CompTIA_PT0_002_PenTest_Plus Practice Test - Set 1

Test your knowledge with this CompTIA_PT0_002_PenTest_Plus mock exam. Get real-world IT questions and prepare for certification success.

PT0-002: CompTIA PenTest+ - Exam Information

Exam Information

Exam Code

CompTIA_PT0_002_PenTest_Plus

Exam Title

PT0-002: CompTIA PenTest+

Vendor

CompTia

Difficulty

Advanced

Duration

165 Minutes

Question Format

Multiple Choice

Last Updated

March 12, 2025

Covers penetration testing, vulnerability assessment, and exploitation techniques.

Practice Test

Shop Best PT0-002: CompTIA PenTest+ Resources Worldwide Amazon

1. What is the primary purpose of a penetration test?

0
1
2
3

2. Which tool is commonly used for network scanning during a penetration test?

0
1
2
3

3. What is the first phase of a penetration test?

0
1
2
3

4. Which type of attack involves injecting malicious SQL queries?

0
1
2
3

5. What is the purpose of a vulnerability scanner?

0
1
2
3

6. Which protocol is commonly targeted during a man-in-the-middle attack?

0
1
2
3

7. What is the goal of social engineering attacks?

0
1
2
3

8. Which tool is used for exploiting known vulnerabilities?

0
1
2
3

9. What is the purpose of a reverse shell?

0
1
2
3

10. Which type of attack involves overwhelming a system with traffic?

0
1
2
3

11. What is the purpose of a password cracking tool?

0
1
2
3

12. Which type of malware spreads without user interaction?

0
1
2
3

13. What is the purpose of a firewall in network security?

0
1
2
3

14. Which type of attack involves redirecting a user to a malicious website?

0
1
2
3

15. What is the purpose of a honeypot?

0
1
2
3

16. Which type of encryption is used to secure web traffic?

0
1
2
3

17. What is the purpose of a penetration testing report?

0
1
2
3

18. Which type of attack involves exploiting session tokens?

0
1
2
3

19. What is the purpose of a vulnerability assessment?

0
1
2
3

20. Which type of attack involves injecting malicious scripts into web pages?

0
1
2
3

21. What is the purpose of a rainbow table in password cracking?

To precompute hashes for common passwords
To encrypt passwords
To store password policies
To generate strong passwords

22. Which tool is commonly used for intercepting and modifying HTTP requests?

Burp Suite
Nmap
Metasploit
Wireshark

23. What is the purpose of privilege escalation in penetration testing?

To gain higher-level access
To hide malicious activity
To spread malware
To bypass firewalls

24. Which type of attack involves modifying data packets in transit?

Packet injection
Phishing
SQL injection
Cross-site scripting

25. What is the purpose of a pivot in penetration testing?

To use a compromised system to attack others
To change IP addresses
To encrypt communications
To bypass antivirus

26. Which tool is used for wireless network penetration testing?

Aircrack-ng
Nmap
Metasploit
John the Ripper

27. What is the purpose of OSINT in penetration testing?

To gather publicly available information
To exploit vulnerabilities
To scan networks
To crack passwords

28. Which type of attack involves bypassing authentication using session tokens?

Session hijacking
Phishing
SQL injection
Buffer overflow

29. What is the purpose of a stager in malware?

To download additional malicious components
To encrypt files
To spread to other systems
To hide from detection

30. Which tool is used for brute-force attacks against SSH?

Hydra
Nmap
Wireshark
Metasploit

31. What is the purpose of a canary token in security?

To detect unauthorized access attempts
To encrypt sensitive data
To bypass firewalls
To crack passwords

32. Which type of attack involves exploiting race conditions?

TOCTOU (Time of Check to Time of Use)
SQL injection
Cross-site scripting
Phishing

33. What is the purpose of a sandbox in malware analysis?

To safely execute and observe malicious code
To encrypt malware samples
To spread malware
To bypass antivirus

34. Which tool is used for analyzing network traffic?

Wireshark
Metasploit
John the Ripper
Burp Suite

35. What is the purpose of a rootkit?

To maintain persistent access while hiding
To encrypt files for ransom
To spread to other systems
To steal credentials

