Free Preparation Discussions
MENU
CompTIA PT0-003 Exam Questions
- Topic 1: Engagement Management: In this topic, cybersecurity analysts learn about pre-engagement activities, collaboration, and communication in a penetration testing environment. The topic covers testing frameworks, methodologies, and penetration test reports. It also explains how to analyze findings and recommend remediation effectively within reports, crucial for real-world testing scenarios.
- Topic 2: Reconnaissance and Enumeration: This topic focuses on applying information gathering and enumeration techniques. Cybersecurity analysts will learn how to modify scripts for reconnaissance and enumeration purposes. They will also understand which tools to use for these stages, essential for gathering crucial information before performing deeper penetration tests.
- Topic 3: Vulnerability Discovery and Analysis: In this section, cybersecurity analysts will learn various techniques to discover vulnerabilities. Analysts will also analyze data from reconnaissance, scanning, and enumeration phases to identify threats. Additionally, it covers physical security concepts, enabling analysts to understand security gaps beyond just the digital landscape.
- Topic 4: Attacks and Exploits: This extensive topic trains cybersecurity analysts to analyze data and prioritize attacks. Analysts will learn how to conduct network, authentication, host-based, web application, cloud, wireless, and social engineering attacks using appropriate tools. Understanding specialized systems and automating attacks with scripting will also be emphasized.
- Topic 5: Post-exploitation and Lateral Movement: Cybersecurity analysts will gain skills in establishing and maintaining persistence within a system. This topic also covers lateral movement within an environment and introduces concepts of staging and exfiltration. Lastly, it highlights cleanup and restoration activities, ensuring analysts understand the post-exploitation phase’s responsibilities.
Free CompTIA PT0-003 Exam Actual Questions
Note: Premium Questions for PT0-003 were last updated On Mar. 12, 2026 (see below)
[Tools and Code Analysis]
During an assessment, a penetration tester gains access to one of the internal hosts. Given the following command:
schtasks /create /sc onlogon /tn "Windows Update" /tr "cmd.exe /c reverse_shell.exe"
Which of the following is the penetration tester trying to do with this code?
The command creates a scheduled task that executes a reverse shell payload at logon, ensuring persistence.
Option A (Enumerate tasks) : This command creates a task, not lists tasks (schtasks /query is used for enumeration).
Option B (Establish persistence) : Correct.
The attacker ensures a reverse shell opens every time a user logs in.
Option C (Deactivate Windows Update) : The task is named 'Windows Update' but does not disable updates.
Option D (Create a Windows Update binary) : This executes a reverse shell, not a system update.
Reference: CompTIA PenTest+ PT0-003 Official Guide -- Windows Persistence Techniques
A penetration tester is performing a cloud-based penetration test against a company. Stakeholders have indicated the priority is to see if the tester can get into privileged systems that are not directly accessible from the internet. Given the following scanner information:
Server-side request forgery (SSRF) vulnerability in test.comptia.org
Reflected cross-site scripting (XSS) vulnerability in test2.comptia.org
Publicly accessible storage system named static_comptia_assets
SSH port 22 open to the internet on test3.comptia.org
Open redirect vulnerability in test4.comptia.org
Which of the following attack paths should the tester prioritize first?
Leverage SSRF for Metadata Access:
Server-side request forgery (SSRF) vulnerabilities allow attackers to force a server to send requests to internal resources. In cloud environments, SSRF can often be used to access the metadata service (e.g., AWS EC2 metadata) to retrieve credentials for cloud services.
Once credentials are obtained, they can be used to access privileged systems that are not directly accessible from the internet.
Why Not Other Options?
A (Public bucket): Analyzing the bucket for sensitive data is useful but does not directly lead to privileged system access.
B (Pacu): Pacu is used for AWS exploitation but requires credentials or misconfigured roles. SSRF can provide the credentials needed to run Pacu effectively.
C (SSH brute force): Brute-forcing SSH is noisy and inefficient. Privileged systems are likely better protected than SSH open to the internet.
D (Phishing via XSS): This is a longer-term attack and less direct compared to leveraging SSRF.
CompTIA Pentest+ Reference:
Domain 3.0 (Attacks and Exploits)
SSRF Exploitation and Cloud Metadata Access Techniques
[Attacks and Exploits]
A penetration tester is evaluating a SCADA system. The tester receives local access to a workstation that is running a single application. While navigating through the application, the tester opens a terminal window and gains access to the underlying operating system. Which of the following attacks is the tester performing?
