PT0-003 Exam Questions
302 real PT0-003 exam questions with expert-verified answers and explanations. Page 4 of 7.
- Question #155Post-exploitation and Lateral Movement
A penetration tester is attempting to exfiltrate sensitive data from a client environment without alerting the client's blue team. Which of the following exfiltration methods most...
data exfiltrationDNS exfiltrationcovert channels - Question #156Attacks and Exploits
A penetration tester attempts unauthorized entry to the company's server room as part of a security assessment. Which of the following is the best technique to manipulate the lock...
physical penetration testinglock pickingraking - Question #157Vulnerability Discovery and Analysis
Which of the following frameworks can be used to classify threats?
threat modelingsecurity frameworksSTRIDE - Question #158Vulnerability Discovery and Analysis
A client warns the assessment team that an ICS application is maintained by the manufacturer. Any tampering of the host could void the enterprise support terms of use. Which of the...
ICS securitytraffic analysisport mirroringnetwork sniffing - Question #159CompTIA PenTest+ / Security+ - Application Security and Vulnerability Remediation; specifically identifying and recommending mitigations for injection-based web application attacks (XXE)
A penetration tester finds that an application responds with the contents of the /etc/passwd file when the following payload is sent: Which of the following should the tester recom...
XXE InjectionXML SecurityWeb Application VulnerabilitiesPenetration Testing Reporting - Question #160Post-exploitation and Lateral Movement
A penetration tester gains shell access to a Windows host. The tester needs to permanently turn off protections in order to install additional payload. Which of the following comma...
Windows commandsservice managementpersistencepost-exploitation - Question #161Attacks and Exploits
A penetration tester is performing a cloud-based penetration test against a company. Stakeholders have indicated the priority is to see if the tester can get into privileged system...
cloud securitySSRFmetadata serviceprivilege escalation - Question #162Reconnaissance and Enumeration
A penetration testing team needs to determine whether it is possible to disrupt the wireless communications for PCs deployed in the client's offices. Which of the following techniq...
wireless securitychannel scanningnetwork reconnaissance - Question #163Reconnaissance and Enumeration
While conducting an assessment, a penetration tester identifies the details for several unreleased products announced at a company-wide meeting. Which of the following attacks did...
social engineeringeavesdroppingintelligence gathering - Question #164Post-exploitation and Lateral Movement
A client recently hired a penetration testing firm to conduct an assessment of their consumer- facing web application. Several days into the assessment, the client's networking tea...
DNS exfiltrationcovert data exfiltrationnetwork anomalies - Question #165Post-exploitation and Lateral Movement
A tester compromises a target host and then wants to maintain persistent access. Which of the following is the best way for the attacker to accomplish the objective?
persistenceWindows servicespost-exploitation - Question #166Engagement Management
Which of the following is within the scope of proper handling and most crucial when working on a penetration testing report?
penetration testing reportexecutive summaryreporting best practices - Question #167Post-exploitation and Lateral Movement
A penetration tester is researching a path to escalate privileges. While enumerating current user privileges, the tester observes the following output: Which of the following privi...
Windows privilege escalationSeImpersonatePrivilegepost-exploitation - Question #168Attacks and Exploits
During a discussion of a penetration test final report, the consultant shows the following payload used to attack a system: ?/<sCRitP>aLeRt("pwned")</ScriPt> Based on the code, whi...
XSScross-site scriptinginput sanitizationweb application security - Question #169Vulnerability Discovery and Analysis
A penetration tester is performing a security review of a web application. Which of the following should the tester leverage to identify the presence of vulnerable open-source libr...
SCAsoftware composition analysisopen-source vulnerabilitiesweb application security - Question #170Engagement Management
Which of the following could be used to enhance the quality and reliability of a vulnerability scan report?
vulnerability reportreport qualitypeer review - Question #171Attacks and Exploits
A penetration tester launches an attack against company employees. The tester clones the company's intranet log-in page and sends the link via email to all employees. Which of the...