36. Which type of attack involves manipulating input to overflow memory buffers?

Buffer overflow
SQL injection
Cross-site scripting
Phishing

37. What is the purpose of a C2 (Command and Control) server in malware?

To remotely control infected systems
To encrypt communications
To spread malware
To bypass firewalls

38. Which tool is used for vulnerability scanning?

Nessus
Metasploit
Aircrack-ng
John the Ripper

39. What is the purpose of DLL injection?

To execute malicious code in another process
To encrypt files
To spread malware
To hide from detection

40. Which type of attack involves exploiting misconfigured AWS S3 buckets?

Cloud storage bucket enumeration
SQL injection
Cross-site scripting
Phishing

41. What is the purpose of a watering hole attack?

To compromise a frequently visited website
To steal credentials
To encrypt files
To spread malware via email

42. Which tool is used for password spraying attacks?

Spray
Hydra
John the Ripper
Hashcat

43. What is the purpose of a beacon in malware?

To periodically call back to the C2 server
To encrypt files
To spread to other systems
To hide from detection

44. Which type of attack involves manipulating LDAP queries?

LDAP injection
SQL injection
Cross-site scripting
Buffer overflow

45. What is the purpose of a honey token?

To detect unauthorized access to data
To encrypt communications
To bypass firewalls
To crack passwords

46. Which tool is used for analyzing malware?

IDA Pro
Nmap
Wireshark
Burp Suite

47. What is the purpose of a reflective amplification attack?

To magnify DDoS traffic
To steal credentials
To spread malware
To bypass firewalls

48. Which type of attack involves exploiting insecure deserialization?

Insecure deserialization
SQL injection
Cross-site scripting
Phishing

49. What is the purpose of a pass-the-hash attack?

To authenticate using hashed credentials
To encrypt files
To spread malware
To bypass antivirus

50. Which tool is used for exploiting web applications?

Burp Suite
Nmap
Metasploit
Aircrack-ng

51. What is the purpose of a golden ticket attack?

To maintain persistent domain access
To encrypt files
To spread malware
To bypass firewalls

52. Which type of attack involves exploiting XXE vulnerabilities?

XML External Entity
SQL injection
Cross-site scripting
Buffer overflow

53. What is the purpose of a shim in persistence?

To intercept and modify API calls
To encrypt communications
To spread malware
To bypass antivirus

54. Which tool is used for cracking password hashes?

Hashcat
Nmap
Wireshark
Metasploit

55. What is the purpose of a logic bomb?

To execute malicious code when conditions are met
To encrypt files
To spread to other systems
To hide from detection

56. Which type of attack involves exploiting server-side template injection?

SSTI
SQL injection
Cross-site scripting
Phishing

57. What is the purpose of a domain fronting technique?

To hide C2 traffic behind legitimate domains
To encrypt communications
To spread malware
To bypass firewalls

58. Which tool is used for analyzing memory dumps?

Volatility
IDA Pro
Wireshark
Burp Suite

59. What is the purpose of a reflective DLL injection?

To load a DLL without calling LoadLibrary
To encrypt files
To spread malware
To bypass antivirus

60. Which type of attack involves exploiting insecure direct object references?

IDOR
SQL injection
Cross-site scripting
Buffer overflow

61. What is the purpose of a Kerberoasting attack?

To crack service account passwords
To encrypt files
To spread malware
To bypass firewalls

62. Which tool is used for analyzing PDF malware?

PDFid
Nmap
Metasploit
Aircrack-ng

63. What is the purpose of a process hollowing technique?

To replace legitimate process code with malicious code
To encrypt communications
To spread malware
To bypass antivirus

64. Which type of attack involves exploiting insecure cookies?

Session fixation
SQL injection
Cross-site scripting
Phishing

65. What is the purpose of a steganography technique in malware?

To hide malicious code within benign files
To encrypt files
To spread to other systems
To bypass firewalls

66. Which tool is used for analyzing Windows event logs?

LogParser
Wireshark
Burp Suite
Metasploit

67. What is the purpose of a pass-the-ticket attack?

To use Kerberos tickets for authentication
To encrypt files
To spread malware
To bypass antivirus

