New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

Download Latest PT0-003 Questions

Page: 7 / 9
Question 28

You are a penetration tester reviewing a client’s website through a web browser.

INSTRUCTIONS

Review all components of the website through the browser to determine if vulnerabilities are present.

Remediate ONLY the highest vulnerability from either the certificate, source, or cookies.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Options:

Question 29

A penetration tester established an initial compromise on a host. The tester wants to pivot to other targets and set up an appropriate relay. The tester needs to enumerate through the compromised host as a relay from the tester's machine. Which of the following commands should the tester use to do this task from the tester's host?

Options:

A.

attacker_host$ nmap -sT | nc -n 22

B.

attacker_host$ mknod backpipe p attacker_host$ nc -l -p 8000 | 0 80 | tee backpipe

C.

attacker_host$ nc -nlp 8000 | nc -n attacker_host$ nmap -sT 127.0.0.1 8000

D.

attacker_host$ proxychains nmap -sT

Question 30

A penetration tester cannot find information on the target company's systems using common OSINT methods. The tester's attempts to do reconnaissance against internet-facing resources have been blocked by the company's WAF. Which of the following is the best way to avoid the WAF and gather information about the target company's systems?

Options:

A.

HTML scraping

B.

Code repository scanning

C.

Directory enumeration

D.

Port scanning

Question 31

During a vulnerability assessment, a penetration tester configures the scanner sensor and performs the initial vulnerability scanning under the client's internal network. The tester later discusses the results with the client, but the client does not accept the results. The client indicates the host and assets that were within scope are not included in the vulnerability scan results. Which of the following should the tester have done?

Options:

A.

Rechecked the scanner configuration.

B.

Performed a discovery scan.

C.

Used a different scan engine.

D.

Configured all the TCP ports on the scan.

Page: 7 / 9
Exam Code: PT0-003
Exam Name: CompTIA PenTest+ Exam
Last Update: Dec 21, 2024
Questions: 131
PT0-003 pdf

PT0-003 PDF

$25.5  $84.99
PT0-003 Engine

PT0-003 Testing Engine

$28.5  $94.99
PT0-003 PDF + Engine

PT0-003 PDF + Testing Engine

$40.5  $134.99