Winter Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

CompTIA PT0-003 Actual Questions

Page: 6 / 10
Total 131 questions

CompTIA PenTest+ Exam Questions and Answers

Question 21

A tester performs a vulnerability scan and identifies several outdated libraries used within the customer SaaS product offering. Which of the following types of scans did the tester use to identify the libraries?

Options:

A.

IAST

B.

SBOM

C.

DAST

D.

SAST

Question 22

A penetration tester attempts to run an automated web application scanner against a target URL. The tester validates that the web page is accessible from a different device. The tester analyzes the following HTTP request header logging output:

200; GET /login.aspx HTTP/1.1 Host: foo.com; User-Agent: Mozilla/5.0

200; GET /login.aspx HTTP/1.1 Host: foo.com; User-Agent: Mozilla/5.0

No response; POST /login.aspx HTTP/1.1 Host: foo.com; User-Agent: curl

200; POST /login.aspx HTTP/1.1 Host: foo.com; User-Agent: Mozilla/5.0

No response; GET /login.aspx HTTP/1.1 Host: foo.com; User-Agent: python

Which of the following actions should the tester take to get the scans to work properly?

Options:

A.

Modify the scanner to slow down the scan.

B.

Change the source IP with a VPN.

C.

Modify the scanner to only use HTTP GET requests.

D.

Modify the scanner user agent.

Question 23

A penetration tester needs to evaluate the order in which the next systems will be selected for testing. Given the following output:

Which of the following targets should the tester select next?

Options:

A.

fileserver

B.

hrdatabase

C.

legaldatabase

D.

financesite

Question 24

A consultant starts a network penetration test. The consultant uses a laptop that is hardwired to the network to try to assess the network with the appropriate tools. Which of the following should the consultant engage first?

Options:

A.

Service discovery

B.

OS fingerprinting

C.

Host discovery

D.

DNS enumeration

Page: 6 / 10
Total 131 questions