TEST BANK
CompTIA PenTest+ PT0-001 Cert Guide (Certification Guide) 1st
Edition
By Omar Santos, Ron Taylor
LU
XE
LI
BR
AR
Y
, Table of Content
Chapter 1 Introduction to Ethical Hacking and Penetration Testing
Chapter 2 Planning and Scoping a Penetration Testing Assessment
Chapter 3 Information Gathering and Vulnerability Identification
Chapter 4 Social Engineering Attacks
Chapter 5 Exploiting Wired and Wireless Networks
Chapter 6 Exploiting Application-Based Vulnerabilities
LU
Chapter 7 Exploiting Local Host and Physical Security Vulnerabilities
Chapter 8 Performing Post-Exploitation Techniques
Chapter 9 Penetration Testing Tools
XE
Chapter 10 Understanding How to Finalize a Penetration Test
Chapter 11 Final Preparation
LI
BR
AR
Y
, uytrew
CompTIA® PenTest+ Cert Guide
Chapter 1 Introduction to Ethical Hacking and Penetration Testing
1) Which of these describes a scenario in which the tester starts with credentials but not full
documentation of the network infrastructure?
A) Black-box test
B) White-box test
C) Gray-box test
D) Blue-box test
Answer: C
LU
2) Which of the following would an ethical hacker not participate in?
A) Unauthorized access
B) Responsible disclosure
C) Documentation
D) Black-box testing
XE
Answer: A
3) Which of these attack types involves tricking the user into disclosing information or taking
action?
A) DDoS
B) Ransomware
LI
C) Social engineering
D) Botnet
Answer: C
BR
4) What type of attacker is most likely to be motivated purely by financial profit?
A) Hacktivist
B) Nation-state
C) Insider threat
D) Organized crime
Answer: D
AR
5) What type of attack encrypts user files until the victim pays a fee?
A) Ransomware
B) Denial of Service attack
C) Hacktivism
D) Shoulder surfing
Y
Answer: A
6) IoT devices are most susceptible to being used for what type of attack?
A) Ransomware
B) DDoS
C) Man-in-the-Middle
D) Social engineering
Answer: B
uytrewq
, uytrew
7) What type of attacker steals sensitive data and then reveals it to the public in order to
embarrass the target?
A) Kidnapper
B) Nation state
C) Organized crime
D) Hacktivist
Answer: D
8) What type of tests would be most important to conduct to find out whether hackers could use
the Internet to compromise your client’s online ordering system?
LU
A) Web application tests
B) Network infrastructure tests
C) Wireless network tests
D) Physical facility tests
Answer: A
XE
9) What type of tests would be most important to conduct to find out whether the client’s WAPs
are properly secured?
A) Web application tests
B) Network infrastructure tests
C) Wireless network tests
D) Physical facility tests
LI
Answer: C
10) What type of tests would be most important to conduct to find out whether unauthorized
people can reach the company’s server rooms?
BR
A) Web application tests
B) Network infrastructure tests
C) Wireless network tests
D) Physical facility tests
Answer: D
AR
11) What type of tests would be most important to conduct to find out whether there are any
poorly secured firewalls, routers, and switches on a LAN?
A) Web application tests
B) Network infrastructure tests
C) Wireless network tests
D) Physical facility tests
Y
Answer: B
12) Which testing methodology involves seven phases, including pre-engagement interactions,
intelligence gathering, threat modeling, and vulnerability analysis?
A) PTES
B) PCI DSS
C) Penetration Testing Framework
D) OSSTMM
Answer: A
uytrewq
CompTIA PenTest+ PT0-001 Cert Guide (Certification Guide) 1st
Edition
By Omar Santos, Ron Taylor
LU
XE
LI
BR
AR
Y
, Table of Content
Chapter 1 Introduction to Ethical Hacking and Penetration Testing
Chapter 2 Planning and Scoping a Penetration Testing Assessment
Chapter 3 Information Gathering and Vulnerability Identification
Chapter 4 Social Engineering Attacks
Chapter 5 Exploiting Wired and Wireless Networks
Chapter 6 Exploiting Application-Based Vulnerabilities
LU
Chapter 7 Exploiting Local Host and Physical Security Vulnerabilities
Chapter 8 Performing Post-Exploitation Techniques
Chapter 9 Penetration Testing Tools
XE
Chapter 10 Understanding How to Finalize a Penetration Test
Chapter 11 Final Preparation
LI
BR
AR
Y
, uytrew
CompTIA® PenTest+ Cert Guide
Chapter 1 Introduction to Ethical Hacking and Penetration Testing
1) Which of these describes a scenario in which the tester starts with credentials but not full
documentation of the network infrastructure?
A) Black-box test
B) White-box test
C) Gray-box test
D) Blue-box test
Answer: C
LU
2) Which of the following would an ethical hacker not participate in?
A) Unauthorized access
B) Responsible disclosure
C) Documentation
D) Black-box testing
XE
Answer: A
3) Which of these attack types involves tricking the user into disclosing information or taking
action?
A) DDoS
B) Ransomware
LI
C) Social engineering
D) Botnet
Answer: C
BR
4) What type of attacker is most likely to be motivated purely by financial profit?
A) Hacktivist
B) Nation-state
C) Insider threat
D) Organized crime
Answer: D
AR
5) What type of attack encrypts user files until the victim pays a fee?
A) Ransomware
B) Denial of Service attack
C) Hacktivism
D) Shoulder surfing
Y
Answer: A
6) IoT devices are most susceptible to being used for what type of attack?
A) Ransomware
B) DDoS
C) Man-in-the-Middle
D) Social engineering
Answer: B
uytrewq
, uytrew
7) What type of attacker steals sensitive data and then reveals it to the public in order to
embarrass the target?
A) Kidnapper
B) Nation state
C) Organized crime
D) Hacktivist
Answer: D
8) What type of tests would be most important to conduct to find out whether hackers could use
the Internet to compromise your client’s online ordering system?
LU
A) Web application tests
B) Network infrastructure tests
C) Wireless network tests
D) Physical facility tests
Answer: A
XE
9) What type of tests would be most important to conduct to find out whether the client’s WAPs
are properly secured?
A) Web application tests
B) Network infrastructure tests
C) Wireless network tests
D) Physical facility tests
LI
Answer: C
10) What type of tests would be most important to conduct to find out whether unauthorized
people can reach the company’s server rooms?
BR
A) Web application tests
B) Network infrastructure tests
C) Wireless network tests
D) Physical facility tests
Answer: D
AR
11) What type of tests would be most important to conduct to find out whether there are any
poorly secured firewalls, routers, and switches on a LAN?
A) Web application tests
B) Network infrastructure tests
C) Wireless network tests
D) Physical facility tests
Y
Answer: B
12) Which testing methodology involves seven phases, including pre-engagement interactions,
intelligence gathering, threat modeling, and vulnerability analysis?
A) PTES
B) PCI DSS
C) Penetration Testing Framework
D) OSSTMM
Answer: A
uytrewq
