Free Access CompTIA.PT0-002.v2024-06-12.q330 Practice Test (Page 30)

Question 141

Which of the following is most important to include in the final report of a static application-security test that was written with a team of application developers as the intended audience?

A.Executive summary of the penetration-testing methods used

B.Bill of materials including supplies, subcontracts, and costs incurred during assessment

C.Quantitative impact assessments given a successful software compromise

D.Code context for instances of unsafe typecasting operations

Question 142

Which of the following web-application security risks are part of the OWASP Top 10 v2017? (Choose two.)

A.Buffer overflows

B.Cross-site scripting

C.Race-condition attacks

D.Zero-day attacks

E.Injection flaws

F.Ransomware attacks

Question 143

A penetration tester was brute forcing an internal web server and ran a command that produced the following output:

However, when the penetration tester tried to browse the URL http://172.16.100.10:3000/profile, a blank page was displayed.
Which of the following is the MOST likely reason for the lack of output?

A.This URI returned a server error.

B.The HTTP port is not open on the firewall.

C.The tester did not run sudo before the command.

D.The web server is using HTTPS instead of HTTP.

Question 144

A penetration tester conducted a vulnerability scan against a client's critical servers and found the following:

Which of the following would be a recommendation for remediation?

A.Deploy a user training program

B.Utilize the secure software development life cycle

C.Configure access controls on each of the servers

D.Implement a patch management plan

Question 145

A penetration tester finds a PHP script used by a web application in an unprotected internal source code repository. After reviewing the code, the tester identifies the following:

Which of the following tools will help the tester prepare an attack for this scenario?

A.Hydra and crunch

B.Nmap and OWASP ZAP

C.Burp Suite and DIRB

D.Netcat and cURL

Other Version: 2304CompTIA.PT0-002.v2025-07-15.q245; 1589CompTIA.PT0-002.v2023-02-20.q55; 2323CompTIA.PT0-002.v2022-07-29.q85; 1639CompTIA.PT0-002.v2022-04-29.q49; 2006CompTIA.PT0-002.v2022-04-23.q65; 95CompTIA.Trainingdump.PT0-002.v2021-12-19.by.barlow.38q.pdf

Latest Upload: 240PaloAltoNetworks.NGFW-Engineer.v2026-05-01.q43; 335Nokia.4A0-113.v2026-05-01.q69; 346EC-COUNCIL.312-49v11.v2026-04-30.q214; 271Microsoft.MB-820.v2026-04-30.q101; 237Salesforce.MC-202.v2026-04-30.q57; 250BICSI.INSTC_V8.v2026-04-29.q53; 369NMLS.MLO.v2026-04-28.q82; 267NCARB.Project-Management.v2026-04-28.q27; 484EMC.D-AV-DY-23.v2026-04-27.q184; 1240ServiceNow.CSA.v2026-04-27.q483

Question 141

Question 142

Question 143

Question 144

Question 145

Download PDF File