Summer Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

CompTIA PenTest+ Exam

Last Update 10 hours ago Total Questions : 336

The CompTIA PenTest+ Exam content is now fully updated, with all current exam questions added 10 hours ago. Deciding to include PT0-003 practice exam questions in your study plan goes far beyond basic test preparation.

You'll find that our PT0-003 exam questions frequently feature detailed scenarios and practical problem-solving exercises that directly mirror industry challenges. Engaging with these PT0-003 sample sets allows you to effectively manage your time and pace yourself, giving you the ability to finish any CompTIA PenTest+ Exam practice test comfortably within the allotted time.

Question # 41

A penetration tester gains access to a host but does not have access to any type of shell. Which of the following is the best way for the tester to further enumerate the host and the environment in which it resides?

A.

ProxyChains

B.

Netcat

C.

PowerShell ISE

D.

Process IDs

Question # 42

A penetration tester is testing a power plant ' s network and needs to avoid disruption to the grid. Which of the following methods is most appropriate to identify vulnerabilities in the network?

A.

Configure a network scanner engine and execute the scan.

B.

Execute a testing framework to validate vulnerabilities on the devices.

C.

Configure a port mirror and review the network traffic.

D.

Run a network mapper tool to get an understanding of the devices.

Question # 43

During a security assessment, a penetration tester uses a tool to capture plaintext log-in credentials on the communication between a user and an authentication system. The tester wants to use this information for further unauthorized access. Which of the following tools is the tester using?

A.

Burp Suite

B.

Wireshark

C.

Zed Attack Proxy

D.

Metasploit

Question # 44

During a security assessment, a penetration tester captures plaintext login credentials on the communication between a user and an authentication system. The tester wants to use this information for further unauthorized access.

Which of the following tools is the tester using?

A.

Burp Suite

B.

Wireshark

C.

Zed Attack Proxy (ZAP)

D.

Metasploit

Question # 45

During a penetration test, the tester uses a vulnerability scanner to collect information about any possible vulnerabilities that could be used to compromise the network. The tester receives the results and then executes the following command:

snmpwalk -v 2c -c public 192.168.1.23

Which of the following is the tester trying to do based on the command they used?

A.

Bypass defensive systems to collect more information.

B.

Use an automation tool to perform the attacks.

C.

Script exploits to gain access to the systems and host.

D.

Validate the results and remove false positives.

Question # 46

A penetration tester wants to gather the names of potential phishing targets who have access to sensitive data. Which of the following would best meet this goal?

A.

WHOIS

B.

Censys.io

C.

SpiderFoot

D.

theHarvester

Question # 47

While conducting a reconnaissance activity, a penetration tester extracts the following information:

Emails:

admin@acme.com

sales@acme.com

support@acme.com

Which of the following risks should the tester use to leverage an attack as the next step in the security assessment?

A.

Unauthorized access to the network

B.

Exposure of sensitive servers to the internet

C.

Likelihood of SQL injection attacks

D.

Indication of a data breach in the company

Question # 48

Which of the following will reduce the possibility of introducing errors or bias in a penetration test report?

A.

Secure distribution

B.

Peer review

C.

Use AI

D.

Goal reprioritization

Question # 49

During an engagement, a penetration tester receives a list of target systems and wants to enumerate them for possible vulnerabilities. The tester finds the following script on the internet:

After running the script, the tester runs the following command:

Which of the following should the tester do next?

A.

Replace line 4 with the following: api = " /api/v2/getToken/data/id/None "

B.

Insert the following line before line 6: target = target.split( " " )[0]

C.

Insert the following line before line 7: url = url.lstrip( ' http:// ' )

D.

Replace line 7 with the following: response = requests.post(url, api)

Question # 50

A penetration tester finds it is possible to downgrade a web application ' s HTTPS connections to HTTP while performing on-path attacks on the local network. The tester reviews the output of the server response to:

curl -s -i https://internalapp/

HTTP/2 302

date: Thu, 11 Jan 2024 15:56:24 GMT

content-type: text/html; charset=iso-8659-1

location: /login

x-content-type-options: nosniff

server: Prod

Which of the following recommendations should the penetration tester include in the report?

A.

Add the HSTS header to the server.

B.

Attach the httponly flag to cookies.

C.

Front the web application with a firewall rule to block access to port 80.

D.

Remove the x-content-type-options header.

Go to page: