Free Access to CompTIA.PT0-002.v2025-09-27.q272 with Valid Practice Test (Page 47)

Question 226

A private investigation firm is requesting a penetration test to determine the likelihood that attackers can gain access to mobile devices and then exfiltrate data from those devices. Which of the following is a social-engineering method that, if successful, would MOST likely enable both objectives?

A.Send an SMS with a spoofed service number including a link to download a malicious application.
B.Exploit a vulnerability in the MDM and create a new account and device profile.
C.Perform vishing on the IT help desk to gather a list of approved device IMEIs for masquerading.
D.Infest a website that is often used by employees with malware targeted toward x86 architectures.

Question 227

A penetration tester is enumerating shares and receives the following output:

Which of the following should the penetration tester enumerate next?

A.dev
B.print$
C.home
D.notes

Question 228

A penetration tester is conducting an assessment on 192.168.1.112. Given the following output:
[ATTEMPT] target 192.168.1.112 - login "root" - pass "abcde"
[ATTEMPT] target 192.168.1.112 - login "root" - pass "edcfg"
[ATTEMPT] target 192.168.1.112 - login "root" - pass "qazsw"
[ATTEMPT] target 192.168.1.112 - login "root" - pass "tyuio"
Which of the following is the penetration tester conducting?

A.Credential stuffing
B.Brute force
C.DoS attack
D.Port scan

Question 229

Which of the following tools would be BEST suited to perform a manual web application security assessment?
(Choose two.)

A.Nessus
B.Hydra
C.OWASP ZAP
D.Burp Suite
E.BeEF
F.Nmap

Question 230

A penetration tester ran the following commands on a Windows server:

Which of the following should the tester do AFTER delivering the final report?

A.Remove the tester-created credentials.
B.Delete the scheduled batch job.
C.Downgrade the svsaccount permissions.
D.Close the reverse shell connection.

Question 226

Question 227

Question 228

Question 229

Question 230

Download PDF File