Special Summer Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

PT0-003 Exam Dumps - CompTIA PenTest+ Questions and Answers

Question # 44

You are a penetration tester running port scans on a server.

INSTRUCTIONS

Part 1: Given the output, construct the command that was used to generate this output from the available options.

Part 2: Once the command is appropriately constructed, use the given output to identify the potential attack vectors that should be investigated further.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Options:

Buy Now
Question # 45

During a penetration testing engagement, a tester targets the internet-facing services used by the client. Which of the following describes the type of assessment that should be considered in this scope of work?

Options:

A.

Segmentation

B.

Mobile

C.

External

D.

Web

Buy Now
Question # 46

A penetration tester currently conducts phishing reconnaissance using various tools and accounts for multiple intelligence-gathering platforms. The tester wants to consolidate some of the tools and accounts into one solution to analyze the output from the intelligence-gathering tools. Which of the following is the best tool for the penetration tester to use?

Options:

A.

Caldera

B.

SpiderFoot

C.

Maltego

D.

WIGLE.net

Buy Now
Question # 47

A penetration tester needs to confirm the version number of a client's web application server. Which of the following techniques should the penetration tester use?

Options:

A.

SSL certificate inspection

B.

URL spidering

C.

Banner grabbing

D.

Directory brute forcing

Buy Now
Question # 48

A penetration tester attempts unauthorized entry to the company's server room as part of a security assessment. Which of the following is the best technique to manipulate the lock pins and open the door without the original key?

Options:

A.

Plug spinner

B.

Bypassing

C.

Decoding

D.

Raking

Buy Now
Question # 49

During an assessment, a penetration tester exploits an SQLi vulnerability. Which of the following commands would allow the penetration tester to enumerate password hashes?

Options:

A.

sqlmap -u www.example.com/?id=1 --search -T user

B.

sqlmap -u www.example.com/?id=1 --dump -D accounts -T users -C cred

C.

sqlmap -u www.example.com/?id=1 --tables -D accounts

D.

sqlmap -u www.example.com/?id=1 --schema --current-user --current-db

Buy Now
Question # 50

A penetration tester cannot find information on the target company's systems using common OSINT methods. The tester's attempts to do reconnaissance against internet-facing resources have been blocked by the company's WAF. Which of the following is the best way to avoid the WAF and gather information about the target company's systems?

Options:

A.

HTML scraping

B.

Code repository scanning

C.

Directory enumeration

D.

Port scanning

Buy Now
Question # 51

A penetration tester performs a service enumeration process and receives the following result after scanning a server using the Nmap tool:

PORT STATE SERVICE

22/tcp open ssh

25/tcp filtered smtp

111/tcp open rpcbind

2049/tcp open nfs

Based on the output, which of the following services provides the best target for launching an attack?

Options:

A.

Database

B.

Remote access

C.

Email

D.

File sharing

Buy Now
Question # 52

In a file stored in an unprotected source code repository, a penetration tester discovers the following line of code:

sshpass -p donotchange ssh admin@192.168.6.14

Which of the following should the tester attempt to do next to take advantage of this information? (Select two).

Options:

A.

Use Nmap to identify all the SSH systems active on the network.

B.

Take a screen capture of the source code repository for documentation purposes.

C.

Investigate to find whether other files containing embedded passwords are in the code repository.

D.

Confirm whether the server 192.168.6.14 is up by sending ICMP probes.

E.

Run a password-spraying attack with Hydra against all the SSH servers.

F.

Use an external exploit through Metasploit to compromise host 192.168.6.14.

Buy Now
Question # 53

A penetration tester wants to check the security awareness of specific workers in the company with targeted attacks. Which of the following attacks should the penetration tester perform?

Options:

A.

Phishing

B.

Tailgating

C.

Whaling

D.

Spear phishing

Buy Now
Exam Code: PT0-003
Exam Name: CompTIA PenTest+ Exam
Last Update: Mar 31, 2025
Questions: 233
PT0-003 pdf

PT0-003 PDF

$25.5  $84.99
PT0-003 Engine

PT0-003 Testing Engine

$28.5  $94.99
PT0-003 PDF + Engine

PT0-003 PDF + Testing Engine

$40.5  $134.99