Free Access CompTIA.PT0-002.v2024-06-12.q330 Practice Test (Page 37)

Question 176

You are a penetration tester reviewing a client's website through a web browser.
INSTRUCTIONS
Review all components of the website through the browser to determine if vulnerabilities are present.
Remediate ONLY the highest vulnerability from either the certificate, source, or cookies.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Question 177

A security firm has been hired to perform an external penetration test against a company. The only information the firm received was the company name. Which of the following passive reconnaissance approaches would be MOST likely to yield positive initial results?

A.Scrape web presences and social-networking sites.

B.Runtime the company's vendor/supply chain.

C.Run a vulnerability scan against the company's external website.

D.Specially craft and deploy phishing emails to key company leaders.

Question 178

Penetration tester who was exclusively authorized to conduct a physical assessment noticed there were no cameras pointed at the dumpster for company. The penetration tester returned at night and collected garbage that contained receipts for recently purchased networking :. The models of equipment purchased are vulnerable to attack. Which of the following is the most likely next step for the penetration?

A.Alert the target company of the discovered information.

B.Verify the discovered information is correct with the manufacturer.

C.Scan the equipment and verify the findings.

D.Return to the dumpster for more information.

Question 179

A penetration tester is testing a new version of a mobile application in a sandbox environment. To intercept and decrypt the traffic between the application and the external API, the tester has created a private root CA and issued a certificate from it. Even though the tester installed the root CA into the trusted stone of the smartphone used for the tests, the application shows an error indicating a certificate mismatch and does not connect to the server. Which of the following is the
MOST likely reason for the error?

A.The API server is using SSL instead of TLS

B.TCP port 443 is not open on the firewall

C.The tester is using an outdated version of the application

D.The application has the API certificate pinned.

Question 180

A company that requires minimal disruption to its daily activities needs a penetration tester to perform information gathering around the company's web presence. Which of the following would the tester find MOST helpful in the initial information-gathering steps? (Choose two.)

A.Externally facing open ports

B.Shodan results

C.Zone transfers

D.DNS forward and reverse lookups

E.IP addresses and subdomains

F.Internet search engines

Other Version: 2304CompTIA.PT0-002.v2025-07-15.q245; 1589CompTIA.PT0-002.v2023-02-20.q55; 2323CompTIA.PT0-002.v2022-07-29.q85; 1639CompTIA.PT0-002.v2022-04-29.q49; 2006CompTIA.PT0-002.v2022-04-23.q65; 95CompTIA.Trainingdump.PT0-002.v2021-12-19.by.barlow.38q.pdf

Latest Upload: 240PaloAltoNetworks.NGFW-Engineer.v2026-05-01.q43; 335Nokia.4A0-113.v2026-05-01.q69; 346EC-COUNCIL.312-49v11.v2026-04-30.q214; 271Microsoft.MB-820.v2026-04-30.q101; 237Salesforce.MC-202.v2026-04-30.q57; 250BICSI.INSTC_V8.v2026-04-29.q53; 369NMLS.MLO.v2026-04-28.q82; 267NCARB.Project-Management.v2026-04-28.q27; 484EMC.D-AV-DY-23.v2026-04-27.q184; 1240ServiceNow.CSA.v2026-04-27.q483

Question 176

Question 177

Question 178

Question 179

Question 180

Download PDF File