Dumps for Free CompTIA PT0-003 Practice Exam Questions [Jun 28, 2026]
PT0-003 Dumps PDF And Certification Training
NEW QUESTION # 101
During an internal penetration test against a company, a penetration tester was able to navigate to another part of the network and locate a folder containing customer information such as addresses, phone numbers, and credit card numbers. To be PCI compliant, which of the following should the company have implemented to BEST protect this data?
- A. System hardening
- B. Intrusion detection
- C. Vulnerability scanning
- D. Network segmentation
Answer: D
Explanation:
Network segmentation is the practice of dividing a network into smaller subnetworks or segments based on different criteria, such as function, security level, or access control. Network segmentation can enhance the security of a network by isolating sensitive or critical systems from less secure or untrusted systems, reducing the attack surface, limiting the spread of malware or intrusions, and enforcing granular policies and rules for each segment. To be PCI compliant, which is a set of standards for protecting payment card data, the company should have implemented network segmentation to separate the servers that perform financial transactions from other parts of the network that may be less secure or more exposed to threats. The other options are not specific requirements for PCI compliance, although they may be good security practices in general.
NEW QUESTION # 102
Given the following Nmap scan command:
[root@kali ~]# nmap 192.168.0 .* -- exclude 192.168.0.101
Which of the following is the total number of servers that Nmap will attempt to scan?
- A. 0
- B. 1
- C. 2
- D. 3
Answer: D
Explanation:
The Nmap scan command given will scan all the hosts in the 192.168.0.0/24 subnet, except for the one with the IP address 192.168.0.101. The subnet has 256 possible hosts, but one of them is excluded, so the total number of servers that Nmap will attempt to scan is 255. References:
Nmap Commands - 17 Basic Commands for Linux Network, Section: Scan Multiple Hosts, Subsection: Excluding Hosts from Search Nmap Cheat Sheet 2023: All the Commands and More, Section: Target Specification, Subsection:
-exclude
NEW QUESTION # 103
During a testing engagement, a penetration tester compromises a host and locates data for exfiltration. Which of the following are the best options to move the data without triggering a data loss prevention tool? (Select two).
- A. Compress and encrypt the data.
- B. Encode the data as Base64.
- C. Use FTP for exfiltration.
- D. Rename the file name extensions.
- E. Move the data using a USB flash drive.
- F. Send the data to a commonly trusted service.
Answer: A,B
Explanation:
Data Loss Prevention (DLP) tools monitor sensitive data and prevent unauthorized exfiltration. The two best options to bypass DLP are:
Compress and encrypt the data (Option B):
Compression reduces file size, making detection harder. Encryption further protects the data by making it unreadable without a key.
DLP tools often inspect content based on known patterns (e.g., credit card numbers, sensitive keywords).
Encrypted files bypass content inspection since DLP cannot analyze encrypted data.
Reference: CompTIA PenTest+ PT0-003 Official Study Guide - "Data Exfiltration Techniques" Encode the data as Base64 (Option E):
Base64 encoding disguises data by converting it into ASCII text, making it less likely to trigger DLP signature-based detection.
Many DLP systems do not analyze encoded text deeply, assuming it is non-sensitive.
Reference: CompTIA PenTest+ PT0-003 Official Study Guide - "Encoding and Obfuscation in Exfiltration" Incorrect options:
Option A (USB flash drive): Physical exfiltration is risky and easily detectable in enterprise environments.
Option C (Rename file extensions): DLP systems analyze content, not just filenames.
Option D (FTP for exfiltration): FTP is monitored by security tools and is a high-risk method.
Option F (Trusted service): Many organizations monitor outbound traffic to cloud storage or email services.
NEW QUESTION # 104
During an assessment, a penetration tester obtains access to an internal server and would like to perform further reconnaissance by capturing LLMNR traffic. Which of the following tools should the tester use?
- A. Responder
- B. Nmap
- C. Netcat
- D. Burp Suite
Answer: A
Explanation:
Responderes una herramienta especializada para capturar traficoLLMNR, NBNS y MDNS, y realizar ataques de spoofing y captura de hashes. Es ampliamente utilizada en entornos Windows para capturar credenciales cuando se resuelven nombres que no existen en el DNS.