A kiosk escape involves breaking out of a restricted environment, such as a kiosk or a single application interface, to access the underlying operating system. Here's why option A is correct:
Kiosk Escape: This attack targets environments where user access is intentionally limited, such as a kiosk or a dedicated application. The goal is to break out of these restrictions and gain access to the full operating system.
Arbitrary Code Execution: This involves running unauthorized code on the system, but the scenario described is more about escaping a restricted environment.
Process Hollowing: This technique involves injecting code into a legitimate process, making it appear benign while executing malicious activities.
Library Injection: This involves injecting malicious code into a running process by loading a malicious library, which is not the focus in this scenario.
Reference from Pentest:
Forge HTB: Demonstrates techniques to escape restricted environments and gain broader access to the system.
Horizontall HTB: Shows methods to break out of limited access environments, aligning with the concept of kiosk escape.
Conclusion:
Option A, Kiosk escape, accurately describes the type of attack where a tester breaks out of a restricted environment to access the underlying operating system.
[Attacks and Exploits]
A tester gains initial access to a server and needs to enumerate all corporate domain DNS records. Which of the following commands should the tester use?
La opcin C, dig axfr @local.dns.server, realiza una transferencia de zona DNS (Zone Transfer). Si el servidor DNS est mal configurado y permite este tipo de solicitudes, el atacante puede obtener todos los registros DNS del dominio interno.
La opcin A muestra solo registros A/AAAA. La B no hace enumeracin completa. La D no es vlida como sintaxis.
Referencia: PT0-003 Objective 3.3 -- Perform domain enumeration using dig and DNS zone transfer techniques.
[Tools and Code Analysis]
A penetration tester is performing a security review of a web application. Which of the following should the tester leverage to identify the presence of vulnerable open-source libraries?
Software Composition Analysis (SCA) is used to analyze dependencies in applications and identify vulnerable open-source libraries.
Option A (VM - Virtual Machine) : A VM is a computing environment, not a vulnerability detection tool.
Option B (IAST - Interactive Application Security Testing) : IAST analyzes runtime behavior, but it does not specialize in detecting vulnerable libraries.
Option C (DAST - Dynamic Application Security Testing) : DAST scans running applications for vulnerabilities, but it does not analyze open-source libraries.
Option D (SCA - Software Composition Analysis) : Correct.
Identifies security flaws in dependencies.
Used for managing supply chain risks.
Reference: CompTIA PenTest+ PT0-003 Official Guide -- Software Composition Analysis (SCA)
- Select Question Types you want
- Set your Desired Pass Percentage
- Allocate Time (Hours : Minutes)
- Create Multiple Practice tests with Limited Questions
- Customer Support
Amber
3 hours agoFrancis
7 days agoMarguerita
15 days agoEladia
23 days agoColetta
30 days agoDorothy
1 month agoCorrina
1 month agoCristina
2 months agoSharika
2 months agoBarabara
2 months agoSharen
2 months agoRessie
3 months agoCarey
3 months agoCarmen
3 months agoEmogene
3 months agoBuck
4 months agoLashawn
4 months agoMelissa
4 months agoMaryrose
4 months agoKristian
5 months agoRasheeda
5 months agoHuey
5 months agoLeslee
5 months agoAlishia
6 months agoDomitila
6 months agoAudra
6 months agoStephen
6 months agoCaitlin
8 months agoJerilyn
8 months agoMarion
9 months agoCorrina
9 months agoMel
9 months agoLindsey
10 months agoRachael
10 months agoDaren
11 months agoFrederick
11 months agoSunshine
11 months agoBoris
12 months agoMelita
12 months agoNieves
1 year agoVeronica
1 year agoJosefa
1 year agoOmer
1 year agoWillow
1 year agoYoulanda
1 year agoNorah
1 year agoAngelica
1 year agoKattie
1 year agoQueen
1 year agoJannette
1 year agoVirgina
1 year agoTheola
1 year agoYuki
1 year agoElmer
1 year agoCatarina
1 year agoCheryl
1 year agoViva
1 year agoMalcolm
1 year agoHelga
1 year agoGlory
1 year agoMee
1 year agoMaxima
1 year agoDacia
1 year agoNoah
1 year agoAlexia
1 year agoTracie
2 years agoJade
2 years agoDwight
2 years ago