CompTIA PenTest+ Practice Exam —
Questions And Correct Answers (Verified
Answers) Plus Rationales 2025/2026 Q&A
Instant Download Pdf.
1. Which of the following best describes a black-box penetration test?
A. The tester has full network diagrams and credentials
B. The tester knows internal configurations and systems
C. The tester has no prior knowledge of the environment
D. The tester works as an internal employee
Black-box testing simulates an external attacker with no internal knowledge of
the systems.
2. What is the primary goal of a penetration test?
A. To find every vulnerability in the system
B. To disrupt system operations
C. To identify and exploit vulnerabilities to determine actual risk
D. To replace vulnerability scanning
Pen testing validates exploitable risks, not all vulnerabilities.
3. During a web application test, which HTTP method is most likely to be
exploited for data exfiltration?
A. GET
B. HEAD
C. PUT
D. TRACE
The PUT method allows file uploads, which can be abused for data exfiltration
or web shell uploads.
,4. What type of social engineering attack involves leaving infected USB drives
in public areas?
A. Pretexting
B. Phishing
C. Baiting
D. Vishing
Baiting entices victims with a physical item, like an infected USB drive.
5. Which tool is best used to capture and modify web application requests in
real-time?
A. Wireshark
B. Nmap
C. Burp Suite
D. Metasploit
Burp Suite intercepts, modifies, and replays HTTP/S requests for web app
testing.
6. Which of the following is a post-exploitation activity?
A. Banner grabbing
B. Port scanning
C. Privilege escalation
D. Footprinting
Post-exploitation focuses on escalating privileges, persistence, and data
extraction.
7. A tester uses the -sS flag in Nmap. What type of scan is performed?
A. UDP scan
B. SYN stealth scan
C. TCP connect scan
D. Version detection
The -sS flag performs a half-open SYN scan, which is stealthier.
, 8. What framework provides a structured way to emulate real-world
adversaries?
A. NIST CSF
B. CIS Controls
C. MITRE ATT&CK
D. ISO 27001
MITRE ATT&CK maps adversary tactics, techniques, and procedures (TTPs).
9. Which type of penetration testing agreement allows full exploitation
without notifying administrators?
A. Rules of Engagement (ROE)
B. Red team engagement
C. White-box test
D. Bug bounty program
Red team engagements simulate real-world attacks with minimal disclosure.
10. During OSINT gathering, which tool would best identify subdomains?
A. Hydra
B. Netcat
C. theHarvester
D. Wireshark
theHarvester collects emails, subdomains, and hostnames from public sources.
11. What is the purpose of using Metasploit’s meterpreter payload?
A. To enumerate ports
B. To scan vulnerabilities
C. To maintain control and execute commands post-exploitation
D. To crack passwords
Meterpreter provides a stealthy, in-memory shell for remote control.
12. Which tool is primarily used for password cracking?
Questions And Correct Answers (Verified
Answers) Plus Rationales 2025/2026 Q&A
Instant Download Pdf.
1. Which of the following best describes a black-box penetration test?
A. The tester has full network diagrams and credentials
B. The tester knows internal configurations and systems
C. The tester has no prior knowledge of the environment
D. The tester works as an internal employee
Black-box testing simulates an external attacker with no internal knowledge of
the systems.
2. What is the primary goal of a penetration test?
A. To find every vulnerability in the system
B. To disrupt system operations
C. To identify and exploit vulnerabilities to determine actual risk
D. To replace vulnerability scanning
Pen testing validates exploitable risks, not all vulnerabilities.
3. During a web application test, which HTTP method is most likely to be
exploited for data exfiltration?
A. GET
B. HEAD
C. PUT
D. TRACE
The PUT method allows file uploads, which can be abused for data exfiltration
or web shell uploads.
,4. What type of social engineering attack involves leaving infected USB drives
in public areas?
A. Pretexting
B. Phishing
C. Baiting
D. Vishing
Baiting entices victims with a physical item, like an infected USB drive.
5. Which tool is best used to capture and modify web application requests in
real-time?
A. Wireshark
B. Nmap
C. Burp Suite
D. Metasploit
Burp Suite intercepts, modifies, and replays HTTP/S requests for web app
testing.
6. Which of the following is a post-exploitation activity?
A. Banner grabbing
B. Port scanning
C. Privilege escalation
D. Footprinting
Post-exploitation focuses on escalating privileges, persistence, and data
extraction.
7. A tester uses the -sS flag in Nmap. What type of scan is performed?
A. UDP scan
B. SYN stealth scan
C. TCP connect scan
D. Version detection
The -sS flag performs a half-open SYN scan, which is stealthier.
, 8. What framework provides a structured way to emulate real-world
adversaries?
A. NIST CSF
B. CIS Controls
C. MITRE ATT&CK
D. ISO 27001
MITRE ATT&CK maps adversary tactics, techniques, and procedures (TTPs).
9. Which type of penetration testing agreement allows full exploitation
without notifying administrators?
A. Rules of Engagement (ROE)
B. Red team engagement
C. White-box test
D. Bug bounty program
Red team engagements simulate real-world attacks with minimal disclosure.
10. During OSINT gathering, which tool would best identify subdomains?
A. Hydra
B. Netcat
C. theHarvester
D. Wireshark
theHarvester collects emails, subdomains, and hostnames from public sources.
11. What is the purpose of using Metasploit’s meterpreter payload?
A. To enumerate ports
B. To scan vulnerabilities
C. To maintain control and execute commands post-exploitation
D. To crack passwords
Meterpreter provides a stealthy, in-memory shell for remote control.
12. Which tool is primarily used for password cracking?
