Log in Start practising free
CompTIA PenTest+

Tools & Code Analysis

38 free practice questions with explanations

Practise all 38 questions free →

PassNova has 38 free CompTIA PenTest+ practice questions on Tools & Code Analysis, each with a clear explanation. Practise them in the browser with instant feedback — 100% free, no sign-up, on any device. Updated for 2026.

Sample questions

Tools & Code Analysis: example questions & answers

Here are 6 example questions from this topic. Practise the full set of 38 free in the browser.

  1. Which framework is MOST commonly used to develop and launch exploits with modular payloads during a penetration test?

    • A Nessus
    • B Autopsy
    • C Metasploit
    • D Wireshark

    Answer: Metasploit is an exploitation framework providing a large library of exploits, payloads (such as Meterpreter), and post-exploitation modules, making it central to many engagements.

  2. A tester wants to crack captured password hashes using GPU acceleration. Which tool is designed for this?

    • A Burp Suite
    • B Nikto
    • C hashcat
    • D Nmap

    Answer: hashcat is a high-performance password recovery tool that leverages GPU acceleration to crack a wide range of hash types using dictionary, mask, and brute-force attacks.

  3. Which tool functions as an intercepting proxy for analysing and modifying HTTP/HTTPS traffic during web application testing?

    • A Aircrack-ng
    • B Burp Suite
    • C John the Ripper
    • D Hydra

    Answer: Burp Suite acts as a man-in-the-middle proxy that lets testers intercept, inspect, and modify web requests and responses, supporting tasks like parameter tampering and scanning.

  4. Consider this Bash snippet: for i in $(seq 1 254); do ping -c 1 192.168.1.$i; done. What is its purpose?

    • A To brute-force SSH passwords
    • B To ping every host in the 192.168.1.0/24 range (a host sweep)
    • C To delete files in a directory
    • D To start a web server

    Answer: The loop iterates the last octet from 1 to 254 and sends one ICMP echo to each address, performing a simple ping sweep to discover live hosts on the subnet.

  5. A tester runs Hydra against an SSH service. What is Hydra being used for?

    • A Online brute-force / password guessing against a network service
    • B Disassembling binaries
    • C Generating SSL certificates
    • D Packet capture

    Answer: Hydra is a fast online password-cracking tool that performs brute-force and dictionary attacks against network services such as SSH, FTP, and HTTP login forms.

  6. Which tool is a web server scanner that checks for thousands of potentially dangerous files, outdated software, and common misconfigurations?

    • A Nikto
    • B Hashcat
    • C Responder
    • D Mimikatz

    Answer: Nikto is an open-source web server scanner that tests for dangerous files, outdated server components, and configuration issues, providing a quick baseline of web findings.

Start practising Tools & Code Analysis →
More CompTIA PenTest+ topics

Practise another topic

Attacks & Exploits52 questions Information Gathering & Vulnerability Scanning46 questions Planning & Scoping36 questions Reporting & Communication28 questions
← Back to CompTIA PenTest+