PT0-003 by CompTIA Actual Free Exam Questions And Answers

Question 1

A penetration tester wants to automatically enumerate all ciphers permitted on TLS/SSL configurations across a client's internet-facing and internal web servers. Which of the following tools or frameworks best supports this objective?

A. Shodan

B. Burp Suite

C. Nmap Scripting Engine

D. Impacket

E. Netcat

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 2

During an internal penetration test, a tester compromises a Windows OS-based endpoint and bypasses the defensive mechanisms. The tester also discovers that the endpoint is part of an Active Directory (AD) local domain.
The tester's main goal is to leverage credentials to authenticate into other systems within the Active Directory environment.
Which of the following steps should the tester take to complete the goal?

A. Use Evil-WinRM to access other systems in the network within the endpoint credentials

B. Use Metasploit to create and execute a payload and try to upload the payload into other systems

C. Use Hashcat to crack a password for the local user on the compromised endpoint

D. Use Mimikatz to collect information about the accounts and try to authenticate in other systems

Discussion 0

Correct Answer: D Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 3

A penetration testing team needs to determine whether it is possible to disrupt the wireless communications for PCs deployed in the client ' s offices. Which of the following techniques should the penetration tester leverage?

A. Channel scanning

B. ARP poisoning

C. Port mirroring

D. Sidecar scanning

Discussion 0

Correct Answer: A Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 4

A penetration tester identifies the following open ports during a network enumeration scan:
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
443/tcp open https
27017/tcp open mongodb
50123/tcp open ms-rpc
Which of the following commands did the tester use to get this output?

A. nmap -sV 10.10.10.10

B. nmap -sV -Pn -p- 10.10.10.10

C. nmap -Pn -w 10.10.10.10

D. nmap -Pn -A 10.10.10.10

Discussion 0

Correct Answer: B Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 5

During a vulnerability assessment, a penetration tester configures the scanner sensor and performs the initial vulnerability scanning under the client ' s internal network. The tester later discusses the results with the client, but the client does not accept the results. The client indicates the host and assets that were within scope are not included in the vulnerability scan results. Which of the following should the tester have done?

A. Configured all the TCP ports on the scan.

B. Rechecked the scanner configuration.

C. Used a different scan engine.

D. Performed a discovery scan.

Discussion 0

Correct Answer: D Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 6

A penetration tester writes the following script to enumerate a 1724 network:
1 #!/bin/bash
2 for i in {1..254}; do
3 ping -c1 192.168.1.$i
4 done
The tester executes the script, but it fails with the following error:
-bash: syntax error near unexpected token `ping '
Which of the following should the tester do to fix the error?

A. Replace $i with ${i}.

B. Replace {1..254} with $(seq 1 254).

C. Replace bash with tsh.

D. Add do after line 2.

Discussion 0

Correct Answer: B Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 7

A penetration tester discovers evidence of an advanced persistent threat on the network that is being tested.
Which of the following should the tester do next?

A. Analyze the finding.

B. Report the finding.

C. Remove the threat.

D. Document the finding and continue testing.

Discussion 0

Correct Answer: B Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 8

A penetration tester uses Burp Suite to send the following request:
POST /loginPage HTTP/1.1
Host: 10.10.100.1:443
User-Agent: Mozilla/5.0 (X11; Linux;)
Accept: application/json, text/javascript, *
Cookie: as=ausnHsdyh6aBda
Connection: Close
{ " user " : " admin " , " password " : " admin ' or ' " }
Which of the following options best describes what the tester is executing?

A. Session hijack

B. Cross-site scripting

C. SQL injection

D. Brute-force attack on usernames or/and password

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 9

A penetration tester wants to perform static analysis of a Java application. The tester has a copy of the archive file. Which of the following must the tester do first to accomplish this goal?

A. Decompile the bytecode.

B. Perform a fuzz test the archive file.

C. Convert the archive file to a .so file.

D. Disassemble the Java interpreter.

Discussion 0

Correct Answer: A Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 10

A penetration tester needs to help create a threat model of a custom application. Which of the following is the most likely framework the tester will use?

A. MITRE ATT & CK

B. OSSTMM

C. CI/CD

D. DREAD

Discussion 0

Correct Answer: D Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 11

A penetration tester has been provided with only the public domain name and must enumerate additional information for the public-facing assets.
INSTRUCTIONS
Select the appropriate answer(s), given the output from each section.
Output 1

Discussion 0

Correct Answer:

See all the solutions below in Explanation.
Explanation:
A screenshot of a computer Description automatically generated

A screenshot of a computer Description automatically generated

Question 12

Which of the following is within the scope of proper handling and most crucial when working on a penetration testing report?

A. Making the report clear for all objectives with a precise executive summary

B. Basing the recommendation on the risk score in the report

C. Keeping both video and audio of everything that is done

D. Keeping the report to a maximum of 5 to 10 pages in length

Discussion 0

Correct Answer: A Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 13

A penetration tester completes a scan and sees the following Nmap output on a host:
Nmap scan report for victim (10.10.10.10)
Host is up (0.0001s latency)
PORT STATE SERVICE
161/udp open snmp
445/tcp open microsoft-ds
3389/tcp open ms-wbt-server
Running Microsoft Windows 7
OS CPE: cpe:/o:microsoft:windows_7::sp0
The tester wants to obtain shell access. Which of the following related exploits should the tester try first?

A. exploit/windows/smb/ms17_010_eternalblue

B. exploit/windows/smb/psexec

C. exploit/windows/smb/ms08_067_netapi

D. auxiliary/scanner/snmp/snmp_login

Discussion 0

Correct Answer: A Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 14

During an engagement, a penetration tester runs the following command against the host system:
host -t axfr domain.com dnsl.domain.com
Which of the following techniques best describes what the tester is doing?

A. Zone transfer

B. DNS poisoning

C. Host enumeration

D. DNS query

Discussion 0

Correct Answer: A Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

CompTIA PenTest+ - PT0-003 Exam Practice Test

Contact Us

Useful Links

Latest Updated