Comptia nwexams ace Your Pt0-002 Pentest+ Exam by Ines q228 vce pdf

Page: 12 / 32

Exam Name:	CompTIA PenTest+ Certification Exam
Exam Code:	PT0-002 Dumps
Vendor:	CompTIA	Certification:	PenTest+
Questions:	433 Q&A's	Shared By:	ines

Question 48

A security company has been contracted to perform a scoped insider-threat assessment to try to gain access to the human resources server that houses PII and salary data. The penetration testers have been given an internal network starting position.

Which of the following actions, if performed, would be ethical within the scope of the assessment?

Options:

Exploiting a configuration weakness in the SQL database

Intercepting outbound TLS traffic

Gaining access to hosts by injecting malware into the enterprise-wide update server

Leveraging a vulnerability on the internal CA to issue fraudulent client certificates

Establishing and maintaining persistence on the domain controller

Discussion

Question 49

A penetration tester has gained access to a network device that has a previously unknown IP range on an interface. Further research determines this is an always-on VPN tunnel to a third-party supplier.

Which of the following is the BEST action for the penetration tester to take?

Options:

Utilize the tunnel as a means of pivoting to other internal devices.

Disregard the IP range, as it is out of scope.

Stop the assessment and inform the emergency contact.

Scan the IP range for additional systems to exploit.

Discussion

Question 50

A penetration tester is testing input validation on a search form that was discovered on a website. Which of the following characters is the BEST option to test the website for vulnerabilities?

Options:

Comma

Double dash

Single quote

Semicolon

Discussion

Andrew

Are these dumps helpful?

Jeremiah Oct 27, 2024

Yes, Don’t worry!!! I'm confident you'll find them to be just as helpful as I did. Good luck with your exam!

Freddy

I passed my exam with flying colors and I'm confident who will try it surely ace the exam.

Aleksander Sep 26, 2024

Thanks for the recommendation! I'll check it out.

Marley

Hey, I heard the good news. I passed the certification exam!

Jaxson Oct 5, 2024

Yes, I passed too! And I have to say, I couldn't have done it without Cramkey Dumps.

Kylo

What makes Cramkey Dumps so reliable? Please guide.

Sami Aug 29, 2024

Well, for starters, they have a team of experts who are constantly updating their material to reflect the latest changes in the industry. Plus, they have a huge database of questions and answers, which makes it easy to study and prepare for the exam.

Question 51

Which of the following describe the GREATEST concerns about using third-party open-source libraries in application code? (Choose two.)

Options:

The libraries may be vulnerable

The licensing of software is ambiguous

The libraries’ code bases could be read by anyone

The provenance of code is unknown

The libraries may be unsupported

The libraries may break the application