PT0-003 Exam Questions

A penetration tester is conducting an assessment of a web application's login page. The tester needs to determine whether there are any hidden form fields of interest. Which of the...

A penetration tester is trying to get unauthorized access to a web application and execute the following command: Which of the following web application attacks is the tester perfo...

A penetration tester has discovered sensitive files on a system. Assuming exfiltration of the files is part of the scope of the test, which of the following is most likely to evade...

Which of the following are valid reasons for including base, temporal, and environmental CVSS metrics in the findings section of a penetration testing report? (Select two).

A penetration tester is searching for vulnerabilities or misconfigurations on a container environment. Which of the following tools will the tester most likely use to achieve this...

A penetration tester sets up a C2 (Command and Control) server to manage and control payloads deployed in the target network. Which of the following tools is the most suitable for...

A penetration tester identifies the following open ports during a network enumeration scan: Which of the following commands did the tester use to get this output?

A penetration tester successfully clones a source code repository and then runs the following command: find . -type f -exec egrep -i "token|key|login" {} \; Which of the following...

A penetration tester has adversely affected a critical system during an engagement, which could have a material impact on the organization. Which of the following should the penetr...

Which of the following techniques is the best way to avoid detection by Data Loss Prevention (DLP) tools?

A penetration tester needs to exploit a vulnerability in a wireless network that has weak encryption to perform traffic analysis and decrypt sensitive information. Which of the fol...

Which of the following will reduce the possibility of introducing errors or bias in a penetration test report?

A penetration tester finds an unauthenticated RCE vulnerability on a web server and wants to use it to enumerate other servers on the local network. The web server is behind a fire...

A penetration tester is performing an assessment focused on attacking the authentication identity provider hosted within a cloud provider. During the reconnaissance phase, the test...

During a penetration test, a tester compromises a Windows computer. The tester executes the following command and receives the following output: mimikatz # privilege::debug mimikat...

A penetration tester aims to exploit a vulnerability in a wireless network that lacks proper encryption. The lack of proper encryption allows malicious content to infiltrate the ne...

During a security assessment, a penetration tester wants to compromise user accounts without triggering IDS/IPS detection rules. Which of the following is the most effective way fo...

A penetration tester is performing a network security assessment. The tester wants to intercept communication between two users and then view and potentially modify transmitted dat...

An external legal firm is conducting a penetration test of a large corporation. Which of the following would be most appropriate for the legal firm to use in the subject line of a...

During an assessment, a penetration tester runs the following command: dnscmd.exe /config /serverlevelplugindll C:\users\necad- TA\Documents\adduser.dll Which of the following is t...

A company hires a penetration tester to perform an external attack surface review as part of a security engagement. The company informs the tester that the main company domain to i...

A penetration tester identifies the URL for an internal administration application while following DevOps team members on their commutes. Which of the following attacks did the pen...

Which of the following can an access control vestibule help deter?

During an assessment, a penetration tester obtains access to an internal server and would like to perform further reconnaissance by capturing LLMNR traffic. Which of the following...

A penetration tester needs to obtain sensitive data from several executives who regularly work while commuting by train. Which of the following methods should the tester use for th...

A tester gains initial access to a server and needs to enumerate all corporate domain DNS records. Which of the following commands should the tester use?

A penetration tester observes the following output from an Nmap command while attempting to troubleshoot connectivity to a Linux server: Which of the following is the most likely r...

A penetration tester is preparing a password-spraying attack against a known list of users for the company "example." The tester is using the following list of commands: 1. pw-insp...

Which of the following methods should a physical penetration tester employ to access a rarely used door that has electronic locking mechanisms?

With one day left to complete the testing phase of an engagement, a penetration tester obtains the following results from an Nmap scan: Which of the following tools should the test...

A tester is working on an engagement that has evasion and stealth requirements. Which of the following enumeration methods is the least likely to be detected by the IDS?

A penetration tester successfully gained access to manage resources and services within the company's cloud environment. This was achieved by exploiting poorly secured administrati...

A penetration tester reviews a SAST vulnerability scan report. The following lines of code have been reported as vulnerable: Which of the following is the best method to remediate...

A penetration tester wants to attack a server, exhausting its resources and making it unavailable to legitimate users. Which of the following attacks would be best to achieve this...

A penetration tester gains access to a Linux computer system. The tester then attempts to enumerate user accounts, including the directories and user default shell. Which of the fo...

During a routine penetration test, the client's security team observes logging alerts that indicate several ID badges were reprinted after working hours without the appropriate aut...

SIMULATION A penetration tester is using a test account within an application to discover any vulnerabilities within the change email function. During testing, the penetration test...

During an assessment, a penetration tester compromises some machines but finds that none of the accounts have sufficient access to the target HR database server. In order to enumer...

A tester needs to begin capturing WLAN credentials for cracking during an on-site engagement. Which of the following is the best command to capture handshakes? tcpdump -n -s0 -w <p...

A penetration tester must identify vulnerabilities within an ICS that is not connected to the internet or enterprise network. Which of the following should the tester utilize to co...

A penetration tester needs to evaluate the security of example.com and gather stealthy information using DNS. Which of the following is the best tool for the tester to use?

A penetration tester gains access to a chrooted environment and runs service --status-all on a target host. The tester reviews the following output: [ + ] cron [ + ] dhcp [ - ] tom...

While performing reconnaissance, a penetration tester attempts to identify publicly accessible ICS and IoT systems. Which of the following tools is most effective for this task?

During an assessment, a penetration tester sends the following request: POST /services/v1/users/create HTTP/1.1 Host: target-application.com Content-Type: application/json Content-...

A penetration tester wants to identify all the TLS versions used in a web service in order to determine potentially insecure versions. Which of the following commands should the te...

Eight months after the completion of a penetration test, the client emails the penetration tester to debate the validity of several findings. The findings are now posing a hindranc...

A penetration tester is evaluating the security of a corporate client's web application using federated access. Which of the following approaches has the least possibility of block...

A tester obtained access to a computer using a SMB exploit and now has a shell access into the target computer. The tester runs the following on the obtained shell: schtask /create...

A penetration tester is assessing the overall preparedness of a client's staff for text-message- based attacks. Which of the following most accurately describes the attack techniqu...

A penetration tester attempts to access an internet-facing web page while conducting research on site. However, the web page is no longer accessible. Which of the following is the...