Summer Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

PT0-003 Exam Dumps - CompTIA PenTest+ Questions and Answers

Question # 4

A penetration tester needs to collect information over the network for further steps in an internal assessment. Which of the following would most likely accomplish this goal?

Options:

A.

ntlmrelayx.py -t 192.168.1.0/24 -1 1234

B.

nc -tulpn 1234 192.168.1.2

C.

responder.py -I eth0 -wP

D.

crackmapexec smb 192.168.1.0/24

Buy Now
Question # 5

A penetration tester is authorized to perform a DoS attack against a host on a network. Given the following input:

ip = IP( " 192.168.50.2 " )

tcp = TCP(sport=RandShort(), dport=80, flags= " S " )

raw = RAW(b " X " *1024)

p = ip/tcp/raw

send(p, loop=1, verbose=0)

Which of the following attack types is most likely being used in the test?

Options:

A.

MDK4

B.

Smurf attack

C.

FragAttack

D.

SYN flood

Buy Now
Question # 6

During an assessment, a penetration tester runs the following command:

setspn.exe -Q /

Which of the following attacks is the penetration tester preparing for?

Options:

A.

LDAP injection

B.

Pass-the-hash

C.

Kerberoasting

D.

Dictionary

Buy Now
Question # 7

A penetration tester is performing a cloud-based penetration test against a company. Stakeholders have indicated the priority is to see if the tester can get into privileged systems that are not directly accessible from the internet. Given the following scanner information:

Server-side request forgery (SSRF) vulnerability in test.comptia.org

Reflected cross-site scripting (XSS) vulnerability in test2.comptia.org

Publicly accessible storage system named static_comptia_assets

SSH port 22 open to the internet on test3.comptia.org

Open redirect vulnerability in test4.comptia.org

Which of the following attack paths should the tester prioritize first?

Options:

A.

Synchronize all the information from the public bucket and scan it with Trufflehog.

B.

Run Pacu to enumerate permissions and roles within the cloud-based systems.

C.

Perform a full dictionary brute-force attack against the open SSH service using Hydra.

D.

Use the reflected cross-site scripting attack within a phishing campaign to attack administrators.

E.

Leverage the SSRF to gain access to credentials from the metadata service.

Buy Now
Question # 8

During a security audit, a penetration tester wants to exploit a vulnerability in a common network protocol. The protocol allows encrypted communications to be intercepted and manipulated. Which of the following vulnerabilities should the tester exploit?

Options:

A.

CVE-202W-ZZZZ: Cisco ASA IKEv2/IPSec Fragmentation Vulnerability

B.

CVE-202Y-XXXX: Wireshark SSL/TLS Decryption Vulnerability

C.

CVE-202X-YYYY: OpenSSL DROWN Attack

D.

CVE-202Z-WWWW: Microsoft SMBv1 EternalBlue Exploit

Buy Now
Question # 9

A penetration tester wants to check the security awareness of specific workers in the company with targeted attacks. Which of the following attacks should the penetration tester perform?

Options:

A.

Phishing

B.

Tailgating

C.

Whaling

D.

Spear phishing

Buy Now
Question # 10

A penetration tester needs to complete cleanup activities from the testing lead. Which of the following should the tester do to validate that reverse shell payloads are no longer running?

Options:

A.

Run scripts to terminate the implant on affected hosts.

B.

Spin down the C2 listeners.

C.

Restore the firewall settings of the original affected hosts.

D.

Exit from C2 listener active sessions.

Buy Now
Question # 11

Before starting an assessment, a penetration tester needs to scan a Class B IPv4 network for open ports in a short amount of time. Which of the following is the best tool for this task?

Options:

A.

Burp Suite

B.

masscan

C.

Nmap

D.

hping

Buy Now
Question # 12

A penetration tester conducts reconnaissance for a client ' s network and identifies the following system of interest:

$ nmap -A AppServer1.compita.org

Starting Nmap 7.80 (2023-01-14) on localhost (127.0.0.1) at 2023-08-04 15:32:27

Nmap scan report for AppServer1.compita.org (192.168.1.100)

Host is up (0.001s latency).

Not shown: 999 closed ports

Port State Service

21/tcp open ftp

22/tcp open ssh

23/tcp open telnet

80/tcp open http

135/tcp open msrpc

139/tcp open netbios-ssn

443/tcp open https

445/tcp open microsoft-ds

873/tcp open rsync

8080/tcp open http-proxy

8443/tcp open https-alt

9090/tcp open zeus-admin

10000/tcp open snet-sensor-mgmt

The tester notices numerous open ports on the system of interest. Which of the following best describes this system?

Options:

A.

A honeypot

B.

A Windows endpoint

C.

A Linux server

D.

An already-compromised system

Buy Now
Question # 13

A penetration testing company is defining the rules of engagement with a client. Which of the following should the company include?

Options:

A.

Non-disclosure agreement

B.

Escalation process

C.

URL list

D.

Authorization letter

Buy Now
Exam Code: PT0-003
Exam Name: CompTIA PenTest+ Exam
Last Update: Jul 5, 2026
Questions: 336
PT0-003 pdf

PT0-003 PDF

$25.5  $84.99
PT0-003 Engine

PT0-003 Testing Engine

$28.5  $94.99
PT0-003 PDF + Engine

PT0-003 PDF + Testing Engine

$40.5  $134.99