68. Which type of attack involves exploiting insecure file uploads?

Unrestricted file upload
SQL injection
Cross-site scripting
Buffer overflow

69. What is the purpose of a domain generation algorithm in malware?

To dynamically generate C2 domains
To encrypt communications
To spread to other systems
To bypass firewalls

70. Which tool is used for analyzing registry hives?

RegRipper
IDA Pro
Wireshark
Nmap

71. What is the purpose of a reflective XSS attack?

To execute scripts in a victim's browser
To steal server data
To encrypt files
To spread malware

72. Which tool is used for analyzing Java malware?

JD-GUI
Nmap
Metasploit
Aircrack-ng

73. What is the purpose of a time-based SQL injection?

To infer data by observing response times
To directly extract data
To bypass authentication
To execute system commands

74. Which type of attack involves exploiting insecure deserialization in web apps?

Insecure deserialization
SQL injection
Cross-site scripting
Phishing

75. What is the purpose of a DLL side-loading attack?

To load malicious DLLs via legitimate applications
To encrypt files
To spread malware
To bypass firewalls

76. Which tool is used for analyzing PowerShell attacks?

PowerSploit
Wireshark
Burp Suite
Metasploit

77. What is the purpose of a NOP sled in buffer overflow attacks?

To increase chances of hitting shellcode
To encrypt the payload
To bypass antivirus
To spread to other systems

78. Which type of attack involves exploiting HTTP header injection?

HTTP response splitting
SQL injection
Cross-site scripting
Buffer overflow

79. What is the purpose of a code signing certificate theft attack?

To sign malicious code as legitimate
To encrypt files
To spread malware
To bypass firewalls

80. Which tool is used for analyzing Android malware?

JADX
IDA Pro
Wireshark
Nmap

81. What is the purpose of a CSV injection attack?

To execute commands when CSV is opened
To steal data
To encrypt files
To spread malware

82. Which tool is used for analyzing .NET malware?

dnSpy
JD-GUI
Wireshark
Burp Suite

83. What is the purpose of a padding oracle attack?

To decrypt data without knowing the key
To bypass authentication
To execute commands
To spread malware

84. Which type of attack involves exploiting insecure JWT implementations?

JWT manipulation
SQL injection
Cross-site scripting
Buffer overflow

85. What is the purpose of a ghost writing attack?

To modify files without changing timestamps
To encrypt files
To spread malware
To bypass antivirus

86. Which tool is used for analyzing iOS malware?

Hopper
IDA Pro
Wireshark
Nmap

87. What is the purpose of a DNS tunneling attack?

To exfiltrate data via DNS queries
To encrypt communications
To spread malware
To bypass firewalls

88. Which type of attack involves exploiting server-side request forgery?

SSRF
SQL injection
Cross-site scripting
Phishing

89. What is the purpose of a process doppelgänging technique?

To execute malicious code by abusing process loading
To encrypt files
To spread malware
To bypass antivirus

90. Which tool is used for analyzing macro malware?

oledump.py
JD-GUI
Wireshark
Burp Suite

The CompTIA_PT0_002_PenTest_Plus certification is a globally recognized credential for IT professionals. This practice test helps you prepare by covering key topics like hardware, networking, troubleshooting, and security.

Want more practice? Check out our other mock exams:

CompTIA_CA__SecurityX
CompTIA_FC_U_IT_Fundamentals
CompTIA_CLO__Cloud_Essentials_Plus
CompTIA_CS__CySA_Plus
JN__Cloud_Specialist_JNCIS_Cloud
CompTIA_CAS__Advanced_Security_Practitioner

Support

📧 Email Support ❓ FAQ 📞 Contact Us

Legal

📄 Terms & Refund Policy 🔒 Privacy Policy ⚖️ DMCA

Company

👥 About Us 🗺️ Sitemap

Connect With Us

Follow for IT lab tutorials & certification updates

© 2025 ITCertRocket.com - Hands-On IT Lab Exercises & Certification Prep. All rights reserved.