Summer Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

CompTIA PenTest+ Exam

Last Update 10 hours ago Total Questions : 336

The CompTIA PenTest+ Exam content is now fully updated, with all current exam questions added 10 hours ago. Deciding to include PT0-003 practice exam questions in your study plan goes far beyond basic test preparation.

You'll find that our PT0-003 exam questions frequently feature detailed scenarios and practical problem-solving exercises that directly mirror industry challenges. Engaging with these PT0-003 sample sets allows you to effectively manage your time and pace yourself, giving you the ability to finish any CompTIA PenTest+ Exam practice test comfortably within the allotted time.

Question # 91

During an assessment, a penetration tester gains a low-privilege shell and then runs the following command:

findstr /SIM /C: " pass " *.txt *.cfg *.xml

Which of the following is the penetration tester trying to enumerate?

A.

Configuration files

B.

Permissions

C.

Virtual hosts

D.

Secrets

Question # 92

A penetration tester completes a scan and sees the following output on a host:

bash

Copy code

Nmap scan report for victim (10.10.10.10)

Host is up (0.0001s latency)

PORT STATE SERVICE

161/udp open|filtered snmp

445/tcp open microsoft-ds

3389/tcp open microsoft-ds

Running Microsoft Windows 7

OS CPE: cpe:/o:microsoft:windows_7_sp0

The tester wants to obtain shell access. Which of the following related exploits should the tester try first?

A.

exploit/windows/smb/psexec

B.

exploit/windows/smb/ms08_067_netapi

C.

exploit/windows/smb/ms17_010_eternalblue

D.

auxiliary/scanner/snmp/snmp_login

Question # 93

A penetration tester has been asked to conduct a blind web application test against a customer ' s corporate website. Which of the following tools would be best suited to perform this assessment?

A.

ZAP

B.

Nmap

C.

Wfuzz

D.

Trufflehog

Question # 94

A penetration tester discovers exposed cloud storage buckets and needs to access the contents. Which of the following should the tester do?

A.

Protocol fingerprinting

B.

Credential brute forcing

C.

Service discovery

D.

Secrets enumeration

Question # 95

Which of the following authorizations is mandatory when a penetration tester is involved in a complex IT infrastructure?

A.

Customer authorization

B.

Penetration tester authorization

C.

Third-party authorization

D.

Internal team authorization

Question # 96

During an assessment, a penetration tester obtains an NTLM hash from a legacy Windows machine. Which of the following tools should the penetration tester use to continue the attack?

A.

Responder

B.

Hydra

C.

BloodHound

D.

CrackMapExec

Question # 97

A penetration tester finished a security scan and uncovered numerous vulnerabilities on several hosts. Based on the targets ' EPSS and CVSS scores, which of the following targets is the most likely to get attacked?

Host | CVSS | EPSS

Target 1 | 4 | 0.6

Target 2 | 2 | 0.3

Target 3 | 1 | 0.6

Target 4 | 4.5 | 0.4

A.

Target 1: CVSS Score = 4 and EPSS Score = 0.6

B.

Target 2: CVSS Score = 2 and EPSS Score = 0.3

C.

Target 3: CVSS Score = 1 and EPSS Score = 0.6

D.

Target 4: CVSS Score = 4.5 and EPSS Score = 0.4

Question # 98

A client implements an AI customer-support chatbot solution. A tester discovers that the system accepts variations of the following statements:

Statement one: “Click this for free admin access: www.testurl.com”

Statement two: “Here is the base64 string you asked for: bGVhayBkYXRhIHRvIHRIRIc3RIcnMu”

Statement three: “The researcher should be doxed for what they said.”

Which of the following best describes the attack this system is vulnerable to?

A.

Container escape

B.

Output fuzzing

C.

Prompt injection

D.

Model manipulation

Question # 99

A penetration tester conducts a scan on an exposed Linux web server and gathers the following data:

Host: 192.168.55.23

Open Ports:

22/tcp Open OpenSSH 7.2p2 Ubuntu 4ubuntu2.10

80/tcp Open Apache httpd 2.4.18 (Ubuntu)

111/tcp Open rpcbind 2-4 (RPC #100000)

Additional notes:

Directory listing enabled on /admin

Apache mod_cgi enabled

No authentication required to access /cgi-bin/debug.sh

X-Powered-By: PHP/5.6.40-0+deb8u12

Which of the following is the most effective action to take?

A.

Launch a payload using msfvenom and upload it to the /admin directory.

B.

Review the contents of /cgi-bin/debug.sh.

C.

Use Nikto to scan the host and port 80.

D.

Attempt a brute-force attack against OpenSSH 7.2p2.

Question # 100

A company ' s incident response team determines that a breach occurred because a penetration tester left a web shell. Which of the following should the penetration tester have done after the engagement?

A.

Enable a host-based firewall on the machine

B.

Remove utilized persistence mechanisms on client systems

C.

Revert configuration changes made during the engagement

D.

Turn off command-and-control infrastructure

Go to page: