Pentest+ Practice Exam: Test Your Knowledge 2025

A penetration tester is hired to assess a financial institution's network. During the initial meeting, the client requests that testing occur during business hours and that no social engineering attacks be performed against employees. Which of the following documents should formally capture these limitations?

During the scoping phase, a client asks a penetration tester to assess their external-facing web applications but explicitly excludes their payment processing system, which is managed by a third-party provider. What type of scope limitation is this considered?

A penetration tester is planning an assessment for a healthcare organization that must maintain HIPAA compliance. The organization wants to ensure that any testing does not disrupt patient care systems. Which scoping consideration is MOST critical to address?

A penetration tester runs an Nmap scan with the following command: nmap -sS -p- -T4 192.168.1.0/24. What type of scan is being performed?

During passive reconnaissance, a penetration tester discovers email addresses, employee names, and technology details about a target organization through search engines and public databases. Which technique is being utilized?

A penetration tester receives the following HTTP response header from a web server: Server: Apache/2.4.49. After researching, the tester discovers this version has a critical path traversal vulnerability (CVE-2021-41773). What should be the tester's NEXT step?

A penetration tester is conducting DNS enumeration against a target domain. Which of the following DNS record types would be MOST useful for identifying mail servers and potential targets for email-based attacks?

During a penetration test, a tester successfully performs SQL injection on a web application and retrieves the password hash: 5f4dcc3b5aa765d61d8327deb882cf99. The tester identifies this as an MD5 hash. What is the MOST effective method to crack this hash?

A penetration tester gains access to a Windows system and wants to extract password hashes from memory. Which tool would be MOST appropriate for this task?

During a web application test, a penetration tester discovers that user input is reflected in the HTML response without sanitization. The tester crafts the following payload: <script>alert(document.cookie)</script>. What type of vulnerability is being tested?

A penetration tester successfully exploits a vulnerability and establishes a reverse shell connection. However, the shell session is unstable and lacks full TTY functionality. Which technique should the tester use to upgrade to a fully interactive shell?

A penetration tester is attempting to exploit a buffer overflow vulnerability in a Linux application. The system has Address Space Layout Randomization (ASLR) enabled. Which technique would be MOST effective to bypass this protection?

During a wireless penetration test, a tester captures a WPA2 handshake by deauthenticating a connected client. What is the NEXT step to recover the wireless network password?

A penetration tester discovers an internal web application that allows file uploads. After uploading a PHP reverse shell, the tester finds that the server blocks the execution of PHP files in the upload directory. Which technique might bypass this restriction?

A penetration tester gains initial access to a corporate network and wants to move laterally to access additional systems. Which technique involves using legitimate credentials obtained from one compromised system to access other systems?

After completing a penetration test, a tester must present findings to both technical staff and executive management. Which approach is MOST appropriate for the executive summary section of the report?

A penetration tester identifies a critical SQL injection vulnerability that could allow an attacker to access sensitive customer data. During testing hours, the database administrator is unavailable. What should the tester do FIRST?

When documenting a vulnerability in a penetration test report, which of the following elements is MOST important to include for remediation purposes?

A penetration test report should categorize vulnerabilities by severity. Which factor is MOST important when determining if a vulnerability should be rated as critical versus high severity?

A penetration tester is analyzing the following code snippet from a web application: $username = $_GET['user']; $query = "SELECT * FROM users WHERE username = '$username'"; What vulnerability is present in this code?

A penetration tester needs to analyze network traffic to identify cleartext credentials being transmitted. Which tool is MOST appropriate for capturing and analyzing network packets?

During a penetration test, a tester uses Metasploit to exploit a vulnerable service. After successful exploitation, the tester wants to use the compromised system to scan internal network segments that were previously unreachable. Which Metasploit feature should be used?

A penetration tester reviews the following Python code: import os filename = input("Enter filename: ") os.system("cat " + filename) What security vulnerability exists in this code?