Netcat y Burp Suite no estan disenados para este proposito. Nmap sirve para escaneo de redes, pero no para captura ni explotacion de LLMNR.
Referencia:PT0-003 Objective 4.2 - Explain lateral movement techniques and privilege escalation tools (Responder is explicitly listed).
NEW QUESTION # 105
During a penetration test, you gain access to a system with a limited user interface. This machine appears to have access to an isolated network that you would like to port scan.
INSTRUCTIONS
Analyze the code segments to determine which sections are needed to complete a port scanning script.
Drag the appropriate elements into the correct locations to complete the script.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Answer:
Explanation:
NEW QUESTION # 106
Which of the following describes the process of determining why a vulnerability scanner is not providing results?
- A. Goal reprioritization
- B. Secure distribution
- C. Root cause analysis
- D. Peer review
Answer: C
Explanation:
Root cause analysis involves identifying the underlying reasons why a problem is occurring. In the context of a vulnerability scanner not providing results, performing a root cause analysis would help determine why the scanner is failing to deliver the expected output.
Root Cause Analysis: This is a systematic process used to identify the fundamental reasons for a problem. It involves investigating various potential causes and pinpointing the exact issue that is preventing the vulnerability scanner from working correctly.
Secure Distribution: This refers to the secure delivery and distribution of software or updates, which is not relevant to troubleshooting a vulnerability scanner.
Peer Review: This involves evaluating work by others in the same field to ensure quality and accuracy, but it is not directly related to identifying why a tool is malfunctioning.
Goal Reprioritization: This involves changing the priorities of goals within a project, which does not address the technical issue of the scanner not working.
NEW QUESTION # 107
A penetration tester completes a scan and sees the following Nmap output on a host:
Nmap scan report for victim (10.10.10.10)
Host is up (0.0001s latency)
PORT STATE SERVICE
161/udp open snmp
445/tcp open microsoft-ds
3389/tcp open ms-wbt-server
Running Microsoft Windows 7
OS CPE: cpe:/o:microsoft:windows_7::sp0
The tester wants to obtain shell access. Which of the following related exploits should the tester try first?
- A. auxiliary/scanner/snmp/snmp_login
- B. exploit/windows/smb/ms17_010_eternalblue
- C. exploit/windows/smb/ms08_067_netapi
- D. exploit/windows/smb/psexec
Answer: B
NEW QUESTION # 108
Which of the following will reduce the possibility of introducing errors or bias in a penetration test report?
- A. Peer review
- B. Use AI
- C. Goal reprioritization
- D. Secure distribution
Answer: A
Explanation:
A peer review process ensures that a penetration test report is accurate, unbiased, and free from errors.
Peer review (Option B):
Senior security professionals verify findings, risk levels, and remediation recommendations.
Reduces the risk of misinterpretation or incorrect data in reports.
Reference: CompTIA PenTest+ PT0-003 Official Study Guide - "Best Practices for Penetration Testing Reports" Incorrect options:
Option A (Secure distribution): Ensures confidentiality, but does not reduce report errors.
Option C (Use AI): AI can assist in analysis, but human verification is essential.
Option D (Goal reprioritization): Changes testing objectives, not report accuracy.
NEW QUESTION # 109
An assessor wants to use Nmap to help map out a stateful firewall rule set. Which of the following scans will the assessor MOST likely run?
- A. nmap -sA 192.168.0.1/24
- B. nmap 192.168.0.1/24
- C. nmap -sS 192.168.0.1/24
- D. nmap -oG 192.168.0.1/24
Answer: A
Explanation:
https://nmap.org/book/scan-methods-ack-scan.html
NEW QUESTION # 110
A penetration tester is conducting a test after hours and notices a critical system was taken down. Which of the following contacts should be notified first?
