Special Summer Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

PT0-003 Exam Dumps - CompTIA PenTest+ Questions and Answers

Question # 14

A penetration tester wants to use multiple TTPs to assess the reactions (alerted, blocked, and others) by the client’s current security tools. The threat-modeling team indicates the TTPs in the list might affect their internal systems and servers. Which of the following actions would the tester most likely take?

Options:

A.

Use a BAS tool to test multiple TTPs based on the input from the threat-modeling team.

B.

Perform an internal vulnerability assessment with credentials to review the internal attack surface.

C.

Use a generic vulnerability scanner to test the TTPs and review the results with the threat-modeling team.

D.

Perform a full internal penetration test to review all the possible exploits that could affect the systems.

Buy Now
Question # 15

A consultant starts a network penetration test. The consultant uses a laptop that is hardwired to the network to try to assess the network with the appropriate tools. Which of the following should the consultant engage first?

Options:

A.

Service discovery

B.

OS fingerprinting

C.

Host discovery

D.

DNS enumeration

Buy Now
Question # 16

During a web application assessment, a penetration tester identifies an input field that allows JavaScript injection. The tester inserts a line of JavaScript that results in a prompt, presenting a text box when browsing to the page going forward. Which of the following types of attacks is this an example of?

Options:

A.

SQL injection

B.

SSRF

C.

XSS

D.

Server-side template injection

Buy Now
Question # 17

A penetration tester obtains the following output during an Nmap scan:

PORT STATE SERVICE

135/tcp open msrpc

445/tcp open microsoft-ds

1801/tcp open msmq

2103/tcp open msrpc

3389/tcp open ms-wbt-server

Which of the following should be the next step for the tester?

Options:

A.

Search for vulnerabilities on msrpc.

B.

Enumerate shares and search for vulnerabilities on the SMB service.

C.

Execute a brute-force attack against the Remote Desktop Services.

D.

Execute a new Nmap command to search for another port.

Buy Now
Question # 18

A penetration tester runs a vulnerability scan that identifies several issues across numerous customer hosts. The executive report outlines the following information:

Server High-severity vulnerabilities

1. Development sandbox server 32

2. Back office file transfer server 51

3. Perimeter network web server 14

4. Developer QA server 92

The client is con ble monitoring mode using Aircrack-ng ch of the following hosts should the penetration tester select for additional manual testing?

Options:

A.

Server 1

B.

Server 2

C.

Server 3

D.

Server 4

Buy Now
Question # 19

A penetration tester is getting ready to conduct a vulnerability scan as part of the testing process. The tester will evaluate an environment that consists of a container orchestration cluster. Which of the following tools should the tester use to evaluate the cluster?

Options:

A.

Trivy

B.

Nessus

C.

Grype

D.

Kube-hunter

Buy Now
Question # 20

During a security assessment, a penetration tester uses a tool to capture plaintext log-in credentials on the communication between a user and an authentication system. The tester wants to use this information for further unauthorized access. Which of the following tools is the tester using?

Options:

A.

Burp Suite

B.

Wireshark

C.

Zed Attack Proxy

D.

Metasploit

Buy Now
Question # 21

During an engagement, a penetration tester runs the following command against the host system:

host -t axfr domain.com dnsl.domain.com

Which of the following techniques best describes what the tester is doing?

Options:

A.

Zone transfer

B.

Host enumeration

C.

DNS poisoning

D.

DNS query

Buy Now
Question # 22

An external legal firm is conducting a penetration test of a large corporation. Which of the following would be most appropriate for the legal firm to use in the subject line of a weekly email update?

Options:

A.

Privileged & Confidential Status Update

B.

Action Required Status Update

C.

Important Weekly Status Update

D.

Urgent Status Update

Buy Now
Question # 23

A penetration tester obtains password dumps associated with the target and identifies strict lockout policies. The tester does not want to lock out accounts when attempting access. Which of the following techniques should the tester use?

Options:

A.

Credential stuffing

B.

MFA fatigue

C.

Dictionary attack

D.

Brute-force attack

Buy Now
Exam Code: PT0-003
Exam Name: CompTIA PenTest+ Exam
Last Update: Mar 31, 2025
Questions: 233
PT0-003 pdf

PT0-003 PDF

$25.5  $84.99
PT0-003 Engine

PT0-003 Testing Engine

$28.5  $94.99
PT0-003 PDF + Engine

PT0-003 PDF + Testing Engine

$40.5  $134.99