PT0-003 Exam Questions
302 real PT0-003 exam questions with expert-verified answers and explanations. Page 6 of 7.
- Question #257Engagement management
Which of the following is a reason to use a template when creating a penetration testing report?
Penetration testing reportReport templatesStandardizationCommunication - Question #258Attacks and Exploits
During a security audit, a penetration tester wants to exploit a vulnerability in a common network protocol. The protocol allows encrypted communications to be intercepted and mani...
DROWN AttackSSL/TLS VulnerabilitiesEncrypted CommunicationsPenetration Testing - Question #259Post-exploitation and Lateral Movement
A penetration tester is trying to execute a post-exploitation activity and creates the follow script: Which of the following best describes the tester's objective?
Data exfiltrationCloud storagePost-exploitationRed teaming - Question #260Engagement Management
Which of the following should a penetration tester do when conducting post-engagement cleanup?
Post-engagement cleanupEthical hackingEngagement closurePenetration testing lifecycle - Question #261Attacks and Exploits
While performing a red-team exercise, a penetration tester uses a reading device to extract data from an employee's access badge. The tester creates a copy for unauthorized entry....
Card skimmingPhysical access controlRed teamingAccess badge compromise - Question #262Engagement management
Which of the following security controls should be implemented when systems that are covered by a compliance agreement are maintained separately from other elements of an organizat...
Security controlsComplianceData isolationSystem segregation - Question #263Reconnaissance and Enumeration
While conducting OSINT, a penetration tester discovers the client's administrator posted part of an unsanitized firewall configuration to a troubleshooting message board. Which of...
OSINTReconnaissanceSearch engine enumerationInformation gathering - Question #265Post-exploitation and Lateral Movement
During an assessment, a penetration tester obtains access to a Microsoft SQL server using sqlmap and runs the following command: sql> xp_cmdshell whoami /all Which of the following...
Privilege Enumerationxp_cmdshellPost-exploitationSQL Server Exploitation - Question #266Post-exploitation and lateral movement
During an assessment, a penetration tester runs the following command from a Linux machine: GetUsersSPNs.py -dc-ip 172.16.1.1 DOMAIN.LOCAL/aholliday -request Which of the following...
KerberoastingService Principal Names (SPN)TGS ticketsCredential harvesting - Question #267Attacks and Exploits
A penetration tester uses a pair of crutches to access a client's physical location. Which of the following is the tester most likely trying to do?
TailgatingSocial engineeringPhysical penetration testingAccess control bypass - Question #268Reconnaissance and enumeration
A penetration tester creates the following Python script that can be used to enumerate information about email accounts on a target mail server: Which of the following logic constr...
Python scriptingError handlingScript resilienceEnumeration tools - Question #269Post-exploitation and Lateral Movement
A penetration tester obtained a shell on a Windows system. Which of the following would the tester use to gather more information about the host?
Windows commandsPost-exploitationInformation gatheringDomain enumeration - Question #274Vulnerability Discovery and Analysis
As part of an engagement, a penetration tester needs to scan several hundred public-facing URLs for dangerous files or outdated web server versions. Which of the following should t...
Web Server ScanningVulnerability ScanningNiktoPenetration Testing Tools - Question #275Vulnerability Discovery and Analysis
A penetration tester identifies the following vulnerability during a scan of the company's network: An Nmap scan of the affected device produces the following results: Which of the...
Vulnerability ScanningScan Result InterpretationFalse Positives - Question #277Post-exploitation and Lateral Movement
A penetration tester successfully gains access to a Linux system and then uses the following command: find / -type f -ls > /tmp/recon.txt Which of the following best describes the...
Linux commandsFile system reconnaissancePost-exploitationSecrets enumeration - Question #278Post-exploitation and Lateral Movement
Which of the following protocols would a penetration tester most likely utilize to exfiltrate data covertly and evade detection?
Data exfiltrationDNS tunnelingCovert channelsNetwork protocols - Question #279Engagement Management
Which of the following should be included in a penetration test report to support the tester's detailed findings?