Social engineeringPhishingCredential harvestingSET - Question #172Post-exploitation and Lateral Movement
Which of the following activities should be performed to prevent uploaded web shells from being exploited by others?
Web shellsPersistence mechanismsRemediation - Question #173Reconnaissance and Enumeration
During host discovery, a security analyst wants to obtain GeoIP information and a comprehensive summary of exposed services. Which of the following tools is best for this task?
Host DiscoveryOSINT ToolsCensys.ioService Enumeration - Question #174Engagement management
Which of the following explains the reason a tester would opt to use DREAD over PTES during the planning phase of a penetration test?
Threat ModelingDREADPenetration Testing PlanningRisk Assessment - Question #175Attacks and Exploits
A penetration tester is ready to add shellcode for a specific remote executable exploit. The tester is trying to prevent the payload from being blocked by antimalware that is runni...
Payload generationAntimalware evasionmsfvenomShellcode encoding - Question #176Reconnaissance and Enumeration
During a pre-engagement activity with a new customer, a penetration tester looks for assets to test. Which of the following is an example of a target that can be used for testing?
ReconnaissanceTarget identificationAPI securityPenetration testing scope - Question #177Post-exploitation and Lateral Movement
A penetration tester needs to use the native binaries on a system in order to download a file from the internet and evade detection. Which of the following tools would the tester m...
Living Off The LandFile TransferEvading DetectionWindows Binaries - Question #178Post-exploitation and Lateral Movement
A penetration tester compromises a Windows OS endpoint that is joined to an Active Directory local environment. Which of the following tools should the tester use to manipulate aut...
Post-exploitationLateral MovementActive Directory AttacksKerberos Manipulation - Question #179Post-exploitation and Lateral Movement
While performing a penetration testing exercise, a tester executes the following command: PS c:\tools> c:\hacks\PsExec.exe \\server01.comptia.org -accepteula cmd.exe Which of the f...
PsExecLateral movementRemote command executionPenetration testing tools - Question #180Attacks and Exploits
During a penetration testing exercise, a team decides to use a watering hole strategy. Which of the following is the most effective approach for executing this attack?
Watering Hole AttackAttack ExecutionPenetration TestingWeb Exploitation - Question #181Vulnerability Discovery and Analysis
A penetration tester finished a security scan and uncovered numerous vulnerabilities on several hosts. Based on the targets' EPSS and CVSS scores, which of the following targets is...
Vulnerability PrioritizationEPSSCVSSRisk Analysis - Question #182Engagement management
A penetration tester cannot complete a full vulnerability scan because the client's WAF is blocking communications. During which of the following activities should the penetration...
Engagement managementClient communicationPenetration testing processVulnerability scanning - Question #183Reconnaissance and Enumeration
A penetration tester needs to scan a remote infrastructure with Nmap. The tester issues the following command: nmap 10.10.1.0/24 Which of the following is the number of TCP ports t...
NmapPort scanningDefault behaviorNetwork reconnaissance - Question #184Post-exploitation and Lateral Movement
A tester obtains access to an endpoint subnet and wants to move laterally in the network. Given the following output: Which of the following command and attack methods is the most...
Lateral MovementCredential HarvestingLLMNR/NBT-NS PoisoningStealth Techniques - Question #185Reconnaissance and Enumeration
A penetration tester is unable to identify the Wi-Fi SSID on a client's cell phone. Which of the following techniques would be most effective to troubleshoot this issue?
Wi-Fi scanningSSID discoveryWireless reconnaissance - Question #186Attacks and Exploits
A company hires a penetration tester to test the security implementation of its wireless networks. The main goal for this assessment is to intercept and get access to sensitive dat...
Wireless attacksRogue APMan-in-the-Middle (MITM)Data interception - Question #187Attacks and Exploits
A penetration tester completes a scan and sees the following Nmap output on a host: Nmap scan report for victim (10.10.10.10) Host is up (0.0001s latency) PORT STATE SERVICE 161/ud...
