PT0-003 Exam Questions

A penetration tester is performing network reconnaissance. The tester wants to gather information about the network without causing detection mechanisms to flag the reconnaissance...

After a recent penetration test was conducted by the company's penetration testing team, a systems administrator notices the following in the logs: 2/10/2023 05:50AM C:\users\mgran...

A penetration tester is conducting a vulnerability scan. The tester wants to see any vulnerabilities that may be visible from outside of the organization. Which of the following sc...

A penetration tester gains initial access to a target system by exploiting a recent RCE vulnerability. The patch for the vulnerability will be deployed at the end of the week. Whic...

A penetration tester is conducting reconnaissance for an upcoming assessment of a large corporate client. The client authorized spear phishing in the rules of engagement. Which of...

A penetration tester established an initial compromise on a host. The tester wants to pivot to other targets and set up an appropriate relay. The tester needs to enumerate through...

A penetration tester needs to confirm the version number of a client's web application server. Which of the following techniques should the penetration tester use?

While conducting a peer review for a recent assessment, a penetration tester finds the debugging mode is still enabled for the production system. Which of the following is most lik...

A tester runs an Nmap scan against a Windows server and receives the following results: Which of the following TCP ports should be prioritized for using hash-based relays?

During an assessment, a penetration tester runs the following command: setspn.exe -Q / Which of the following attacks is the penetration tester preparing for?

During an assessment, a penetration tester obtains a low-privilege shell and then runs the following command: findstr /SIM /C:"pass" *.txt *.cfg *.xml Which of the following is the...

During an assessment, a penetration tester wants to extend the vulnerability search to include the use of dynamic testing. Which of the following tools should the tester use?

During an engagement, a penetration tester found some weaknesses that were common across the customer's entire environment. The weaknesses included the following: Weaker password s...

A penetration tester obtains password dumps associated with the target and identifies strict lockout policies. The tester does not want to lock out accounts when attempting access....

A penetration tester runs a vulnerability scan that identifies several issues across numerous customer hosts. The executive report outlines the following information: The client is...

A penetration tester is conducting a wireless security assessment for a client with 2.4GHz and 5GHz access points. The tester places a wireless USB dongle in the laptop to start ca...

During a red-team exercise, a penetration tester obtains an employee's access badge. The tester uses the badge's information to create a duplicate for unauthorized entry. Which of...

A penetration tester wants to use PowerView in an AD environment. Which of the following is the most likely reason?

A penetration tester is configuring a vulnerability management solution to perform credentialed scans of an Active Directory server. Which of the following account types should the...

A penetration tester writes the following script, which is designed to hide communication and bypass some restrictions on a client's network: $base64cmd = Resolve-DnsName foo.compt...

Which of the following components should a penetration tester include in the final assessment report?

Which of the following elements of a penetration test report can be used to most effectively prioritize the remediation efforts for all the findings?

During a security assessment, a penetration tester needs to exploit a vulnerability in a wireless network's authentication mechanism to gain unauthorized access to the network. Whi...

A penetration tester needs to evaluate the order in which the next systems will be selected for testing. Given the following output: Which of the following targets should the teste...

During a security assessment, a penetration tester gains access to an internal server and manipulates some data to hide its presence. Which of the following is the best way for the...

A tester enumerated a firewall policy and now needs to stage and exfiltrate data captured from the engagement. Given the following firewall policy: Which of the following commands...

Which of the following elements in a lock should be aligned to a specific level to allow the key cylinder to turn?

A penetration tester assesses an application allow list and has limited command-line access on the Windows system. Which of the following would give the penetration tester informat...

A penetration tester wants to use multiple TTPs to assess the reactions (alerted, blocked, and others) by the client's current security tools. The threat-modeling team indicates th...

As part of a security audit, a penetration tester finds an internal application that accepts unexpected user inputs, leading to the execution of arbitrary commands. Which of the fo...

A penetration tester identifies an exposed corporate directory containing first and last names and phone numbers for employees. Which of the following attack techniques would be th...

A penetration tester enters a command into the shell and receives the following output: C:\Users\UserX\Desktop>vmic service get name, pathname, displayname, startmode | findstr /i...

Which of the following is the most secure way to protect a final report file when delivering the report to the client/customer?

During an engagement, a junior penetration tester found a multihomed host that led to an unknown network segment. The penetration tester ran a port scan against the network segment...

A penetration tester is compiling the final report for a recently completed engagement. A junior QA team member wants to know where they can find details on the impact, overall sec...

A tester completed a report for a new client. Prior to sharing the report with the client, which of the following should the tester request to complete a review?

During an assessment, a penetration tester exploits an SQLi vulnerability. Which of the following commands would allow the penetration tester to enumerate password hashes?

During an assessment, a penetration tester obtains an NTLM hash from a legacy Windows machine. Which of the following tools should the penetration tester use to continue the attack...

A penetration tester wants to use the following Bash script to identify active servers on a network: 1 network_addr="192.168.1" 2 for h in {1..254}; do 3 ping -c 1 -W 1 $network_ad...

A penetration tester is attempting to discover vulnerabilities in a company's web application. Which of the following tools would most likely assist with testing the security of th...

A penetration tester needs to launch an Nmap scan to find the state of the port for both TCP and UDP services. Which of the following commands should the tester use?

A tester plans to perform an attack technique over a compromised host. The tester prepares a payload using the following command: msfvenom -p windows/x64/meterpreter/reverse_tcp LH...

A penetration tester is performing an assessment for an organization and must gather valid user credentials. Which of the following attacks would be best for the tester to use to a...

Which of the following is the most important to include in the scope of a wireless security assessment?

As part of active reconnaissance, penetration testers need to determine whether a protection mechanism is in place to safeguard the target's website against web application attacks...

During an assessment, a penetration tester found an application with the default credentials enabled. Which of the following best describes the technical control required to fix th...

A penetration tester runs a reconnaissance script and would like the output in a standardized machine-readable format in order to pass the data to another application. Which of the...

A penetration tester is performing an assessment against a customer's web application that is hosted in a major cloud provider's environment. The penetration tester observes that t...

Which of the following components should a penetration tester most likely include in a report at the end of an assessment?

A penetration testing team has gained access to an organization's data center, but the team requires more time to test the attack strategy. Which of the following wireless attack t...