Penetration test reportReport writingEvidence collectionDocumentation - Question #280Reconnaissance and Enumeration
During a penetration test, a junior tester uses Hunter.io for an assessment and plans to review the information that will be collected. Which of the following describes the informa...
Hunter.ioOSINTEmail enumerationReconnaissance tools - Question #281Reconnaissance and Enumeration
A penetration tester wants to download sensitive files stored on the client's file server and runs the following scan: Which of the following TCP ports should the penetration teste...
TCP portsFile Transfer ProtocolService EnumerationPenetration Testing - Question #283Post-exploitation and lateral movement
A penetration tester gained a foothold within a network. The penetration tester needs to enumerate all users within the domain. Which of the following is the best way to accomplish...
Active Directory enumerationNet commandUser enumerationPost-exploitation - Question #284Reconnaissance and enumeration
During a penetration test, the tester wants to obtain public information that could be used to compromise the organization's cloud infrastructure. Which of the following is the mos...
Cloud securityOSINTSensitive data exposureSecret keys - Question #285Attacks and Exploits
A company that uses an insecure corporate wireless network is concerned about security. Which of the following is the most likely tool a penetration tester could use to obtain init...
ResponderCredential captureInsecure wirelessLLMNR/NBT-NS poisoning - Question #286Reconnaissance and enumeration
A penetration tester must gain entry to a client's office building without raising attention. Which of the following should be the tester's first step?
Physical penetration testingReconnaissanceSocial engineeringFoot traffic analysis - Question #287Engagement management
Which of the following authorizations is mandatory when a penetration tester is involved in a complex IT infrastructure?
Rules of engagementAuthorizationEthical hackingLegal agreements - Question #288Vulnerability discovery and analysis
A penetration tester discovers a deprecated directory in which files are accessible to anyone. Which of the following would most likely assist the penetration tester in finding sen...
Information disclosureWeb server vulnerabilitiesCached pagesStealth reconnaissance - Question #289Vulnerability discovery and analysis
During a wireless penetration assessment for a small business client, a tester attempts to capture wireless packets. However, whenever the tester sets the capture device to monitor...
Wireless penetration testingPacket captureWi-Fi 6GHzTroubleshooting - Question #290Engagement management
A penetration testing company is defining the rules of engagement with a client. Which of the following should the company include?
Rules of engagementAuthorization letterLegal agreementsEngagement planning - Question #291Attacks and Exploits
A penetration tester gains low-privilege shell access to a host and discovers a world-writable script that is run regularly as root. The tester runs the following command: openssl...
privilege escalationLinux file permissionsetc/passwdUID/GID - Question #292Vulnerability discovery and analysis
During a web application assessment, a penetration tester accesses the site unauthenticated and receives the following Set-Cookie on the first response: auth=yYKGORbrpabgr842ajbvrp...
web application securitysession fixationcookiesauthentication vulnerabilities - Question #293Engagement management
A company's incident response team determines that a breach occurred because a penetration tester left a web shell. Which of the following should the penetration tester have done a...
post-engagement cleanuppersistence mechanismsweb shellsethical hacking - Question #294Engagement management
A penetration tester uses a reverse shell to maintain connectivity to a target network. During the final phase of the exercise, the penetration tester removes the reverse shell. Wh...
persistence mechanismsreverse shellpost-engagement cleanupethical hacking - Question #295Reconnaissance and enumeration
During an engagement, a penetration tester receives a list of target systems and wants to enumerate them for possible vulnerabilities. The tester finds the following script on the...
scriptingPythondata parsingnetwork enumeration - Question #296Reconnaissance and enumeration
While running a social engineering campaign, a penetration tester gets a list of employees from social media and now wants to conduct a phishing exercise. Which of the following sh...
