20:00

PDF|

Guide for CompTIA PenTest+

Quiz CompTIA PenTest+

Free Test
/ 10

Quiz

1/10
Engagement Management
During the initial scoping phase, a penetration tester receives a Scope of Work (SOW) that lists target IP ranges but lacks detail on business hours, firewall policies, and incident response procedures. What is the primary risk of proceeding with testing under these conditions?
Select the answer
1 correct answer
A.
The tester cannot document findings accurately
B.
Unplanned downtime or security incidents may trigger uncontrolled incident response
C.
The client's network will be permanently compromised
D.
The testing scope becomes too broad to complete

Quiz

2/10
Reconnaissance and Enumeration
An attacker runs an Nmap scan with the SYN flag (-sS) against a target range and observes that most responses show RST/ACK in the TCP window field rather than SYN/ACK. What does this pattern indicate?
Select the answer
1 correct answer
A.
The target is running a stateful firewall that filters inbound SYN packets
B.
The target hosts are offline and unreachable
C.
The target is using a firewall rule that resets connections instead of silently dropping them
D.
The Nmap scan is misconfigured and should use UDP instead

Quiz

3/10
Vulnerability Discovery and Analysis
While scanning a target web application with Burp Suite, the penetration tester discovers that the application reflects user input directly in HTTP response headers without sanitization. The input is a custom header that is not displayed in the browser console. What is the primary security concern?
Select the answer
1 correct answer
A.
Cross-site scripting (XSS) vulnerability in the header response
B.
SQL injection vulnerability in the application logic
C.
Cache poisoning or header injection attacks
D.
Denial of service through header overflow

Quiz

4/10
Attacks and Exploits
A penetration tester gains code execution on a Windows server and uses the command `token::elevate` in Mimikatz to escalate privileges. The output shows "ERROR kuhl_m_privilege_elevate_process ; GetTokenInformation". What is the most likely cause?
Select the answer
1 correct answer
A.
Mimikatz is not installed correctly on the target
B.
The current process token does not have SeImpersonatePrivilege or SeAssignPrimaryTokenPrivilege
C.
The Windows firewall is blocking Mimikatz execution
D.
The target has disabled all privilege escalation mechanisms

Quiz

5/10
Post-exploitation and Lateral Movement
After compromising a workstation in an Active Directory environment, the attacker runs BloodHound to map the network. The analysis shows the compromised user has "CanRDP" access to a high-value server. However, when the attacker attempts RDP, the connection is refused. Which factor is most likely preventing the connection?
Select the answer
1 correct answer
A.
The server has not been booted yet
B.
Network segmentation or host firewall rules are blocking RDP traffic
C.
BloodHound miscalculated the privilege relationship
D.
The RDP service is running on a non-standard port

Quiz

6/10
Engagement Management
A penetration testing firm agrees to conduct an assessment but the client's Master Service Agreement (MSA) does not include provisions for liability caps or protection against claims arising from the testing activities. What action should the penetration tester take?
Select the answer
1 correct answer
A.
Proceed immediately with testing to establish a good working relationship
B.
Request clarification and amendment of the MSA before beginning any testing activities
C.
Assume the client accepts full liability and begin testing
D.
Suggest a smaller scope to reduce overall risk

Quiz

7/10
Reconnaissance and Enumeration
A penetration tester uses ffuf to brute-force directory names on a target web server and discovers a directory named `.git`. What information could be exposed through this discovery?
Select the answer
1 correct answer
A.
Git commit history, source code, and developer credentials
B.
Only the Git configuration file with no sensitive data
C.
Database schemas and encrypted passwords
D.
The server's operating system version

