WGU D484 Penetration Testing OA
ACTUAL EXAM PREP 2026/2027 ACCURATE
QUESTIONS WITH CORRECT DETAILED
SOLUTIONS || 100 % GUARANTEED PASS
<NEWEST VERSION>
1. A PenTester is attempting to use PowerShell remoting to issue commands to
remote systems, but it is not working. What could be the cause?
A.It is not a remote management system.
B.It is deprecated.
C.It requires PsExec.
D.It requires WinRM. - ANSWER ✔ D.It requires WinRM.
PowerShell remoting is not working because it requires that the target
system has the WinRM service set up to receive remote PowerShell
commands.
2. A PenTester wants to initiate persistence on a system. What are some
options that the PenTester can use to do this? (Select all that apply.)
A.Backdoor
B.Reverse shells
C.Log in to the system
D.Run as a service - ANSWER ✔ A.Backdoor
B.Reverse shells
D.Run as a service
The PenTester can use services which automatically start when the system
boots, but certain events can also activate them, or, less commonly, a
PenTester can start and stop services manually.
, Logging in to a system does not provide persistence access as the PenTester
can lose access if the system reboots or if the password changes.
3. Which of the following are types of technical vulnerabilities a PenTester
may identify in a Penetration Testing Execution Standard (PTES) report?
(Select all that apply.)
A.Location of a vulnerability
B.Password complexity requirements
C.OSI Layer vulnerabilities
D.Manually identified vulnerabilities - ANSWER ✔ C.OSI Layer
vulnerabilities
D.Manually identified vulnerabilities
OSI Layer vulnerabilities are a type of technical vulnerability that a
PenTester may identify when creating a report based on the Penetration
Testing Execution Standard (PTES).
Manually identified vulnerabilities are a type of technical vulnerability that a
PenTester may include in a report based on the Penetration Testing
Execution Standard (PTES).
The location of vulnerabilities is a type of logical vulnerability, not a
technical vulnerability.
4. During the penetration testing process, the PenTesting team needs to
maintain continuous communication with a representative from the client
organization to ensure immediate responses to issues that arise. With whom
from the client organization will the PenTesting team keep this constant
communication?
A.Primary contact
B.Technical contact
C.Emergency contact
, D.IT manager - ANSWER ✔ D.IT manager
5. Which of the following are types of logical vulnerabilities a PenTester may
identify in a Penetration Testing Execution Standard (PTES) report? (Select
all that apply.)
A.Scanner found vulnerabilities
B.NON-OSI vulnerabilities
C.Overall exposure
D.Type of vulnerability - ANSWER ✔ B.NON-OSI vulnerabilities
D.Type of vulnerability
NON-OSI vulnerabilities are a type of logical vulnerability that a PenTester
may identify when creating a report based on the Penetration Testing
Execution Standard (PTES).
The vulnerability type is a logical vulnerability. When creating a report
based on the Penetration Testing Execution Standard (PTES), a PenTester
would include the type of vulnerability.
6. A PenTester is creating a vulnerability report based on the PTES. What
information will the PenTester likely include in the report? (Select all that
apply.)
A.Tools used for PenTesting
B.Vulnerability classification levels
C.Technical vulnerabilities
D.Summary of results - ANSWER ✔ B.Vulnerability classification levels
C.Technical vulnerabilities
D.Summary of results
7. Although PenTesters are in the middle of an attack, they immediately supply
the organization with the report identifying findings thus far. What did the
PenTesters report on?
, A.Status report on the progress of the PenTest
B.Indicators of prior compromise
C.Reprioritization of goals for the engagement
D.Critical findings implying high risk to the organization - ANSWER ✔
D.Critical findings implying high risk to the organization
The PenTesters reported critical findings that imply a very high risk to the
organization and are urgent enough to trigger special communications.
These critical findings could include vulnerabilities that the PenTesters have
successfully exploited, indicating that an attacker could also exploit them
and cause significant harm to the organization.
8. The results of a penetration test produced a large number of possible issues.
What can a PenTesting team do to help identify false positives in a timely
manner? (Select all that apply.)
A.Validate results
B.Rely on knowledge of the system
C.Ignore common false positives
D.Research every result - ANSWER ✔ A.Validate results
B.Rely on knowledge of the system
9. A PenTesting team launched an attack against a system without using a rate-
limit making the system nearly unusable. What can the team do to mitigate
this issue?
A.Consult legal counsel
B.Deconflict
C.De-escalate
D.Goal reprioritization - ANSWER ✔ C.De-escalate
The PenTesting team can de-escalate to mitigate this issue. The team would
work together to scale back on their efforts to de-escalate the effects of the
test.
