Christmas 65% Special Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: tstf65

CompTIA PT0-003 CompTIA PenTest+ Exam Exam Practice Test

Page: 1 / 23
Total 227 questions

CompTIA PenTest+ Exam Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$43.75  $124.99

PDF Study Guide

  • Product Type: PDF Study Guide
$38.5  $109.99
Question 1

A tester is performing an external phishing assessment on the top executives at a company. Two-factor authentication is enabled on the executives’ accounts that are in the scope of work. Which of the following should the tester do to get access to these accounts?

Options:

A.

Configure an external domain using a typosquatting technique. Configure Evilginx to bypass two-factor authentication using a phishlet that simulates the mail portal for the company.

B.

Configure Gophish to use an external domain. Clone the email portal web page from the company and get the two-factor authentication code using a brute-force attack method.

C.

Configure an external domain using a typosquatting technique. Configure SET to bypass two-factor authentication using a phishlet that mimics the mail portal for the company.

D.

Configure Gophish to use an external domain. Clone the email portal web page from the company and get the two-factor authentication code using a vishing method.

Question 2

Which of the following OT protocols sends information in cleartext?

Options:

A.

TTEthernet

B.

DNP3

C.

Modbus

D.

PROFINET

Question 3

A company hires a penetration tester to perform an external attack surface review as part of a security engagement. The company informs the tester that the main company domain to investigate is comptia.org. Which of the following should the tester do to accomplish the assessment objective?

Options:

A.

Perform information-gathering techniques to review internet-facing assets for the company.

B.

Perform a phishing assessment to try to gain access to more resources and users’ computers.

C.

Perform a physical security review to identify vulnerabilities that could affect the company.

D.

Perform a vulnerability assessment over the main domain address provided by the client.

Question 4

A penetration tester needs to help create a threat model of a custom application. Which of the following is the most likely framework the tester will use?

Options:

A.

MITRE ATT&CK

B.

OSSTMM

C.

CI/CD

D.

DREAD

Question 5

Which of the following elements in a lock should be aligned to a specific level to allow the key cylinder to turn?

Options:

A.

Latches

B.

Pins

C.

Shackle

D.

Plug

Question 6

A penetration tester is performing reconnaissance for a web application assessment. Upon investigation, the tester reviews the robots.txt file for items of interest.

INSTRUCTIONS

Select the tool the penetration tester should use for further investigation.

Select the two entries in the robots.txt file that the penetration tester should recommend for removal.

Options:

Question 7

A penetration tester downloads a JAR file that is used in an organization's production environment. The tester evaluates the contents of the JAR file to identify potentially vulnerable components that can be targeted for exploit. Which of the following describes the tester's activities?

Options:

A.

SAST

B.

SBOM

C.

ICS

D.

SCA

Question 8

A penetration tester identifies an exposed corporate directory containing first and last names and phone numbers for employees. Which of the following attack techniques would be the most effective to pursue if the penetration tester wants to compromise user accounts?

Options:

A.

Smishing

B.

Impersonation

C.

Tailgating

D.

Whaling

Question 9

A penetration tester creates a list of target domains that require further enumeration. The tester writes the following script to perform vulnerability scanning across the domains:

line 1: #!/usr/bin/bash

line 2: DOMAINS_LIST = "/path/to/list.txt"

line 3: while read -r i; do

line 4: nikto -h $i -o scan-$i.txt &

line 5: done

The script does not work as intended. Which of the following should the tester do to fix the script?

Options:

A.

Change line 2 to {"domain1", "domain2", "domain3", }.

B.

Change line 3 to while true; read -r i; do.

C.

Change line 4 to nikto $i | tee scan-$i.txt.

D.

Change line 5 to done < "$DOMAINS_LIST".

Question 10

A penetration tester is authorized to perform a DoS attack against a host on a network. Given the following input:

ip = IP("192.168.50.2")

tcp = TCP(sport=RandShort(), dport=80, flags="S")

raw = RAW(b"X"*1024)

p = ip/tcp/raw

send(p, loop=1, verbose=0)

Which of the following attack types is most likely being used in the test?

Options:

A.

MDK4

B.

Smurf attack

C.

FragAttack

D.

SYN flood

Question 11

Which of the following is most important when communicating the need for vulnerability remediation to a client at the conclusion of a penetration test?

Options:

A.

Articulation of cause

B.

Articulation of impact

C.

Articulation of escalation

D.