- A. Emergency
- B. Technical
- C. Secondary
- D. Primary
Answer: D
Explanation:
In the context of penetration testing, the primary contact is typically the first point of contact established before the penetration test begins. This person is usually a stakeholder or an individual who has the authority and responsibility over the system being tested. In the scenario where a critical system is taken down during off-hours, the primary contact should be notified first to ensure a prompt and coordinated response. The primary contact can then decide on the next steps, including escalating the issue to technical, secondary, or emergency contacts if necessary. This approach maintains the chain of command and ensures that the appropriate parties are informed in a structured manner.
NEW QUESTION # 111
A penetration tester executes multiple enumeration commands to find a path to escalate privileges. Given the following command:
find / -user root -perm -4000 -exec ls -ldb {} \; 2>/dev/null
Which of the following is the penetration tester attempting to enumerate?
- A. Permission
- B. Passwords
- C. Attack path mapping
- D. API keys
Answer: A
Explanation:
The command find / -user root -perm -4000 -exec ls -ldb {} \; 2>/dev/null is used to find files with the SUID bit set. SUID (Set User ID) permissions allow a file to be executed with the permissions of the file owner (root), rather than the permissions of the user running the file.
NEW QUESTION # 112
During an assessment, a penetration tester plans to gather metadata from various online files, including pictures. Which of the following standards outlines the formats for pictures, audio, and additional tags that facilitate this type of reconnaissance?
- A. EXIF
- B. COFF
- C. ELF
- D. GIF
Answer: A
Explanation:
Metadata extraction allows attackers to collect sensitive information from digital files.
EXIF (Exchangeable Image File Format) (Option A):
EXIF metadata contains camera details, GPS coordinates, timestamps, and software versions used to edit the file.
Attackers use tools like ExifTool to extract metadata for reconnaissance.
Reference:
Incorrect options:
Option B (GIF): A file format for images, but not a metadata standard.
Option C (COFF): Common Object File Format, related to executable files, not images.
Option D (ELF): Executable and Linkable Format, used for Linux binaries, not metadata analysis.
NEW QUESTION # 113
A tester runs an Nmap scan against a Windows server and receives the following results:
Nmap scan report for win_dns.local (10.0.0.5)
Host is up (0.014s latency)
Port State Service
53/tcp open domain
161/tcp open snmp
445/tcp open smb-ds
3389/tcp open rdp
Which of the following TCP ports should be prioritized for using hash-based relays?
- A. 0
- B. 1
- C. 2
- D. 3
Answer: D
Explanation:
Port 445 is used for SMB (Server Message Block) services, which are commonly targeted for hash- based relay attacks like NTLM relay attacks.
NEW QUESTION # 114
A penetration tester aims to exploit a vulnerability in a wireless network that lacks proper encryption. The lack of proper encryption allows malicious content to infiltrate the network. Which of the following techniques would most likely achieve the goal?
- A. Bluejacking
- B. Beacon flooding
- C. Packet injection
- D. Signal jamming
Answer: C
Explanation:
If a wireless network lacks proper encryption, attackers can inject malicious packets into the traffic stream.
Packet injection (Option A):
Attackers forge and transmit fake packets to manipulate network behavior.
Common in WEP/WPA attacks to force IV collisions or spoof DHCP responses.
Reference:
Incorrect options:
Option B (Bluejacking): Sends spam messages via Bluetooth, not for network exploitation.
Option C (Beacon flooding): Overloads wireless access points, not an attack on encryption.
Option D (Signal jamming): Disrupts connectivity but does not inject packets.
NEW QUESTION # 115
A penetration tester writes the following script to enumerate a /24 network:
1 #!/bin/bash
2 for i in {1..254}
3 ping -c1 192.168.1.$i
4 done
The tester executes the script, but it fails with the following error:
-bash: syntax error near unexpected token 'ping'
Which of the following should the tester do to fix the error?
- A. Replace bash with zsh
- B. Replace {1..254} with $(seq 1 254)
- C. Add do after line 2
- D. Replace $i with ${i}
Answer: B
Explanation:
The missing do keyword is the reason for the syntax error. Bash for loops must include a do statement before executing commands within the loop.
