Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home CompTIA PT0-003

CompTIA PT0-003 Exam Practice Questions (P. 1)

  • Full Access (344 questions)
  • One Year of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #1
A penetration tester wants to send a specific network packet with custom flags and sequence numbers to a vulnerable target. Which of the following should the tester use?
  1. A
    tcprelay
  2. B
    Bluecrack
  3. C
    Scapy
  4. D
    tcpdump

Correct Answer: C ?️

Question #2
Which of the following explains the reason a tester would opt to use DREAD over PTES during the planning phase of a penetration test?
  1. A
    The tester is conducting a web application test.
  2. B
    The tester is assessing a mobile application.
  3. C
    The tester is evaluating a thick client application.
  4. D
    The tester is creating a threat model.

Correct Answer: D ?️

Question #3
A penetration tester is performing a security review of a web application. Which of the following should the tester leverage to identify the presence of vulnerable open-source libraries?
  1. A
    VM
  2. B
    IAST
  3. C
    DAST
  4. D
    SCA

Correct Answer: D ?️

Question #4
A penetration tester finds that an application responds with the contents of the /etc/passwd file when the following payload is sent:

Which of the following should the tester recommend in the report to best prevent this type of vulnerability?
  1. A
    Drop all excessive file permissions with chmod o-rwx.
  2. B
    Ensure the requests application access logs are reviewed frequently.
  3. C
    Disable the use of external entities.
  4. D
    Implement a WAF to filter all incoming requests.

Correct Answer: C ?️

Question #5
A penetration tester is conducting reconnaissance for an upcoming assessment of a large corporate client. The client authorized spear phishing in the rules of engagement. Which of the following should the tester do first when developing the phishing campaign?
  1. A
    Shoulder surfing
  2. B
    Recon-ng
  3. C
    Social media
  4. D
    Password dumps

Correct Answer: C ?️

Question #6
A penetration tester needs to test a very large number of URLs for public access. Given the following code snippet:

Which of the following changes is required?
  1. A
    The condition on line 6
  2. B
    The method on line 5
  3. C
    The import on line 1
  4. D
    The delimiter in line 3

Correct Answer: A ?️

Question #7
During a penetration test, a tester captures information about an SPN account. Which of the following attacks requires this information as a prerequisite to proceed?
  1. A
    Golden Ticket
  2. B
    Kerberoasting
  3. C
    DCShadow
  4. D
    LSASS dumping

Correct Answer: B ?️

Question #8
While performing an internal assessment, a tester uses the following command: crackmapexec smb 192.168.1.0/24 -u user.txt -p Summer123@
Which of the following is the main purpose of the command?
  1. A
    To perform a pass-the-hash attack over multiple endpoints within the internal network
  2. B
    To perform common protocol scanning within the internal network
  3. C
    To perform password spraying on internal systems
  4. D
    To execute a command in multiple endpoints at the same time

Correct Answer: C ?️

Question #9
A penetration testing team needs to determine whether it is possible to disrupt the wireless communications for PCs deployed in the client's offices. Which of the following techniques should the penetration tester leverage?
  1. A
    Port mirroring
  2. B
    Sidecar scanning
  3. C
    ARP poisoning
  4. D
    Channel scanning

Correct Answer: D ?️

Question #10
Which of the following tasks would ensure the key outputs from a penetration test are not lost as part of the cleanup and restoration activities?
  1. A
    Preserving artifacts
  2. B
    Reverting configuration changes
  3. C
    Keeping chain of custody
  4. D
    Exporting credential data

Correct Answer: A ?️

Next Questions

All Pages