Summer Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

CompTIA PenTest+ Exam

Last Update 10 hours ago Total Questions : 336

The CompTIA PenTest+ Exam content is now fully updated, with all current exam questions added 10 hours ago. Deciding to include PT0-003 practice exam questions in your study plan goes far beyond basic test preparation.

You'll find that our PT0-003 exam questions frequently feature detailed scenarios and practical problem-solving exercises that directly mirror industry challenges. Engaging with these PT0-003 sample sets allows you to effectively manage your time and pace yourself, giving you the ability to finish any CompTIA PenTest+ Exam practice test comfortably within the allotted time.

Question # 11

During a preengagement activity with a new customer, a penetration tester looks for assets to test. Which of the following is an example of a target that can be used for testing?

A.

API

B.

HTTP

C.

IPA

D.

ICMP

Question # 12

A tester needs to begin capturing WLAN credentials for cracking during an on-site engagement. Which of the following is the best command to capture handshakes?

A.

tcpdump -n -s0 -w < pcapname > -i < iface >

B.

airserv-ng -d < iface >

C.

aireplay-ng -0 1000 -a < target_mac >

D.

airodump-ng -c 6 --bssid < target_mac > < iface >

Question # 13

A penetration tester gained a foothold within a network. The penetration tester needs to enumerate all users within the domain. Which of the following is the best way to accomplish this task?

A.

pwd.exe

B.

net.exe

C.

sc.exe

D.

msconfig.exe

Question # 14

During a penetration test, the tester wants to obtain public information that could be used to compromise the organization ' s cloud infrastructure. Which of the following is the most effective resource for the tester to use for this purpose?

A.

Sensitive documents on a public cloud

B.

Open ports on the cloud infrastructure

C.

Repositories with secret keys

D.

SSL certificates on websites

Question # 15

A penetration tester sets up a C2 (Command and Control) server to manage and control payloads deployed in the target network. Which of the following tools is the most suitable for establishing a robust and stealthy connection?

A.

ProxyChains

B.

Covenant

C.

PsExec

D.

sshuttle

Question # 16

A penetration tester needs to exploit a vulnerability in a wireless network that has weak encryption to perform traffic analysis and decrypt sensitive information. Which of the following techniques would best allow the penetration tester to have access to the sensitive information?

A.

Bluejacking

B.

SSID spoofing

C.

Packet sniffing

D.

ARP poisoning

Question # 17

A penetration tester finds that an application responds with the contents of the /etc/passwd file when the following payload is sent:

xml

Copy code

< ?xml version= " 1.0 " ? >

< !DOCTYPE data [

< !ENTITY foo SYSTEM " file:///etc/passwd " >

] >

< test > & foo; < /test >

Which of the following should the tester recommend in the report to best prevent this type of vulnerability?

A.

Drop all excessive file permissions with chmod o-rwx.

B.

Ensure the requests application access logs are reviewed frequently.

C.

Disable the use of external entities.

D.

Implement a WAF to filter all incoming requests.

Question # 18

A penetration tester is evaluating a company ' s cybersecurity preparedness. The tester wants to acquire valid credentials using a social engineering campaign. Which of the following tools and techniques are most applicable in this scenario? (Select two).

A.

TruffleHog for collecting credentials

B.

Shodan for identifying potential targets

C.

Gophish for sending phishing emails

D.

Maltego for organizing targets

E.

theHarvester for discovering additional targets

F.

Evilginx for handling legitimate authentication requests through a proxy

Question # 19

A client recently hired a penetration testing firm to conduct an assessment of their consumer-facing web application. Several days into the assessment, the client’s networking team observes a substantial increase in DNS traffic. Which of the following would most likely explain the increase in DNS traffic?

A.

Covert data exfiltration

B.

URL spidering

C.

HTML scraping

D.

DoS attack

Question # 20

Which of the following is within the scope of proper handling and most crucial when working on a penetration testing report?

A.

Keeping both video and audio of everything that is done

B.

Keeping the report to a maximum of 5 to 10 pages in length

C.

Basing the recommendation on the risk score in the report

D.

Making the report clear for all objectives with a precise executive summary

Go to page: