Free Preparation Discussions
MENU
CompTIA PT0-003 Exam Questions
- Topic 1: Engagement Management: In this topic, cybersecurity analysts learn about pre-engagement activities, collaboration, and communication in a penetration testing environment. The topic covers testing frameworks, methodologies, and penetration test reports. It also explains how to analyze findings and recommend remediation effectively within reports, crucial for real-world testing scenarios.
- Topic 2: Reconnaissance and Enumeration: This topic focuses on applying information gathering and enumeration techniques. Cybersecurity analysts will learn how to modify scripts for reconnaissance and enumeration purposes. They will also understand which tools to use for these stages, essential for gathering crucial information before performing deeper penetration tests.
- Topic 3: Vulnerability Discovery and Analysis: In this section, cybersecurity analysts will learn various techniques to discover vulnerabilities. Analysts will also analyze data from reconnaissance, scanning, and enumeration phases to identify threats. Additionally, it covers physical security concepts, enabling analysts to understand security gaps beyond just the digital landscape.
- Topic 4: Attacks and Exploits: This extensive topic trains cybersecurity analysts to analyze data and prioritize attacks. Analysts will learn how to conduct network, authentication, host-based, web application, cloud, wireless, and social engineering attacks using appropriate tools. Understanding specialized systems and automating attacks with scripting will also be emphasized.
- Topic 5: Post-exploitation and Lateral Movement: Cybersecurity analysts will gain skills in establishing and maintaining persistence within a system. This topic also covers lateral movement within an environment and introduces concepts of staging and exfiltration. Lastly, it highlights cleanup and restoration activities, ensuring analysts understand the post-exploitation phase’s responsibilities.
Free CompTIA PT0-003 Exam Actual Questions
Note: Premium Questions for PT0-003 were last updated On Apr. 04, 2025 (see below)
A penetration tester completes a scan and sees the following output on a host:
bash
Copy code
Nmap scan report for victim (10.10.10.10)
Host is up (0.0001s latency)
PORT STATE SERVICE
161/udp open|filtered snmp
445/tcp open microsoft-ds
3389/tcp open microsoft-ds
Running Microsoft Windows 7
OS CPE: cpe:/o:microsoft:windows_7_sp0
The tester wants to obtain shell access. Which of the following related exploits should the tester try first?
The ms17_010_eternalblue exploit is the most appropriate choice based on the scenario.
Why MS17-010 EternalBlue?
EternalBlue is a critical vulnerability in SMBv1 (port 445) affecting older versions of Windows, including Windows 7.
The exploit can be used to execute arbitrary code remotely, providing shell access to the target system.
Other Options:
A (psexec): This exploit is a post-exploitation tool that requires valid credentials to execute commands remotely.
B (ms08_067_netapi): A vulnerability targeting older Windows systems (e.g., Windows XP). It is unlikely to work on Windows 7.
D (snmp_login): This is an auxiliary module for enumerating SNMP, not gaining shell access.
CompTIA Pentest+ Reference:
Domain 2.0 (Information Gathering and Vulnerability Identification)
Domain 3.0 (Attacks and Exploits)
A penetration tester is trying to get unauthorized access to a web application and executes the following command:
GET /foo/images/file?id=2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd
Which of the following web application attacks is the tester performing?
The attacker is attempting to access restricted files by navigating directories beyond their intended scope.
Directory Traversal (Option C):
The request uses encoded '../' sequences (%2e%2e%2f = ../) to move up directories and access /etc/passwd.
This is a classic directory traversal attack aimed at accessing system files.
Incorrect options:
Option A (Insecure Direct Object Reference - IDOR): IDOR exploits direct access to objects (e.g., changing user_id=123 to user_id=456), not directory navigation.
Option B (CSRF): CSRF forces users to execute unwanted actions, unrelated to directory access.
A penetration tester successfully clones a source code repository and then runs the following command:
find . -type f -exec egrep -i "token|key|login" {} \;
Which of the following is the penetration tester conducting?
Penetration testers search for hardcoded credentials, API keys, and authentication tokens in source code repositories to identify secrets leakage.
Secrets scanning (Option B):
The find and egrep command scans all files recursively for sensitive keywords like 'token,' 'key,' and 'login'.
Attackers use tools like TruffleHog and GitLeaks to automate secret discovery.
Incorrect options:
Option A (Data tokenization): Tokenization replaces sensitive data with unique tokens, not scanning for credentials.
Option C (Password spraying): Tries common passwords across multiple accounts, unrelated to scanning source code.
Which of the following activities should be performed to prevent uploaded web shells from being exploited by others?
Secure Data Destruction:
Securely deleting the web shell ensures it cannot be accessed or exploited by attackers in the future.
This involves removing the malicious file and overwriting the space it occupied to prevent recovery.
Why Not Other Options?
A (Remove persistence mechanisms): While helpful in maintaining security, this doesn't address the immediate threat of the web shell.
B (Spin down infrastructure): This could disrupt operations and doesn't directly mitigate the web shell issue.
C (Preserve artifacts): While necessary for forensic analysis, it does not prevent further exploitation of the web shell.
CompTIA Pentest+ Reference:
Domain 3.0 (Attacks and Exploits)
A tester obtains access to an endpoint subnet and wants to move laterally in the network. Given the following output:
kotlin
Copy code
Nmap scan report for some_host
Host is up (0.01 latency).
PORT STATE SERVICE
445/tcp open microsoft-ds
Host script results: smb2-security-mode: Message signing disabled
Which of the following command and attack methods is the most appropriate for reducing the chances of being detected?
Explanation of the Correct Option:
A (responder and ntlmrelayx.py):
Responder is a tool for intercepting and relaying NTLM authentication requests.
Since SMB signing is disabled, ntlmrelayx.py can relay authentication requests and escalate privileges to move laterally without directly brute-forcing credentials, which is stealthier.
Why Not Other Options?
B: Exploiting MS17-010 (psexec) is noisy and likely to trigger alerts.
C: Brute-forcing credentials with Hydra is highly detectable due to the volume of failed login attempts.
D: Nmap scripts like smb-brute.nse are useful for enumeration but involve brute-force methods that increase detection risk.
CompTIA Pentest+ Reference:
Domain 3.0 (Attacks and Exploits)
- Select Question Types you want
- Set your Desired Pass Percentage
- Allocate Time (Hours : Minutes)
- Create Multiple Practice tests with Limited Questions
- Customer Support
Boris
16 days agoMelita
23 days agoNieves
1 months agoVeronica
2 months agoJosefa
2 months agoOmer
2 months agoWillow
3 months agoYoulanda
3 months agoNorah
3 months agoAngelica
3 months agoKattie
4 months agoQueen
4 months agoJannette
4 months agoVirgina
4 months agoTheola
4 months agoYuki
4 months agoElmer
5 months agoCatarina
5 months agoCheryl
5 months agoViva
5 months agoMalcolm
6 months agoHelga
6 months agoGlory
6 months agoMee
6 months agoMaxima
6 months agoDacia
7 months agoNoah
7 months agoAlexia
7 months agoTracie
7 months agoJade
7 months agoDwight
7 months ago