← Back to exam page

PT1-002 CompTIA PenTest+

Loading demo links...

Showing 4–6 of 10 questions

Question 4

During a penetration-testing engagement, a consultant performs reconnaissance of a client to identify potential targets for a phishing campaign. Which of the following would allow the consultant to retrieve email addresses for technical and billing contacts quickly, without triggering any of the client’s cybersecurity tools? (Choose two.)

Select all that apply, then click Submit answer.

  • Scraping social media sites

  • Using the WHOIS lookup tool

  • Crawling the client’s website

  • Phishing company employees

  • Utilizing DNS lookup tools

  • Conducting wardriving near the client facility
Question 5

Which of the following BEST describe the OWASP Top 10? (Choose two.)

Select all that apply, then click Submit answer.

  • The most critical risks of web applications

  • A list of all the risks of web applications

  • The risks defined in order of importance

  • A web-application security standard

  • A risk-governance and compliance framework

  • A checklist of Apache vulnerabilities
Question 6

A penetration tester who is doing a company-requested assessment would like to send traffic to another system using double tagging. Which of the following techniques would BEST accomplish this goal?

Select an option, then click Submit answer.

  • RFID cloning

  • RFID tagging

  • Meta tagging

  • Tag nesting