Summer Certification Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: validbest

Pass the CompTIA PenTest+ PT0-003 Questions and answers with ValidTests

Exam PT0-003 All Questions
Exam PT0-003 Premium Access

View all detail and faqs for the PT0-003 exam

Viewing page 11 out of 11 pages
Viewing questions 101-110 out of questions
Questions # 101:

Which of the following elements in a lock should be aligned to a specific level to allow the key cylinder to turn?

Options:

A.

Latches

B.

Pins

C.

Shackle

D.

Plug

Expert Solution
Questions # 102:

A penetration tester finishes an initial discovery scan for hosts on a /24 customer subnet. The customer states that the production network is composed of Windows servers but no container clusters. The following are the last several lines from the scan log:

Line 1: 112 hosts found... trying ports

Line 2: FOUND 22 with OpenSSH 1.2p2 open on 99 hosts

Line 3: FOUND 161 with UNKNOWN banner open on 110 hosts

Line 4: TCP RST received on ports 21, 3389, 80

Line 5: Scan complete.

Which of the following is the most likely reason for the results?

Options:

A.

Multiple honeypots were encountered

B.

The wrong subnet was scanned

C.

Windows is using WSL

D.

IPS is blocking the ports

Expert Solution
Questions # 103:

A penetration tester wants to create a malicious QR code to assist with a physical security assessment. Which of the following tools has the built-in functionality most likely needed for this task?

Options:

A.

BeEF

B.

John the Ripper

C.

ZAP

D.

Evilginx

Expert Solution
Questions # 104:

During a penetration test, a tester compromises a Windows computer. The tester executes the following command and receives the following output:

mimikatz # privilege::debug

mimikatz # lsadump::cache

---Output---

lapsUser

27dh9128361tsg2€459210138754ij

---OutputEnd---

Which of the following best describes what the tester plans to do by executing the command?

Options:

A.

The tester plans to perform the first step to execute a Golden Ticket attack to compromise the Active Directory domain.

B.

The tester plans to collect application passwords or hashes to compromise confidential information within the local computer.

C.

The tester plans to use the hash collected to perform lateral movement to other computers using a local administrator hash.

D.

The tester plans to collect the ticket information from the user to perform a Kerberoasting attack on the domain controller.

Expert Solution
Questions # 105:

In a file stored in an unprotected source code repository, a penetration tester discovers the following line of code:

sshpass -p donotchange ssh admin@192.168.6.14

Which of the following should the tester attempt to do next to take advantage of this information? (Select two).

Options:

A.

Use Nmap to identify all the SSH systems active on the network.

B.

Take a screen capture of the source code repository for documentation purposes.

C.

Investigate to find whether other files containing embedded passwords are in the code repository.

D.

Confirm whether the server 192.168.6.14 is up by sending ICMP probes.

E.

Run a password-spraying attack with Hydra against all the SSH servers.

F.

Use an external exploit through Metasploit to compromise host 192.168.6.14.

Expert Solution
Questions # 106:

A penetration tester currently conducts phishing reconnaissance using various tools and accounts for multiple intelligence-gathering platforms. The tester wants to consolidate some of the tools and accounts into one solution to analyze the output from the intelligence-gathering tools. Which of the following is the best tool for the penetration tester to use?

Options:

A.

Caldera

B.

SpiderFoot

C.

Maltego

D.

WIGLE.net

Expert Solution
Questions # 107:

A penetration tester wants to use the following Bash script to identify active servers on a network:

1 network_addr="192.168.1"

2 for h in {1..254}; do

3 ping -c 1 -W 1 $network_addr.$h > /dev/null

4 if [ $? -eq 0 ]; then

5 echo "Host $h is up"

6 else

7 echo "Host $h is down"

8 fi

9 done

Which of the following should the tester do to modify the script?

Options:

A.

Change the condition on line 4.

B.

Add 2>&1 at the end of line 3.

C.

Use seq on the loop on line 2.

D.

Replace $h with ${h} on line 3.

Expert Solution
Questions # 108:

A penetration tester has adversely affected a critical system during an engagement, which could have a material impact on the organization. Which of the following should the penetration tester do to address this issue?

Options:

A.

Restore the configuration.

B.

Perform a BIA.

C.

Follow the escalation process.

D.

Select the target.

Expert Solution
Questions # 109:

A penetration tester wants to maintain access to a compromised system after a reboot. Which of the following techniques would be best for the tester to use?

Options:

A.

Establishing a reverse shell

B.

Executing a process injection attack

C.

Creating a scheduled task

D.

Performing a credential-dumping attack

Expert Solution
Questions # 110:

During an assessment, a penetration tester obtains an NTLM hash from a legacy Windows machine. Which of the following tools should the penetration tester use to continue the attack?

Options:

A.

Responder

B.

Hydra

C.

BloodHound

D.

CrackMapExec

Expert Solution
Viewing page 11 out of 11 pages
Viewing questions 101-110 out of questions