Quiz

8/10
Vulnerability Discovery and Analysis
While testing a cloud application, a security researcher discovers that the AWS EC2 instance metadata service (IMDS) is accessible without authentication. The instance is running an application that accepts user-supplied URLs for image processing. What is the risk?
Select the answer
1 correct answer
A.
The attacker cannot access IMDS because it requires SSL/TLS encryption
B.
An attacker can use SSRF to retrieve temporary AWS credentials from IMDSv1
C.
The metadata service only contains non-sensitive environment variables
D.
EC2 instances automatically block internal metadata queries

Quiz

9/10
Attacks and Exploits
A penetration tester discovers a domain controller is vulnerable to AS-REP roasting. The tester cracks the hash of user "svc_account" offline and gains the account's plaintext password. What is the next logical step in the attack chain?
Select the answer
1 correct answer
A.
Attempt to use the svc_account credentials to access file shares and escalate privileges
B.
Immediately report the finding without further testing
C.
Use the password to reset all other user passwords in the domain
D.
Export the domain controller's ntds.dit file

Quiz

10/10
Post-exploitation and Lateral Movement
After obtaining domain admin credentials through credential theft, an attacker executes DCSync attack using Mimikatz to replicate the entire Active Directory database. The client's SOC detects the abnormal replication traffic but does not immediately block it. What is the primary impact of this delay?
Select the answer
1 correct answer
A.
The attacker can only steal the current admin password
B.
The attacker obtains password hashes for all users in the domain
C.
The attack is automatically prevented by the domain controller
D.
The SOC has sufficient time to patch all vulnerabilities
Looking for more questions?Buy now

CompTIA PenTest+ Practice test unlocks all online simulator questions

Thank you for choosing the free version of the CompTIA PenTest+ practice test! Further deepen your knowledge on CompTIA Simulator; by unlocking the full version of our CompTIA PenTest+ Simulator you will be able to take tests with over 200 constantly updated questions and easily pass your exam. 98% of people pass the exam in the first attempt after preparing with our 200 questions.

BUY NOW

What to expect from our CompTIA PenTest+ practice tests and how to prepare for any exam?

The CompTIA PenTest+ Simulator Practice Tests are part of the CompTIA Database and are the best way to prepare for any CompTIA PenTest+ exam. The CompTIA PenTest+ practice tests consist of 200 questions and are written by experts to help you and prepare you to pass the exam on the first attempt. The CompTIA PenTest+ database includes questions from previous and other exams, which means you will be able to practice simulating past and future questions. Preparation with CompTIA PenTest+ Simulator will also give you an idea of the time it will take to complete each section of the CompTIA PenTest+ practice test . It is important to note that the CompTIA PenTest+ Simulator does not replace the classic CompTIA PenTest+ study guides; however, the Simulator provides valuable insights into what to expect and how much work needs to be done to prepare for the CompTIA PenTest+ exam.

BUY NOW

CompTIA PenTest+ Practice test therefore represents an excellent tool to prepare for the actual exam together with our CompTIA practice test . Our CompTIA PenTest+ Simulator will help you assess your level of preparation and understand your strengths and weaknesses. Below you can read all the quizzes you will find in our CompTIA PenTest+ Simulator and how our unique CompTIA PenTest+ Database made up of real questions:

Info quiz:

  • Quiz name:CompTIA PenTest+
  • Total number of questions:200
  • Number of questions for the test:50
  • Pass score:80%

You can prepare for the CompTIA PenTest+ exams with our mobile app. It is very easy to use and even works offline in case of network failure, with all the functions you need to study and practice with our CompTIA PenTest+ Simulator.

Use our Mobile App, available for both Android and iOS devices, with our CompTIA PenTest+ Simulator . You can use it anywhere and always remember that our mobile app is free and available on all stores.

Our Mobile App contains all CompTIA PenTest+ practice tests which consist of 200 questions and also provide study material to pass the final CompTIA PenTest+ exam with guaranteed success. Our CompTIA PenTest+ database contain hundreds of questions and CompTIA Tests related to CompTIA PenTest+ Exam. This way you can practice anywhere you want, even offline without the internet.

BUY NOW