Summer Certification Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

PT0-003 Exam Dumps - CompTIA PenTest+ Exam

Searching for workable clues to ace the CompTIA PT0-003 Exam? You’re on the right place! ExamCert has realistic, trusted and authentic exam prep tools to help you achieve your desired credential. ExamCert’s PT0-003 PDF Study Guide, Testing Engine and Exam Dumps follow a reliable exam preparation strategy, providing you the most relevant and updated study material that is crafted in an easy to learn format of questions and answers. ExamCert’s study tools aim at simplifying all complex and confusing concepts of the exam and introduce you to the real exam scenario and practice it with the help of its testing engine and real exam dumps

Go to page:
Question # 17

A penetration tester is unable to identify the Wi-Fi SSID on a client’s cell phone.

Which of the following techniques would be most effective to troubleshoot this issue?

A.

Sidecar scanning

B.

Channel scanning

C.

Stealth scanning

D.

Static analysis scanning

Full Access
Question # 18

A penetration tester obtains local administrator access on a Windows system and wants to attempt lateral movement. The system exists within a Windows Workgroup environment. Which of the following actions should the tester take?

A.

Create a malicious certificate.

B.

Dump credentials from memory.

C.

Craft Kerberos tickets.

D.

List potential privilege escalation paths.

Full Access
Question # 19

A penetration tester discovers data to stage and exfiltrate. The client has authorized movement to the tester ' s attacking hosts only. Which of the following would be most appropriate to avoid alerting the SOC?

A.

Apply UTF-8 to the data and send over a tunnel to TCP port 25.

B.

Apply Base64 to the data and send over a tunnel to TCP port 80.

C.

Apply 3DES to the data and send over a tunnel UDP port 53.

D.

Apply AES-256 to the data and send over a tunnel to TCP port 443.

Full Access
Question # 20

A tester obtains access to an endpoint subnet and wants to move laterally in the network. Given the following Nmap scan output:

Nmap scan report for some_host

Host is up (0.01s latency).

PORT STATE SERVICE

445/tcp open microsoft-ds

Host script results:

smb2-security-mode: Message signing disabled

Which of the following command and attack methods is the most appropriate for reducing the chances of being detected?

A.

responder -I eth0 -dwv ntlmrelayx.py -smb2support -tf < target >

B.

msf > use exploit/windows/smb/ms17_010_psexec

C.

hydra -L administrator -P /path/to/passwdlist smb:// < target >

D.

nmap --script smb-brute.nse -p 445 < target >

Full Access
Question # 21

A penetration tester finishes a security scan and uncovers numerous vulnerabilities on several hosts. Based on the targets ' EPSS (Exploit Prediction Scoring System) and CVSS (Common Vulnerability Scoring System) scores, which of the following targets is the most likely to get attacked?

A.

Target 1: EPSS Score = 0.6, CVSS Score = 4

B.

Target 2: EPSS Score = 0.3, CVSS Score = 2

C.

Target 3: EPSS Score = 0.6, CVSS Score = 1

D.

Target 4: EPSS Score = 0.4, CVSS Score = 4.5

Full Access
Question # 22

A penetration tester is performing network reconnaissance. The tester wants to gather information about the network without causing detection mechanisms to flag the reconnaissance activities. Which of the following techniques should the tester use?

A.

Sniffing

B.

Banner grabbing

C.

TCP/UDP scanning

D.

Ping sweeps

Full Access
Question # 23

Given the following statements:

Implement a web application firewall.

Upgrade end-of-life operating systems.

Implement a secure software development life cycle.

In which of the following sections of a penetration test report would the above statements be found?

A.

Executive summary

B.

Attack narrative

C.

Detailed findings

D.

Recommendations

Full Access
Question # 24

A penetration tester has found a web application that is running on a cloud virtual machine instance. Vulnerability scans show a potential SSRF for the same application URL path with an injectable parameter. Which of the following commands should the tester run to successfully test for secrets exposure exploitability?

A.

curl < url > ?param=http://169.254.169.254/latest/meta-data/

B.

curl ' < url > ?param=http://127.0.0.1/etc/passwd '

C.

curl ' < url > ?param= < script > alert(1) < script > / '

D.

curl < url > ?param=http://127.0.0.1/

Full Access
Go to page: