Special Summer Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

PT0-003 Exam Dumps - CompTIA PenTest+ Questions and Answers

Question # 4

During a security assessment, a penetration tester captures plaintext login credentials on the communication between a user and an authentication system. The tester wants to use this information for further unauthorized access.

Which of the following tools is the tester using?

Options:

A.

Burp Suite

B.

Wireshark

C.

Zed Attack Proxy (ZAP)

D.

Metasploit

Buy Now
Question # 5

During an engagement, a penetration tester wants to enumerate users from Linux systems by using finger and rwho commands. However, the tester realizes these commands alone will not achieve the desired result. Which of the following is the best tool to use for this task?

Options:

A.

Nikto

B.

Burp Suite

C.

smbclient

D.

theHarvester

Buy Now
Question # 6

A penetration tester is performing network reconnaissance. The tester wants to gather information about the network without causing detection mechanisms to flag the reconnaissance activities. Which of the following techniques should the tester use?

Options:

A.

Sniffing

B.

Banner grabbing

C.

TCP/UDP scanning

D.

Ping sweeps

Buy Now
Question # 7

A penetration tester discovers data to stage and exfiltrate. The client has authorized movement to the tester's attacking hosts only. Which of the following would be most appropriate to avoid alerting the SOC?

Options:

A.

Apply UTF-8 to the data and send over a tunnel to TCP port 25.

B.

Apply Base64 to the data and send over a tunnel to TCP port 80.

C.

Apply 3DES to the data and send over a tunnel UDP port 53.

D.

Apply AES-256 to the data and send over a tunnel to TCP port 443.

Buy Now
Question # 8

SIMULATION

Using the output, identify potential attack vectors that should be further investigated.

Options:

Buy Now
Question # 9

A penetration tester gains access to a host but does not have access to any type of shell. Which of the following is the best way for the tester to further enumerate the host and the environment in which it resides?

Options:

A.

ProxyChains

B.

Netcat

C.

PowerShell ISE

D.

Process IDs

Buy Now
Question # 10

Which of the following could be used to enhance the quality and reliability of a vulnerability scan report?

Options:

A.

Risk analysis

B.

Peer review

C.

Root cause analysis

D.

Client acceptance

Buy Now
Question # 11

Given the following statements:

    Implement a web application firewall.

    Upgrade end-of-life operating systems.

    Implement a secure software development life cycle.

In which of the following sections of a penetration test report would the above statements be found?

Options:

A.

Executive summary

B.

Attack narrative

C.

Detailed findings

D.

Recommendations

Buy Now
Question # 12

A penetration tester needs to scan a remote infrastructure with Nmap. The tester issues the following command:

nmap 10.10.1.0/24

Which of the following is the number of TCP ports that will be scanned?

Options:

A.

256

B.

1,000

C.

1,024

D.

65,535

Buy Now
Question # 13

A penetration tester reviews a SAST vulnerability scan report. The following vulnerability has been reported as high severity:

Source file: components.ts

Issue 2 of 12: Command injection

Severity: High

Call: .innerHTML = response

The tester inspects the source file and finds the variable response is defined as a constant and is not referred to or used in other sections of the code. Which of the following describes how the tester should classify this reported vulnerability?

Options:

A.

False negative

B.

False positive

C.

True positive

D.

Low severity

Buy Now
Exam Code: PT0-003
Exam Name: CompTIA PenTest+ Exam
Last Update: Mar 29, 2025
Questions: 233
PT0-003 pdf

PT0-003 PDF

$25.5  $84.99
PT0-003 Engine

PT0-003 Testing Engine

$28.5  $94.99
PT0-003 PDF + Engine

PT0-003 PDF + Testing Engine

$40.5  $134.99