PT0-003 exam

During a web application assessment, a penetration tester identifies an input field that allows JavaScript injection. The tester inserts a line of JavaScript that results in a prompt, presenting a text box when browsing to the page going forward. Which of the following types of attacks is this an example...

A penetration tester gains access to a domain server and wants to enumerate the systems within the domain. Which of the following tools would provide the best oversight of domains?A . NetcatB . WiresharkC . NmapD . ResponderView AnswerAnswer: C Explanation: Installation: Nmap can be installed on various operating systems....

During an external penetration test, a tester receives the following output from a tool: test.comptia.org info.comptia.org vpn.comptia.org exam.comptia.org Which of the following commands did the tester most likely run to get these results?A . nslookup -type=SOA comptia.orgB . amass enum -passive -d comptia.orgC . nmap -Pn -sV -vv -A comptia.orgD...

A penetration tester gains access to a host but does not have access to any type of shell. Which of the following is the best way for the tester to further enumerate the host and the environment in which it resides?A . ProxyChainsB . NetcatC . PowerShell ISED . Process...

A penetration tester is working on an engagement in which a main objective is to collect confidential information that could be used to exfiltrate data and perform a ransomware attack. During the engagement, the tester is able to obtain an internal foothold on the target network. Which of the following...

A penetration tester needs to launch an Nmap scan to find the state of the port for both TCP and UDP services. Which of the following commands should the tester use?A . nmap -sU -sW -p 1-65535 example.comB . nmap -sU -sY -p 1-65535 example.comC . nmap -sU -sT -p...

A penetration tester needs to confirm the version number of a client's web application server. Which of the following techniques should the penetration tester use?A . SSL certificate inspectionB . URL spideringC . Banner grabbingD . Directory brute forcingView AnswerAnswer: C Explanation: Banner grabbing is a technique used to gather...

Given the following statements: Implement a web application firewall. Upgrade end-of-life operating systems. Implement a secure software development life cycle. In which of the following sections of a penetration test report would the above statements be found?A . Executive summaryB . Attack narrativeC . Detailed findingsD . RecommendationsView AnswerAnswer: D...

A penetration tester assesses an application allow list and has limited command-line access on the Windows system. Which of the following would give the penetration tester information that could aid in continuing the test?A . mmc.exeB . icacls.exeC . nltest.exeD . rundll.exeView AnswerAnswer: C Explanation: When a penetration tester has...

During the reconnaissance phase, a penetration tester collected the following information from the DNS records: A-----> www A-----> host TXT --> vpn.comptia.org SPF---> ip =2.2.2.2 Which of the following DNS records should be in place to avoid phishing attacks using spoofing domain techniques?A . MXB . SOAC . DMARCD ....