CompTIA PenTest+ Practice Exam Questions
And Correct Answers (Verified Answers) Plus
Rationales 2026 Q&A | Instant Download Pdf
1. Which of the following is the primary purpose of penetration
testing?
A. To monitor network traffic in real-time
B. To exploit known vulnerabilities to assess security
C. To deploy antivirus across endpoints
D. To perform routine software updates
Answer: B
Rationale: Penetration testing aims to simulate real-world attacks by
exploiting vulnerabilities to evaluate the effectiveness of security
controls, not just monitoring or maintenance.
2. During a reconnaissance phase, which technique is most likely used
to gather information without alerting the target?
A. Phishing
B. Social engineering
C. Passive scanning
D. Brute-force attacks
,Answer: C
Rationale: Passive scanning collects information without interacting
directly with the target system, minimizing the risk of detection
compared to active scanning or direct attacks.
3. Which of the following is an example of an active reconnaissance
technique?
A. Reviewing WHOIS records
B. Performing network port scans
C. Searching LinkedIn profiles
D. Reading public DNS records
Answer: B
Rationale: Active reconnaissance involves directly interacting with the
target to gather information, such as port scanning or banner
grabbing, while the other options are passive methods.
4. What is the primary goal of privilege escalation in penetration
testing?
A. To exfiltrate data from the system
B. To gain higher-level access than initially granted
C. To destroy system configurations
D. To detect phishing campaigns
,Answer: B
Rationale: Privilege escalation allows an attacker to increase access
rights to gain control over more sensitive resources, which is crucial
for testing the security posture.
5. Which of the following tools is specifically designed for password
cracking?
A. Nmap
B. Metasploit
C. John the Ripper
D. Wireshark
Answer: C
Rationale: John the Ripper is widely used for password cracking,
whereas Nmap is for scanning, Metasploit for exploitation, and
Wireshark for network packet analysis.
6. When performing a wireless penetration test, which attack targets
the authentication handshake of Wi-Fi networks?
A. Evil twin attack
B. Deauthentication attack
C. WPA handshake capture
D. Man-in-the-middle attack
, Answer: C
Rationale: Capturing a WPA handshake allows a penetration tester to
attempt offline cracking of Wi-Fi passwords, simulating attacks on
wireless authentication mechanisms.
7. Which of the following represents a common SQL injection attack
vector?
A. Inputting ' OR '1'='1' into a login field
B. Sending ICMP packets to the server
C. Capturing network traffic with Wireshark
D. Exploiting buffer overflow vulnerabilities
Answer: A
Rationale: SQL injection manipulates backend SQL queries using
crafted inputs, such as ' OR '1'='1', to bypass authentication or retrieve
unauthorized data.
8. What is the main purpose of a vulnerability scanner in a
penetration test?
A. To block unauthorized access
B. To automatically identify known security weaknesses
C. To exploit systems remotely
D. To analyze encrypted traffic
And Correct Answers (Verified Answers) Plus
Rationales 2026 Q&A | Instant Download Pdf
1. Which of the following is the primary purpose of penetration
testing?
A. To monitor network traffic in real-time
B. To exploit known vulnerabilities to assess security
C. To deploy antivirus across endpoints
D. To perform routine software updates
Answer: B
Rationale: Penetration testing aims to simulate real-world attacks by
exploiting vulnerabilities to evaluate the effectiveness of security
controls, not just monitoring or maintenance.
2. During a reconnaissance phase, which technique is most likely used
to gather information without alerting the target?
A. Phishing
B. Social engineering
C. Passive scanning
D. Brute-force attacks
,Answer: C
Rationale: Passive scanning collects information without interacting
directly with the target system, minimizing the risk of detection
compared to active scanning or direct attacks.
3. Which of the following is an example of an active reconnaissance
technique?
A. Reviewing WHOIS records
B. Performing network port scans
C. Searching LinkedIn profiles
D. Reading public DNS records
Answer: B
Rationale: Active reconnaissance involves directly interacting with the
target to gather information, such as port scanning or banner
grabbing, while the other options are passive methods.
4. What is the primary goal of privilege escalation in penetration
testing?
A. To exfiltrate data from the system
B. To gain higher-level access than initially granted
C. To destroy system configurations
D. To detect phishing campaigns
,Answer: B
Rationale: Privilege escalation allows an attacker to increase access
rights to gain control over more sensitive resources, which is crucial
for testing the security posture.
5. Which of the following tools is specifically designed for password
cracking?
A. Nmap
B. Metasploit
C. John the Ripper
D. Wireshark
Answer: C
Rationale: John the Ripper is widely used for password cracking,
whereas Nmap is for scanning, Metasploit for exploitation, and
Wireshark for network packet analysis.
6. When performing a wireless penetration test, which attack targets
the authentication handshake of Wi-Fi networks?
A. Evil twin attack
B. Deauthentication attack
C. WPA handshake capture
D. Man-in-the-middle attack
, Answer: C
Rationale: Capturing a WPA handshake allows a penetration tester to
attempt offline cracking of Wi-Fi passwords, simulating attacks on
wireless authentication mechanisms.
7. Which of the following represents a common SQL injection attack
vector?
A. Inputting ' OR '1'='1' into a login field
B. Sending ICMP packets to the server
C. Capturing network traffic with Wireshark
D. Exploiting buffer overflow vulnerabilities
Answer: A
Rationale: SQL injection manipulates backend SQL queries using
crafted inputs, such as ' OR '1'='1', to bypass authentication or retrieve
unauthorized data.
8. What is the main purpose of a vulnerability scanner in a
penetration test?
A. To block unauthorized access
B. To automatically identify known security weaknesses
C. To exploit systems remotely
D. To analyze encrypted traffic
