Summer Certification Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

PT0-003 Exam Dumps - CompTIA PenTest+ Exam

Searching for workable clues to ace the CompTIA PT0-003 Exam? You’re on the right place! ExamCert has realistic, trusted and authentic exam prep tools to help you achieve your desired credential. ExamCert’s PT0-003 PDF Study Guide, Testing Engine and Exam Dumps follow a reliable exam preparation strategy, providing you the most relevant and updated study material that is crafted in an easy to learn format of questions and answers. ExamCert’s study tools aim at simplifying all complex and confusing concepts of the exam and introduce you to the real exam scenario and practice it with the help of its testing engine and real exam dumps

Go to page:
Question # 65

In a file stored in an unprotected source code repository, a penetration tester discovers the following line of code:

sshpass -p donotchange ssh admin@192.168.6.14

Which of the following should the tester attempt to do next to take advantage of this information? (Select two).

A.

Use Nmap to identify all the SSH systems active on the network.

B.

Take a screen capture of the source code repository for documentation purposes.

C.

Investigate to find whether other files containing embedded passwords are in the code repository.

D.

Confirm whether the server 192.168.6.14 is up by sending ICMP probes.

E.

Run a password-spraying attack with Hydra against all the SSH servers.

F.

Use an external exploit through Metasploit to compromise host 192.168.6.14.

Full Access
Question # 66

A penetration tester is conducting reconnaissance on a target network. The tester runs the following Nmap command: nmap -sv -sT -p - 192.168.1.0/24. Which of the following describes the most likely purpose of this scan?

A.

OS fingerprinting

B.

Attack path mapping

C.

Service discovery

D.

User enumeration

Full Access
Question # 67

A penetration tester successfully gains access to a Linux system and then uses the following command:

find / -type f -ls > /tmp/recon.txt

Which of the following best describes the tester ' s goal?

A.

Permission enumeration

B.

Secrets enumeration

C.

User enumeration

D.

Service enumeration

Full Access
Question # 68

After a recent penetration test was conducted by the company ' s penetration testing team, a systems administrator notices the following in the logs:

2/10/2023 05:50AM C:\users\mgranite\schtasks /query

2/10/2023 05:53AM C:\users\mgranite\schtasks /CREATE /SC DAILY

Which of the following best explains the team ' s objective?

A.

To enumerate current users

B.

To determine the users ' permissions

C.

To view scheduled processes

D.

To create persistence in the network

Full Access
Question # 69

During an assessment, a penetration tester obtains an NTLM hash from a legacy Windows machine. Which of the following tools should the penetration tester use to continue the attack?

A.

Responder

B.

Hydra

C.

BloodHound

D.

CrackMapExec

Full Access
Question # 70

A penetration tester downloads a JAR file that is used in an organization ' s production environment. The tester evaluates the contents of the JAR file to identify potentially vulnerable components that can be targeted for exploit. Which of the following describes the tester ' s activities?

A.

SAST

B.

SBOM

C.

ICS

D.

SCA

Full Access
Question # 71

A penetration tester wants to check the security awareness of specific workers in the company with targeted attacks. Which of the following attacks should the penetration tester perform?

A.

Phishing

B.

Tailgating

C.

Whaling

D.

Spear phishing

Full Access
Question # 72

During a penetration test, a tester compromises a Windows computer. The tester executes the following command and receives the following output:

mimikatz # privilege::debug

mimikatz # lsadump::cache

---Output---

lapsUser

27dh9128361tsg2€459210138754ij

---OutputEnd---

Which of the following best describes what the tester plans to do by executing the command?

A.

The tester plans to perform the first step to execute a Golden Ticket attack to compromise the Active Directory domain.

B.

The tester plans to collect application passwords or hashes to compromise confidential information within the local computer.

C.

The tester plans to use the hash collected to perform lateral movement to other computers using a local administrator hash.

D.

The tester plans to collect the ticket information from the user to perform a Kerberoasting attack on the domain controller.

Full Access
Go to page: