CompTIA CompTIA Certifications PT0-003 Questions & Answers

• Question 1:

  Which of the following should a penetration tester attack to gain control of the state in the HTTP protocol after the user is logged in?

  A. HTTPS communication

  B. Public and private keys

  C. Password encryption

  D. Sessions and cookies

  Correct Answer: D

• Question 2:

  A mail service company has hired a penetration tester to conduct an enumeration of all user accounts on an SMTP server to identify whether previous staff member accounts are still active. Which of the following commands should be used to accomplish the goal?

  A. VRFY and EXPN

  B. VRFY and TURN

  C. EXPN and TURN

  D. RCPT TO and VRFY

  Correct Answer: A

  The VRFY and EXPN commands can be used to enumerate user accounts on an SMTP server, as they are used to verify the existence of users or mailing lists. VRFY (verify) asks the server to confirm that a given user name or address is valid. EXPN (expand) asks the server to expand a mailing list into its individual members. These commands can be used by a penetration tester to identify valid user names or e-mail addresses on the target SMTP server. Reference: https://hackerone.com/reports/193314

• Question 3:

  A penetration tester, who is doing an assessment, discovers an administrator has been exfiltrating proprietary company information. The administrator offers to pay the tester to keep quiet. Which of the following is the BEST action for the tester to take?

  A. Check the scoping document to determine if exfiltration is within scope.

  B. Stop the penetration test.

  C. Escalate the issue.

  D. Include the discovery and interaction in the daily report.

  Correct Answer: B

  "Another reason to communicate with the customer is to let the customer know if something unexpected arises while doing the pentest, such as if a critical vulnerability is found on a system, a new target system is found that is outside the scope of the penetration test targets, or a security breach is discovered when doing the penetration test. You will need to discuss how to handle such discoveries and who to contact if those events occur. In case of such events, you typically stop the pentest temporarily to discuss the issue with the customer, then resume once a resolution has been determined."

• Question 4:

  A consulting company is completing the ROE during scoping.

  Which of the following should be included in the ROE?

  A. Cost ofthe assessment

  B. Report distribution

  C. Testing restrictions

  D. Liability

  Correct Answer: B

• Question 5:

  A penetration tester ran a simple Python-based scanner. The following is a snippet of the code: Which of the following BEST describes why this script triggered a `probable port scan` alert in the organization's IDS?

  

  A. sock.settimeout(20) on line 7 caused each next socket to be created every 20 milliseconds.

  B. *range(1, 1025) on line 1 populated the portList list in numerical order.

  C. Line 6 uses socket.SOCK_STREAM instead of socket.SOCK_DGRAM

  D. The remoteSvr variable has neither been type-hinted nor initialized.

  Correct Answer: B

  Port randomization is widely used in port scanners. By default, Nmap randomizes the scanned port order (except that certain commonly accessible ports are moved near the beginning for efficiency reasons) https://nmap.org/book/man-portspecification.html

• Question 6:

  Which of the following tools would be best suited to perform a cloud security assessment?

  A. OpenVAS

  B. Scout Suite

  C. Nmap

  D. ZAP

  E. Nessus

  Correct Answer: B

  The tool that would be best suited to perform a cloud security assessment is Scout Suite, which is an open-source multi-cloud security auditing tool that can evaluate the security posture of cloud environments, such as AWS, Azure, GCP, or Alibaba Cloud. Scout Suite can collect configuration data from cloud providers using APIs and assess them against security best practices or benchmarks, such as CIS Foundations. Scout Suite can generate reports that highlight security issues, risks, or gaps in the cloud environment, and provide recommendations for remediation or improvement. The other options are not tools that are specifically designed for cloud security assessment. OpenVAS is an open- source vulnerability scanner that can scan hosts and networks for vulnerabilities and generate reports with findings and recommendations. Nmap is an open-source network scanner and enumerator that can scan hosts and networks for ports, services, versions, OS, or other information1. ZAP is an open-source web application scanner and proxy that can scan web applications for vulnerabilities and perform attacks such as SQL injection or XSS. Nessus is a commercial vulnerability scanner that can scan hosts and networks for vulnerabilities and generate reports with findings and recommendations.

• Question 7:

  A penetration tester is able to capture the NTLM challenge-response traffic between a client and a server.

  Which of the following can be done with the pcap to gain access to the server?

  A. Perform vertical privilege escalation.

  B. Replay the captured traffic to the server to recreate the session.

  C. Use John the Ripper to crack the password.

  D. Utilize a pass-the-hash attack.

  Correct Answer: D

• Question 8:

  During a penetration tester found a web component with no authentication requirements. The web component also allows file uploads and is hosted on one of the target public web the following actions should the penetration tester perform next?

  A. Continue the assessment and mark the finding as critical.

  B. Attempting to remediate the issue temporally.

  C. Notify the primary contact immediately.

  D. Shutting down the web server until the assessment is finished

  Correct Answer: A

• Question 9:

  A company has hired a penetration tester to deploy and set up a rogue access point on the network.

  Which of the following is the BEST tool to use to accomplish this goal?

  A. Wireshark

  B. Aircrack-ng

  C. Kismet

  D. Wifite

  Correct Answer: B

  Reference: https://null-byte.wonderhowto.com/how-to/hack-wi-fi-stealing-wi-fi-passwords- with-evil-twin-attack-0183880/

  https://thecybersecurityman.com/2018/08/11/creating-an-evil-twin-or-fake-access-point- using-aircrack-ng-and-dnsmasq-part-2-the-attack/

• Question 10:

  A penetration tester is trying to restrict searches on Google to a specific domain. Which of the following commands should the penetration tester consider?

  A. inurl:

  B. link:

  C. site:

  D. intitle:

  Correct Answer: C

  The site: command can be used to restrict searches on Google to a specific domain. For example, site:company.com will return only results from the company.com domain. This can help the penetration tester to find information or pages related to the target domain.