Articulation of alignment

Question 12

During a red-team exercise, a penetration tester obtains an employee's access badge. The tester uses the badge's information to create a duplicate for unauthorized entry. Which of the following best describes this action?

Options:

A.

Smurfing

B.

Credential stuffing

C.

RFID cloning

D.

Card skimming

Question 13

A penetration tester performs a service enumeration process and receives the following result after scanning a server using the Nmap tool:

bash

PORT STATE SERVICE

22/tcp open ssh

25/tcp filtered smtp

111/tcp open rpcbind

2049/tcp open nfs

Based on the output, which of the following services provides the best target for launching an attack?

Options:

A.

Database

B.

Remote access

C.

Email

D.

File sharing

Question 14

A client warns the assessment team that an ICS application is maintained by the manufacturer. Any tampering of the host could void the enterprise support terms of use.

Which of the following techniques would be most effective to validate whether the application encrypts communications in transit?

Options:

A.

Utilizing port mirroring on a firewall appliance

B.

Installing packet capture software on the server

C.

Reconfiguring the application to use a proxy

D.

Requesting that certificate pinning be disabled

Question 15

Which of the following describes the process of determining why a vulnerability scanner is not providing results?

Options:

A.

Root cause analysis

B.

Secure distribution

C.

Peer review

D.

Goal reprioritization

Question 16

Which of the following is the most efficient way to exfiltrate a file containing data that could be sensitive?

Options:

A.

Use steganography and send the file over FTP.

B.

Compress the file and send it using TFTP.

C.

Split the file in tiny pieces and send it over dnscat.

D.

Encrypt and send the file over HTTPS.

Question 17

During an assessment, a penetration tester exploits an SQLi vulnerability. Which of the following commands would allow the penetration tester to enumerate password hashes?

Options:

A.

sqlmap -u www.example.com/?id=1 --search -T user

B.

sqlmap -u www.example.com/?id=1 --dump -D accounts -T users -C cred

C.

sqlmap -u www.example.com/?id=1 --tables -D accounts

D.

sqlmap -u www.example.com/?id=1 --schema --current-user --current-db

Question 18

A penetration tester has discovered sensitive files on a system. Assuming exfiltration of the files is part of the scope of the test, which of the following is most likely to evade DLP systems?

Options:

A.

Encoding the data and pushing through DNS to the tester's controlled server.

B.

Padding the data and uploading the files through an external cloud storage service.

C.

Obfuscating the data and pushing through FTP to the tester's controlled server.

D.

Hashing the data and emailing the files to the tester's company inbox.

Question 19

A penetration tester attempts unauthorized entry to the company's server room as part of a security assessment. Which of the following is the best technique to manipulate the lock pins and open the door without the original key?

Options:

A.

Plug spinner

B.

Bypassing

C.

Decoding

D.

Raking

Question 20

A tester runs an Nmap scan against a Windows server and receives the following results:

Nmap scan report for win_dns.local (10.0.0.5)

Host is up (0.014s latency)

Port State Service

53/tcp open domain

161/tcp open snmp

445/tcp open smb-ds

3389/tcp open rdp

Which of the following TCP ports should be prioritized for using hash-based relays?

Options:

A.

53

B.

161

C.

445

D.

3389

Question 21

A tester compromises a target host and then wants to maintain persistent access. Which of the following is the best way for the attacker to accomplish the objective?

Options:

A.

Configure and register a service.

B.

Install and run remote desktop software.

C.

Set up a script to be run when users log in.

D.

Perform a kerberoasting attack on the host.

Question 22

A penetration tester wants to maintain access to a compromised system after a reboot. Which of the following techniques would be best for the tester to use?

Options:

A.

Establishing a reverse shell

B.

Executing a process injection attack

C.

Creating a scheduled task

D.

Performing a credential-dumping attack

Question 23

A penetration testing team needs to determine whether it is possible to disrupt the wireless communications for PCs deployed in the client's offices. Which of the following techniques should the penetration tester leverage?

Options:

A.

Port mirroring

B.

Sidecar scanning

C.

ARP poisoning

D.

Channel scanning

Question 24

A penetration tester has found a web application that is running on a cloud virtual machine instance. Vulnerability scans show a potential SSRF for the same application URL path with an injectable parameter. Which of the following commands should the tester run to successfully test for secrets exposure exploitability?

Options:

A.

curl ?param=http://169.254.169.254/latest/meta-data/

B.

curl '?param=http://127.0.0.1/etc/passwd'

C.

curl '?param=