ACTUAL EXAM PREP 2026/2027 ACCURATE
QUESTIONS WITH CORRECT DETAILED
SOLUTIONS || 100 % GUARANTEED PASS
<NEWEST VERSION>
1. A PenTester is attempting to use PowerShell remoting to issue commands to
remote systems, but it is not working. What could be the cause?
A.It is not a remote management system.
B.It is deprecated.
C.It requires PsExec.
D.It requires WinRM. - ANSWER ✔ D.It requires WinRM.
PowerShell remoting is not working because it requires that the target
system has the WinRM service set up to receive remote PowerShell
commands.
2. A PenTester wants to initiate persistence on a system. What are some
options that the PenTester can use to do this? (Select all that apply.)
A.Backdoor
B.Reverse shells
C.Log in to the system
D.Run as a service - ANSWER ✔ A.Backdoor
B.Reverse shells
D.Run as a service
The PenTester can use services which automatically start when the system
boots, but certain events can also activate them, or, less commonly, a
PenTester can start and stop services manually.
, Logging in to a system does not provide persistence access as the PenTester
can lose access if the system reboots or if the password changes.
3. Which of the following are types of technical vulnerabilities a PenTester
may identify in a Penetration Testing Execution Standard (PTES) report?
(Select all that apply.)
A.Location of a vulnerability
B.Password complexity requirements
C.OSI Layer vulnerabilities
D.Manually identified vulnerabilities - ANSWER ✔ C.OSI Layer
vulnerabilities
D.Manually identified vulnerabilities
OSI Layer vulnerabilities are a type of technical vulnerability that a
PenTester may identify when creating a report based on the Penetration
Testing Execution Standard (PTES).
Manually identified vulnerabilities are a type of technical vulnerability that a
PenTester may include in a report based on the Penetration Testing
Execution Standard (PTES).
The location of vulnerabilities is a type of logical vulnerability, not a
technical vulnerability.
4. During the penetration testing process, the PenTesting team needs to
maintain continuous communication with a representative from the client
organization to ensure immediate responses to issues that arise. With whom
from the client organization will the PenTesting team keep this constant
communication?
A.Primary contact
B.Technical contact
C.Emergency contact
, D.IT manager - ANSWER ✔ D.IT manager
5. Which of the following are types of logical vulnerabilities a PenTester may
identify in a Penetration Testing Execution Standard (PTES) report? (Select
all that apply.)
A.Scanner found vulnerabilities
B.NON-OSI vulnerabilities
C.Overall exposure
D.Type of vulnerability - ANSWER ✔ B.NON-OSI vulnerabilities
D.Type of vulnerability
NON-OSI vulnerabilities are a type of logical vulnerability that a PenTester
may identify when creating a report based on the Penetration Testing
Execution Standard (PTES).
The vulnerability type is a logical vulnerability. When creating a report
based on the Penetration Testing Execution Standard (PTES), a PenTester
would include the type of vulnerability.
6. A PenTester is creating a vulnerability report based on the PTES. What
information will the PenTester likely include in the report? (Select all that
apply.)
A.Tools used for PenTesting
B.Vulnerability classification levels
C.Technical vulnerabilities
D.Summary of results - ANSWER ✔ B.Vulnerability classification levels
C.Technical vulnerabilities
D.Summary of results
7. Although PenTesters are in the middle of an attack, they immediately supply
the organization with the report identifying findings thus far. What did the
PenTesters report on?
, A.Status report on the progress of the PenTest
B.Indicators of prior compromise
C.Reprioritization of goals for the engagement
D.Critical findings implying high risk to the organization - ANSWER ✔
D.Critical findings implying high risk to the organization
The PenTesters reported critical findings that imply a very high risk to the
organization and are urgent enough to trigger special communications.
These critical findings could include vulnerabilities that the PenTesters have
successfully exploited, indicating that an attacker could also exploit them
and cause significant harm to the organization.
8. The results of a penetration test produced a large number of possible issues.
What can a PenTesting team do to help identify false positives in a timely
manner? (Select all that apply.)
A.Validate results
B.Rely on knowledge of the system
C.Ignore common false positives
D.Research every result - ANSWER ✔ A.Validate results
B.Rely on knowledge of the system
9. A PenTesting team launched an attack against a system without using a rate-
limit making the system nearly unusable. What can the team do to mitigate
this issue?
A.Consult legal counsel
B.Deconflict
C.De-escalate
D.Goal reprioritization - ANSWER ✔ C.De-escalate
The PenTesting team can de-escalate to mitigate this issue. The team would
work together to scale back on their efforts to de-escalate the effects of the
test.