OSINTsocial engineeringphishingemail address discovery - Question #297Attacks and Exploits
A penetration tester obtains network-level access to a hardened subnet that has no Windows- based hosts and needs to find credentials. The client mentioned that the SOC is only mon...
credential brute-forcingpassword crackingHydranetwork attacks - Question #298Post-exploitation and lateral movement
After obtaining a reverse shell, a penetration tester identifies a locally cloned Git repository that contains thousands of files and directories on a Windows machine. The tester s...
PowerShellfile system enumerationdata discoverypost-exploitation - Question #299Engagement management
Hotspot Question A penetration tester has identified a series of files throughout an assessment. INSTRUCTIONS Select the most appropriate action the penetration tester should take...
reportingdata classificationremediation recommendationsfile permissions - Question #300Reconnaissance and enumeration
Hotspot Question A security analyst is asked to perform various techniques to assess organizational security. INSTRUCTIONS Select the command that will successfully accomplish each...
network scanningfile system searchcommand line toolsreconnaissancesystem enumeration - Question #301Vulnerability discovery and analysis
A penetration tester is conducting an IoT assessment and dumps the device firmware to a Linux machine. Which of the following Bash scripts would locate secrets in a custom binary e...
firmware analysisbinary analysisLinux commandsstrings commandgrep - Question #302Vulnerability discovery and analysis
After completing vulnerability scans for a given test, a penetration tester needs to prioritize which potential assets are in scope and should be exploited first. Given the followi...
risk assessmentvulnerability prioritizationvulnerability managementreporting - Question #303Reconnaissance and enumeration
A penetration tester uses a Python script to enumerate open ports across a list of IP addresses. The current script runs sequentially, which slows it down during larger engagements...
scripting optimizationPython concurrencyport scanningnetwork enumeration - Question #304Post-exploitation and lateral movement
A penetration tester sets up a C2 server to manage and control payloads deployed in the target network. Which of the following tools is the most suitable for establishing a robust...
C2 frameworkscommand and controlpost-exploitation toolsred teaming - Question #305Reconnaissance and enumeration
A penetration tester obtains a regular domain user's set of credentials. The tester wants to attempt a dictionary attack by creating a custom word list based on the Active Director...
Active Directory enumerationpassword policyCrackMapExecpost-exploitation - Question #306Attacks and Exploits
During a penetration test, a tester has confirmed stored XSS within a comment form on a site. Which of the following payloads is required to exploit the vulnerability and provide a...
XSS exploitationBeEFbrowser exploitationclient-side attacks - Question #307Attacks and Exploits
A penetration tester is investigating a buffer overflow on the binary. The tester wants to myfile send a payload to help identify the exact offset to inject the memory address to t...
buffer overflowexploit developmentpattern_creatememory exploitation - Question #309Reconnaissance and enumeration
A penetration tester reviews the following output: Which of the following most likely describes the function of this system?
service enumerationActive DirectoryDomain Controllernetwork services - Question #310Reconnaissance and enumeration
During a penetration test for a client that has a diverse infrastructure, the tester scans the network using Nmap and observes the following output: Which of the following would mo...
Nmapdevice identificationIoT securitynetwork scanning - Question #311Post-exploitation and Lateral Movement
A tester compromises a shared host that is manually audited every week due to the absence of a SIEM. Which of the following is the best way to reduce the chances of being detected?...
evasionlog tamperinganti-forensicspost-exploitation - Question #312Attacks and Exploits
A penetration tester wants to verify whether passwords from a leaked password list can be used to access an SSH server as a legitimate user. Which of the following is the most appr...
password crackingSSH attacksbrute-forceHydra - Question #314Post-exploitation and Lateral Movement
A penetration tester gains initial access to a Windows workstation on a client's network. The tester wants to determine the next target but does not want to install software on the...
internal reconnaissanceWindows toolsActive Directorynetwork enumeration - Question #315Attacks and Exploits
A penetration tester completes an authenticated vulnerability scan of a host and receives the following results: Which of the following is most likely to cause stability when a ses...
exploit reliabilityEternalBlueMetasploitsystem instability