CompTIA PenTest

Question 1

The CompTIA PenTest+ PT0-003 certification is considered which level of certification for technical professionals performing penetration testing and vulnerability management?

Answer 1

intermediate-level

Question 2

A penetration tester needs a signed document from the network owner that explicitly identifies the authorized testers and permits the assessment. What document is this?

Answer 2

Authorization to proceed

Question 3

Define penetration testing.

Answer 3

A simulated cyber attack against a system to identify vulnerabilities.

Question 4

What does OSINT stand for?

Answer 4

Open Source Intelligence; information gathered from publicly available sources.

Question 5

True or false: Social engineering relies on human interaction to breach security.

Answer 5

TRUE

Techniques include phishing and pretexting.

Question 6

Fill in the blank: Nmap is a popular _______ tool.

Answer 6

network scanning

Question 7

What is the purpose of vulnerability scanning?

Answer 7

To identify and assess security weaknesses in systems.

Question 8

Define exploit.

Answer 8

A piece of software or code that takes advantage of a vulnerability.

Question 9

What is a red team?

Answer 9

A group that simulates real-world attacks to test defenses.

Question 10

True or false: Blue teams are responsible for defending against attacks.

Answer 10

TRUE

They monitor, detect, and respond to threats.

Question 11

What does CVE stand for?

Answer 11

Common Vulnerabilities and Exposures; a list of publicly known cybersecurity vulnerabilities.

Question 12

Fill in the blank: Phishing is a type of _______ attack.

Answer 12

social engineering

Question 13

What is a payload in cybersecurity?

Answer 13

The part of malware that performs the intended malicious action.

Question 14

Define risk assessment.

Answer 14

The process of identifying and analyzing potential risks to an organization.

Question 15

What is the purpose of reporting in penetration testing?

Answer 15

To document findings, vulnerabilities, and recommendations for remediation.

Question 16

True or false: SQL injection is a web application vulnerability.

Answer 16

TRUE

It allows attackers to manipulate database queries.

Question 17

What does DDoS stand for?

Answer 17

Distributed Denial of Service; an attack that overwhelms a target with traffic.

Question 18

Fill in the blank: Metasploit is a framework for _______ testing.

Answer 18

penetration

Question 19

What is social engineering?

Answer 19

Manipulating individuals to gain confidential information or access.

Question 20

Define network segmentation.

Answer 20

Dividing a network into smaller parts to improve security and performance.

Question 21

What is the CIA triad?

Answer 21

Confidentiality, Integrity, and Availability; key principles of information security.

Question 22

True or false: Brute force attacks involve guessing passwords systematically.

Answer 22

TRUE

They can be time-consuming and resource-intensive.

Question 23

What is a honeypot?

Answer 23

A decoy system designed to attract and trap attackers.

Question 24

Fill in the blank: Encryption is the process of converting data into _______ format.

Answer 24

secure

Question 25

What is **two-factor authentication** (2FA)?

Answer 25

A security process requiring two forms of verification to access an account.

Question 26

Define **zero-day vulnerability**.

Answer 26

A flaw that is exploited before the vendor releases a fix.

Question 27

What is the role of a **security policy**?

Answer 27

To outline an organization's security requirements and protocols.

Question 28

True or false: **Malware** can include viruses, worms, and ransomware.

Answer 28

TRUE ## Footnote All are types of malicious software.

Question 29

What is **credential stuffing**?

Answer 29

Using stolen credentials to gain unauthorized access to accounts.