ExploitationSMB VulnerabilitiesWindows 7Nmap - Question #188Reconnaissance and Enumeration
A penetration tester gains access to the target network and observes a running SSH server. Which of the following techniques should the tester use to obtain the version of SSH runn...
Banner grabbingSSH enumerationService versioningReconnaissance - Question #189Post-exploitation and Lateral Movement
During an assessment, a penetration tester gains access to one of the internal hosts. Given the following command: schtasks /create /tn "Windows Update" /sc onlogon /tr "cmd.exe /c...
PersistenceScheduled TasksschtasksPost-exploitation - Question #190Post-exploitation and Lateral Movement
During a testing engagement, a penetration tester compromises a host and locates data for exfiltration. Which of the following are the best options to move the data without trigger...
data exfiltrationDLP evasionencryptionencoding - Question #191Reconnaissance and Enumeration
A penetration tester obtains the following output during an Nmap scan: Which of the following should be the next step for the tester?
NmapSMB enumerationvulnerability scanningnetwork reconnaissance - Question #192Post-exploitation and Lateral Movement
A tester wants to pivot from a compromised host to another network with encryption and the least amount of interaction with the compromised host. Which of the following is the best...
PivotingSSH tunnelingNetwork traffic forwardingStealth - Question #193Engagement Management
A tester is finishing an engagement and needs to ensure that artifacts resulting from the test are safely handled. Which of the following is the best procedure for maintaining clie...
Post-engagement cleanupData privacyClient data handling - Question #194Post-exploitation and Lateral Movement
During an internal penetration test, a tester compromises a Windows OS-based endpoint and bypasses the defensive mechanisms. The tester also discovers that the endpoint is part of...
Active Directory exploitationCredential dumpingMimikatzLateral movement - Question #195Reconnaissance and Enumeration
A penetration tester conducts reconnaissance for a client's network and identifies the following system of interest: The tester notices numerous open ports on the system of interes...
Honeypot detectionReconnaissanceNetwork scanning interpretation - Question #196Attacks and Exploits
During a security assessment, a penetration tester captures plaintext login credentials on the communication between a user and an authentication system. The tester wants to use th...
Packet captureCredential sniffingWireshark - Question #197Attacks and Exploits
A company wants to perform a BAS (Breach and Attack Simulation) to measure the efficiency of the corporate security controls. Which of the following would most likely help the test...
Breach and Attack SimulationRed Team toolsAtomic Red TeamSecurity control testing - Question #198Vulnerability Discovery and Analysis
A penetration tester has been asked to conduct a blind web application test against a customer's corporate website. Which of the following tools would be best suited to perform thi...
Web application scanningZAPBlind testing - Question #199Reconnaissance and Enumeration
During an engagement, a penetration tester runs the following command against the host system: host -t axfr domain.com dnsl.domain.com Which of the following techniques best descri...
DNS enumerationZone transferhost commandReconnaissance - Question #200Reconnaissance and Enumeration
During an assessment, a penetration tester plans to gather metadata from various online files, including pictures. Which of the following standards outlines the formats for picture...
Metadata analysisEXIFImage reconnaissanceOSINT - Question #201Reconnaissance and Enumeration
A penetration tester currently conducts phishing reconnaissance using various tools and accounts for multiple intelligence-gathering platforms. The tester wants to consolidate some...
OSINT toolsIntelligence gatheringMaltegoReconnaissance - Question #202Vulnerability Discovery and Analysis
A penetration tester finds it is possible to downgrade a web application's HTTPS connections to HTTP while performing on-path attacks on the local network. The tester reviews the o...
HTTPS downgradeHSTSWeb security headersOn-path attack mitigation - Question #203Vulnerability Discovery and Analysis
A penetration tester runs a network scan but has some issues accurately enumerating the vulnerabilities due to the following error: OS identification failed Which of the following...
Network scanningOS fingerprintingScanner errorsVulnerability enumeration - Question #204Post-exploitation and Lateral Movement
A penetration tester gains access to a Windows machine and wants to further enumerate users with native operating system credentials. Which of the following should the tester use?
Windows command-lineUser enumerationnet commandPost-exploitation