CompTIA Pentest+ Quiz Questions and Answers

Domain registration information returned on a Whois search does not include which of the following?

Answer :
  • Domain administrator GPS coordinates

Open-source intelligence (OSINT) collection frameworks are used to effectively manage sources of collected information. Which of the following best describes open-source intelligence?

Answer :
  • Any information or data obtained via publicly available sources that is used to aid or drive decision-making processes

What is the process by which large data sets are analyzed to reveal patterns or hidden anomalies?

Answer :
  • Data mining

What should be done next if the final set of security controls does not eliminate all of the risks in a given system?

Answer :
  • You should accept the risk if the residual risk is low enough

What is a legal contract outlining the confidential material or information that will be shared by the pentester and the organization during an assessment?

Answer :
  • NDA

What is not an example of a type of support resource that a pentester might receive as part of a white box assessment?

Answer :
  • PII of employees

What type of assessment seeks to validate a systems security posture against a particular checklist?

Answer :
  • Compliance-based

If you are unable to ping a target because you are receiving no response or a response that states the destination is unreachable, then ICMP may be disabled on the remote end. If you wanted to try to elicit a response from a host using TCP, what tool would you use?

Answer :
  • Hping

What system contains a publicly available set of databases with registration contact information for every domain name on the Internet?

Answer :
  • WHOIS

A penetration tester hired by a bank began searching for the bank’s IP ranges by performing lookups on the bank's DNS servers, reading news articles online about the bank, monitoring what times the bank’s employees came into and left work, searching job postings (with a special focus on the bank’s information technology jobs), and even searching the corporate office of the bank’s dumpster. Based on this description, what portion of the penetration test is being conducted?

Answer :
  • Passive information gathering