Certbus > CompTIA > CompTIA Certifications > PT0-003 > PT0-003 Online Practice Questions and Answers

PT0-003 Online Practice Questions and Answers

Questions 4

During a security assessment for an internal corporate network, a penetration tester wants to gain unauthorized access to internal resources by executing an attack that uses software to disguise itself as legitimate software. Which of the following host-based attacks should the tester use?

A. On-path

B. Logic bomb

C. Rootkit

D. Buffer overflow

Browse 271 Q&As
Questions 5

While performing an internal assessment, a tester uses the following command:

crackmapexec smb 192.168.1.0/24 -u user.txt -p Summer123@

Which of the following is the main purpose of the command?

A. To perform a pass-the-hash attack over multiple endpoints within the internal network

B. To perform common protocol scanning within the internal network

C. To perform password spraying on internal systems

D. To execute a command in multiple endpoints at the same time

Browse 271 Q&As
Questions 6

A penetration tester needs to collect information over the network for further steps in an internal assessment. Which of the following would most likely accomplish this goal?

A. ntlmrelayx.py -t 192.168.1.0/24 -1 1234

B. nc -tulpn 1234 192.168.1.2

C. responder.py -I eth0 -wP

D. crackmapexec smb 192.168.1.0/24

Browse 271 Q&As
Questions 7

During a security audit, a penetration tester wants to run a process to gather information about a target network's domain structure and associated IP addresses. Which of the following tools should the tester use?

A. Dnsenum

B. Nmap

C. Netcat

D. Wireshark

Browse 271 Q&As
Questions 8

A penetration tester performs a service enumeration process and receives the following result after scanning a server using the Nmap tool: PORT STATE SERVICE

22/tcp open ssh 25/tcp filtered smtp

111/tcp open rpcbind

2049/tcp open nfs

Based on the output, which of the following services provides the best target for launching an attack?

A. Database

B. Remote access

C. Email

D. File sharing

Browse 271 Q&As
Questions 9

Which of the following tasks would ensure the key outputs from a penetration test are not lost as part of the cleanup and restoration activities?

A. Preserving artifacts

B. Reverting configuration changes

C. Keeping chain of custody

D. Exporting credential data

Browse 271 Q&As
Questions 10

A company has recruited a penetration tester to conduct a vulnerability scan over the network. The test is confirmed to be on a known environment. Which of the following would be the BEST option to identify a system properly prior to performing the assessment?

A. Asset inventory B. DNS records

C. Web-application scan

D. Full scan

Browse 271 Q&As
Questions 11

A company becomes concerned when the security alarms are triggered during a penetration test. Which of the following should the company do NEXT?

A. Halt the penetration test.

B. Contact law enforcement.

C. Deconflict with the penetration tester.

D. Assume the alert is from the penetration test.

Browse 271 Q&As
Questions 12

A penetration tester needs to upload the results of a port scan to a centralized security tool.

Which of the following commands would allow the tester to save the results in an interchangeable format?

A. nmap -iL results 192.168.0.10-100

B. nmap 192.168.0.10-100 -O > results

C. nmap -A 192.168.0.10-100 -oX results

D. nmap 192.168.0.10-100 | grep "results"

Browse 271 Q&As
Questions 13

A penetration tester has identified several newly released CVEs on a VoIP call manager. The scanning tool the tester used determined the possible presence of the CVEs based off the version number of the service. Which of the following methods would BEST support validation of the possible findings?

A. Manually check the version number of the VoIP service against the CVE release

B. Test with proof-of-concept code from an exploit database

C. Review SIP traffic from an on-path position to look for indicators of compromise D. Utilize an nmap -sV scan against the service

Browse 271 Q&As
Questions 14

A penetration tester has been given eight business hours to gain access to a client's financial system. Which of the following techniques will have the highest likelihood of success?

A. Attempting to tailgate an employee going into the client's workplace

B. Dropping a malicious USB key with the company's logo in the parking lot

C. Using a brute-force attack against the external perimeter to gain a foothold

D. Performing spear phishing against employees by posing as senior management

Browse 271 Q&As
Questions 15

During an assessment, a penetration tester obtains a list of 30 email addresses by crawling the target company's website and then creates a list of possible usernames based on the email address format. Which of the following types of attacks would MOST likely be used to avoid account lockout?

A. Mask

B. Rainbow

C. Dictionary

D. Password spraying

Browse 271 Q&As
Questions 16

A penetration tester found several critical SQL injection vulnerabilities during an assessment of a client's system. The tester would like to suggest mitigation to the client as soon as possible.

Which of the following remediation techniques would be the BEST to recommend? (Choose two.)

A. Closing open services

B. Encryption users' passwords

C. Randomizing users' credentials

D. Users' input validation

E. Parameterized queries

F. Output encoding

Browse 271 Q&As
Questions 17

A security analyst needs to perform an on-path attack on BLE smart devices. Which of the following tools would be BEST suited to accomplish this task?

A. Wireshark

B. Gattacker C. tcpdump

D. Netcat

Browse 271 Q&As
Questions 18

In the process of active service enumeration, a penetration tester identifies an SMTP daemon running on one of the target company's servers. Which of the following actions would BEST enable the tester to perform phishing in a later stage of the assessment?

A. Test for RFC-defined protocol conformance.

B. Attempt to brute force authentication to the service.

C. Perform a reverse DNS query and match to the service banner.

D. Check for an open relay configuration.

Browse 271 Q&As
Exam Code: PT0-003
Exam Name: CompTIA PenTest+
Last Update: Mar 20, 2025
Questions: 271 Q&As

PDF

$49.99

VCE

$55.99

PDF + VCE

$65.99