP.v2025-09-11.q211; 101HP.HPE0-V27.v2025-09-11.q78; 117Oracle.1Z0-1057-23.v2025-09-10.q47; 150Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 131SAP.C-S4EWM-2023.v2025-09-08.q83; 164TheSecOpsGroup.CNSP.v2025-09-08.q20; 222CFAInstitute.ESG-Investing.v2025-09-08.q173; 157PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 146Salesforce.Data-Architect.v2025-09-05.q216; 141Adobe.AD0-E605.v2025-09-05.q50

Question 21

Question 22

Question 23

Question 24

Question 25

Download PDF File