Corrected script:
#!/bin/bash
for i in {1..254}; do
ping -c1 192.168.1.$i
done
From the CompTIA PenTest+ PT0-003 Official Study Guide (Chapter 4 - Scanning and Enumeration):
"In Bash scripting, control structures like for-loops require correct syntax, including the 'do' keyword for loop logic to execute properly." Reference: Chapter 4, CompTIA PenTest+ PT0-003 Official Study Guide
NEW QUESTION # 116
You are a penetration tester reviewing a client's website through a web browser.
INSTRUCTIONS
Review all components of the website through the browser to determine if vulnerabilities are present.
Remediate ONLY the highest vulnerability from either the certificate, source, or cookies.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Answer:
Explanation:
NEW QUESTION # 117
A penetration tester gains initial access to a target system by exploiting a recent RCE vulnerability. The patch for the vulnerability will be deployed at the end of the week. Which of the following utilities would allow the tester to reenter the system remotely after the patch has been deployed? (Select two).
- A. schtasks.exe
- B. cmd.exe
- C. chgusr.exe
- D. sc.exe
- E. netsh.exe
- F. rundll.exe
Answer: A,D
Explanation:
To reenter the system remotely after the patch for the recently exploited RCE vulnerability has been deployed, the penetration tester can use schtasks.exe and sc.exe.
Explanation:
* schtasks.exe:
* Purpose: Used to create, delete, and manage scheduled tasks on Windows systems.
* Persistence: By creating a scheduled task, the tester can ensure a script or program runs at a specified time, providing a persistent backdoor.
* Example:
schtasks /create /tn "Backdoor" /tr "C:\path\to\backdoor.exe" /sc daily /ru SYSTEM
* sc.exe:
* Purpose: Service Control Manager command-line tool used to manage Windows services.
* Persistence: By creating or modifying a service to run a malicious executable, the tester can maintain persistent access.
* Example:
sc create backdoor binPath= "C:\path\to\backdoor.exe" start= auto
* Other Utilities:
* rundll.exe: Used to run DLLs as applications, not typically used for persistence.
* cmd.exe: General command prompt, not specifically used for creating persistence mechanisms.
* chgusr.exe: Used to change install mode for Remote Desktop Session Host, not relevant for persistence.
* netsh.exe: Used for network configuration, not typically used for persistence.
Pentest References:
* Post-Exploitation: Establishing persistence is crucial to maintaining access after initial exploitation.
* Windows Tools: Understanding how to leverage built-in Windows tools like schtasks.exe and sc.exe to create backdoors that persist through reboots and patches.
By using schtasks.exe and sc.exe, the penetration tester can set up persistent mechanisms that will allow reentry into the system even after the patch is applied.
NEW QUESTION # 118
A penetration tester is attempting to exfiltrate sensitive data from a client environment without alerting the client's blue team. Which of the following exfiltration methods most likely remain undetected?
- A. Test storage sites
- B. Domain Name System
- C. Cloud storage
- D. Email
Answer: B
Explanation:
The Domain Name System (DNS) is commonly used for covert exfiltration because it is an essential protocol in most networks and is less likely to be scrutinized compared to other methods. Here's how DNS exfiltration works:
Mechanism:
Data is encoded into DNS queries or responses, such as using subdomain fields to transmit sensitive information.
These queries are sent to a malicious DNS server controlled by the attacker, allowing data to bypass traditional detection mechanisms.
Why It Remains Undetected:
DNS traffic is frequently allowed and not as heavily monitored compared to other channels like HTTP or email.
Network security tools often prioritize operational DNS traffic, making detection of anomalies more challenging.
CompTIA Pentest+ Reference:
Domain 3.0 (Attacks and Exploits)
Domain 5.0 (Reporting and Communication)
NEW QUESTION # 119
......
Check your preparation for CompTIA PT0-003 On-Demand Exam: https://www.exam4tests.com/PT0-003-valid-braindumps.html
Practice Exam PT0-003 Realistic Dumps Verified Questions: https://drive.google.com/open?id=1YqL8zfPEpbeWXpt0JHrTi9ZLoX707hfL