Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 65pass65

PT0-003 CompTIA PenTest+ Exam is now Stable and With Pass Result | Test Your Knowledge for Free

Exams4sure Dumps

PT0-003 Practice Questions

CompTIA PenTest+ Exam

Last Update 3 days ago
Total Questions : 336

Dive into our fully updated and stable PT0-003 practice test platform, featuring all the latest PenTest+ exam questions added this week. Our preparation tool is more than just a CompTIA study aid; it's a strategic advantage.

Our free PenTest+ practice questions crafted to reflect the domains and difficulty of the actual exam. The detailed rationales explain the 'why' behind each answer, reinforcing key concepts about PT0-003. Use this test to pinpoint which areas you need to focus your study on.

PT0-003 PDF

PT0-003 PDF (Printable)
$54.25
$154.99

PT0-003 Testing Engine

PT0-003 PDF (Printable)
$59.5
$169.99

PT0-003 PDF + Testing Engine

PT0-003 PDF (Printable)
$74.55
$212.99
Question # 11

Which of the following is a reason to use a template when creating a penetration testing report?

Options:

A.  

To articulate risks accurately

B.  

To enhance the testing approach

C.  

To contextualize collected data

D.  

To standardize needed information

E.  

To improve testing time

Discussion 0
Question # 12

A tester is performing an external phishing assessment on the top executives at a company. Two-factor authentication is enabled on the executives’ accounts that are in the scope of work. Which of the following should the tester do to get access to these accounts?

Options:

A.  

Configure an external domain using a typosquatting technique. Configure Evilginx to bypass two-factor authentication using a phishlet that simulates the mail portal for the company.

B.  

Configure Gophish to use an external domain. Clone the email portal web page from the company and get the two-factor authentication code using a brute-force attack method.

C.  

Configure an external domain using a typosquatting technique. Configure SET to bypass two-factor authentication using a phishlet that mimics the mail portal for the company.

D.  

Configure Gophish to use an external domain. Clone the email portal web page from the company and get the two-factor authentication code using a vishing method.

Discussion 0
Question # 13

A penetration tester performs a service enumeration process and receives the following result after scanning a server using the Nmap tool:

PORT STATE SERVICE

22/tcp open ssh

25/tcp filtered smtp

111/tcp open rpcbind

2049/tcp open nfs

Based on the output, which of the following services provides the best target for launching an attack?

Options:

A.  

Database

B.  

Remote access

C.  

Email

D.  

File sharing

Discussion 0
Question # 14

Which of the following describes the process of determining why a vulnerability scanner is not providing results?

Options:

A.  

Root cause analysis

B.  

Secure distribution

C.  

Peer review

D.  

Goal reprioritization

Discussion 0
Question # 15

During a security assessment of an e-commerce website, a penetration tester wants to exploit a vulnerability in the web server’s input validation that will allow unauthorized transactions on behalf of the user. Which of the following techniques would most likely be used for that purpose?

Options:

A.  

Privilege escalation

B.  

DOM injection

C.  

Session hijacking

D.  

Cross-site scripting

Discussion 0
Question # 16

Which of the following post-exploitation activities allows a penetration tester to maintain persistent access in a compromised system?

Options:

A.  

Creating registry keys

B.  

Installing a bind shell

C.  

Executing a process injection

D.  

Setting up a reverse SSH connection

Discussion 0
Question # 17

A penetration tester conducts a scan on an exposed Linux web server and gathers the following data:

Host: 192.168.55.23

Open Ports:

22/tcp Open OpenSSH 7.2p2 Ubuntu 4ubuntu2.10

80/tcp Open Apache httpd 2.4.18 (Ubuntu)

111/tcp Open rpcbind 2-4 (RPC #100000)

Additional notes:

Directory listing enabled on /admin

Apache mod_cgi enabled

No authentication required to access /cgi-bin/debug.sh

X-Powered-By: PHP/5.6.40-0+deb8u12

Which of the following is the most effective action to take?

Options:

A.  

Launch a payload using msfvenom and upload it to the /admin directory.

B.  

Review the contents of /cgi-bin/debug.sh.

C.  

Use Nikto to scan the host and port 80.

D.  

Attempt a brute-force attack against OpenSSH 7.2p2.

Discussion 0
Question # 18

A penetration tester executes multiple enumeration commands to find a path to escalate privileges. Given the following command:

find / -user root -perm -4000 -exec ls -ldb {} \; 2 > /dev/null

Which of the following is the penetration tester attempting to enumerate?

Options:

A.  

Attack path mapping

B.  

API keys

C.  

Passwords

D.  

Permission

Discussion 0
Question # 19

A penetration tester cannot find information on the target company ' s systems using common OSINT methods. The tester ' s attempts to do reconnaissance against internet-facing resources have been blocked by the company ' s WA

F.  

Which of the following is the best way to avoid the WAF and gather information about the target company ' s systems?

Options:

A.  

HTML scraping

B.  

Code repository scanning

C.  

Directory enumeration

D.  

Port scanning

Discussion 0
Question # 20

During a penetration test, a tester compromises a Windows computer. The tester executes the following command and receives the following output:

mimikatz # privilege::debug

mimikatz # lsadump::cache

---Output---

lapsUser

27dh9128361tsg2€459210138754ij

---OutputEnd---

Which of the following best describes what the tester plans to do by executing the command?

Options:

A.  

The tester plans to perform the first step to execute a Golden Ticket attack to compromise the Active Directory domain.

B.  

The tester plans to collect application passwords or hashes to compromise confidential information within the local computer.

C.  

The tester plans to use the hash collected to perform lateral movement to other computers using a local administrator hash.

D.  

The tester plans to collect the ticket information from the user to perform a Kerberoasting attack on the domain controller.

Discussion 0
Get PT0-003 dumps and pass your exam in 24 hours!

Free Exams Sample Questions