Summer Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

CompTIA PenTest+ Exam

Last Update 10 hours ago Total Questions : 336

The CompTIA PenTest+ Exam content is now fully updated, with all current exam questions added 10 hours ago. Deciding to include PT0-003 practice exam questions in your study plan goes far beyond basic test preparation.

You'll find that our PT0-003 exam questions frequently feature detailed scenarios and practical problem-solving exercises that directly mirror industry challenges. Engaging with these PT0-003 sample sets allows you to effectively manage your time and pace yourself, giving you the ability to finish any CompTIA PenTest+ Exam practice test comfortably within the allotted time.

Question # 21

A client warns the assessment team that an ICS application is maintained by the manufacturer. Any tampering of the host could void the enterprise support terms of use. Which of the following techniques would be most effective to validate whether the application encrypts communications in transit?

A.

Utilizing port mirroring on a firewall appliance

B.

Installing packet capture software on the server

C.

Reconfiguring the application to use a proxy

D.

Requesting that certificate pinning be disabled

Question # 22

A penetration tester gains shell access to a Windows host. The tester needs to permanently turn off protections in order to install additional payload. Which of the following commands is most appropriate?

A.

sc config < svc_name > start=disabled

B.

sc query state= all

C.

pskill < pid_svc_name >

D.

net config < svc_name >

Question # 23

In a cloud environment, a security team discovers that an attacker accessed confidential information that was used to configure virtual machines during their initialization. Through which of the following features could this information have been accessed?

A.

IAM

B.

Block storage

C.

Virtual private cloud

D.

Metadata services

Question # 24

As part of an engagement, a penetration tester wants to maintain access to a compromised system after rebooting. Which of the following techniques would be best for the tester to use?

A.

Establishing a reverse shell

B.

Executing a process injection attack

C.

Creating a scheduled task

D.

Performing a credential-dumping attack

Question # 25

During wireless testing, a penetration tester observes the following customer APs and configurations:

SSID / Configuration

AP1 – WPA3

AP2 – WPA3

AP3 – WPA2

AP4 – WPA3

Which of the following attacks can the tester use only against AP3?

A.

Brute force

B.

Signal jamming

C.

Evil twin

D.

Deauthentication

Question # 26

A tester performs a vulnerability scan and identifies several outdated libraries used within the customer SaaS product offering. Which of the following types of scans did the tester use to identify the libraries?

A.

IAST

B.

SBOM

C.

DAST

D.

SAST

Question # 27

During an assessment, a penetration tester manages to get RDP access via a low-privilege user. The tester attempts to escalate privileges by running the following commands:

Import-Module .\PrintNightmare.ps1

Invoke-Nightmare -NewUser " hacker " -NewPassword " Password123! " -DriverName " Print "

The tester attempts to further enumerate the host with the new administrative privileges by using the runas command. However, the access level is still low. Which of the following actions should the penetration tester take next?

A.

Log off and log on with " hacker " .

B.

Attempt to add another user.

C.

Bypass the execution policy.

D.

Add a malicious printer driver.

Question # 28

A penetration testing team wants to conduct DNS lookups for a set of targets provided by the client. The team crafts a Bash script for this task. However, they find a minor error in one line of the script:

1 #!/bin/bash

2 for i in $(cat example.txt); do

3 curl $i

4 done

Which of the following changes should the team make to line 3 of the script?

A.

resolvconf $i

B.

rndc $i

C.

systemd-resolve $i

D.

host $i

Question # 29

A penetration tester would like to collect permission details for objects within the domain. The tester has a valid AD user and access to an internal PC. Which of the following sets of steps is the best way for the tester to accomplish the desired outcome?

A.

Escalate privileges.Execute Rubeus.Run a Cypher query on Rubeus to get the results.

B.

Run SharpHound.Install CrackMapExec.Perform a CrackMapExec database query on CME to get the results.

C.

Run SharpHoundInstall BloodHoundPerform a Cypher query on BloodHound to get the results.

D.

Escalate privileges.Get Windows Registry data.Perform a query to get results.

Question # 30

A tester gains initial access to a server and needs to enumerate all corporate domain DNS records. Which of the following commands should the tester use?

A.

dig +short A AAAA local.domain

B.

nslookup local.domain

C.

dig axfr @local.dns.server

D.

nslookup -server local.dns.server local.domain *

Go to page: