COMPTIA PenTest+
Practice Test
Review CompTIA PenTest+ domains with video walkthroughs, a free PDF and online mock exam access.
Heads up: the app and the web exam use separate accounts — a web unlock and an in-app purchase do not carry over. Buy on the web to practice on the web.
CompTIA PenTest+ exam — full Q&A walkthrough
Every question read aloud with the answer explained. Play it on your commute, then test yourself.
CompTIA PenTest+ sample questions
Tap any question below to reveal the answer and a plain-English explanation.
Reconnaissance And Enumeration During a penetration test, you aim to identify potential vulnerabilities in web applications by gathering information about them, including their IP addresses. What is the FIRST step you should take?
A. Use the nmap command to scan the web application
B. Perform a Shodan search for the web application
C. Run the Nessus vulnerability scanner on the domain
D. Use the whois command to query the domain ✓
Correct — D. Answer: Use the whois command to query the domain WHOIS utilities allow penetration testers to search databases of registered domain users, providing useful information such as the IP addresses of web applications.
Engagement Management Your client wants to ensure that specific user roles have the correct access permissions based on their job functions. What type of assessment is required to verify this?
A. Red team assessment
B. Compliance-driven assessment ✓
C. Black box assessment
D. Vulnerability scanning
Correct — B. Answer: Compliance-driven assessment. Ensuring correct access permissions based on job functions often relates to industry standards and regulations, making it a compliance-driven assessment.
Attacks And Exploits During a penetration test of a Windows-based network, you manage to access a user's account and find that RDP is closed. However, you notice that port 3389/TCP is open on another machine. When attempting to connect via RDP, you are prompted for credentials. What should you do next?
A. Look for RDP credentials in the system32/config directory
B. Attempt to brute-force the RDP credentials
C. Use the same credentials from the initial user account directly on RDP
D. Look for saved RDP credentials in the Windows Credential Manager ✓
Correct — D. The correct action is to look for saved RDP credentials in the Windows Credential Manager. Windows often stores user credentials that can be reused, especially if the user frequently connects to remote machines. This approach can reveal valid credentials that allow access via RDP without brute-force attacks or other more intrusive methods.
Vulnerability Discovery And Analysis What is Burp Suite?
A. Browser plugin
B. Intercepting proxy ✓
C. Password cracking tool
D. Network scanner
Correct — B. Burp Suite is an intercepting proxy that allows you to assess the security of web applications. It helps penetration testers intercept and modify HTTP/HTTPS communication between the client and the server, providing various tools to analyze and exploit web vulnerabilities.
Reconnaissance And Enumeration If Emily has access to a network's traffic data, what method can she use to fully understand the data flow and detect potential issues?
A. Use basic monitoring tools
B. Reverse-engineer it
C. Analyze it using Wireshark ✓
D. Run a script on it
Correct — C. Answer: Analyze it using Wireshark Wireshark is a network protocol analyzer that captures and interactively explores the traffic data. It allows a deep dive into the packets to understand what is happening at the network level. Simply running the data through a script or using basic monitoring tools might not provide the detailed insights necessary. Reverse-engineering is not applicable in this context.
Engagement Management You have identified a critical vulnerability on an internal server hosting sensitive financial data. What is the most appropriate action to take?
A. Notify the client immediately ✓
B. Document the vulnerability and include it in the final report
C. Fix the vulnerability and then inform the client
D. Continue with other tests as this is not a pressing issue
Correct — A. Answer: Notify the client immediately When a pentester identifies a critical vulnerability, particularly on a server hosting sensitive information, it is essential to notify the client immediately. This allows the client to take prompt action to mitigate the risk and protect their data.
Attacks And Exploits During a pentest on a corporate network, James discovered that an internal web application displayed a long error message whenever he included double quotation marks (") in his input. The error message included portions of JavaScript code. What kind of potential vulnerability has James found?
A. Directory Traversal
B. Sensitive data exposure
C. Cross-Site Scripting (XSS) ✓
D. SQL injection
Correct — C. Answer: Cross-Site Scripting (XSS) Cross-Site Scripting (XSS) attacks involve the injection of malicious scripts into trusted websites. In this case, the error message displaying JavaScript code suggests a potential XSS vulnerability, as it indicates the application is not properly sanitizing user input. SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database, but the inclusion of JavaScript in the error message points more towards XSS. Directory traversal allows an attacker to read arbitrary files on the server, but it doesn't involve JavaScript code in error messages. Sensitive data exposure involves inadvertently exposing personal data and does not relate to error messages containing JavaScript code.
Vulnerability Discovery And Analysis You are trying to analyze a suspicious script, but the script is obfuscated and unreadable. What is an alternative approach to gather useful information from the script?
A. Without deobfuscating the script, there is no way to get anything useful from it
B. Run it and see the results
C. Run the script through an online deobfuscator and analyze the output ✓
D. Use a debugger
Correct — C. Answer: Run the script through an online deobfuscator and analyze the output You can run the script through an online deobfuscator to analyze the output and gather useful information. To be able to run a debugger and get meaningful results, you would need to first deobfuscate the script.
About the CompTIA PenTest+ test
CompTIA PenTest+ candidates are tested on IT & Cybersecurity and Reconnaissance And Enumeration, in the same format the real exam uses. Every question here comes with a plain-language explanation, so you learn why an answer is right instead of memorising it — with 1010 questions to start on.
You will be tested on
- The core topics and terminology you'll be tested on
- Rules, standards and best-practice procedures
- Real-world scenarios and how to respond
- Common mistakes and how to avoid them
How TheoryPractice helps you pass
- Real exam-style questions with instant, detailed explanations
- Full timed mock exams that mirror the real test format
- Flashcards & quiz modes from the same question bank
- Progress tracking so you know exactly when you're ready
Topics in this question bank
The core topics and terminology you'll be tested on
Rules, standards and best-practice procedures
Real-world scenarios and how to respond
Common mistakes and how to avoid them
Full CompTIA PenTest+ bank + unlimited mocks
Try 30 questions free. Unlock the complete CompTIA PenTest+ question bank, every explanation, and unlimited timed mock exams. Practice on any device.
Unlock CompTIA PenTest+ →