Exam Details

  • Exam Code
    :PT0-003
  • Exam Name
    :CompTIA PenTest+
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :271 Q&As
  • Last Updated
    :Mar 21, 2025

CompTIA CompTIA Certifications PT0-003 Questions & Answers

  • Question 1:

    Which of the following should a penetration tester attack to gain control of the state in the HTTP protocol after the user is logged in?

    A. HTTPS communication

    B. Public and private keys

    C. Password encryption

    D. Sessions and cookies

  • Question 2:

    A mail service company has hired a penetration tester to conduct an enumeration of all user accounts on an SMTP server to identify whether previous staff member accounts are still active. Which of the following commands should be used to accomplish the goal?

    A. VRFY and EXPN

    B. VRFY and TURN

    C. EXPN and TURN

    D. RCPT TO and VRFY

  • Question 3:

    A penetration tester, who is doing an assessment, discovers an administrator has been exfiltrating proprietary company information. The administrator offers to pay the tester to keep quiet. Which of the following is the BEST action for the tester to take?

    A. Check the scoping document to determine if exfiltration is within scope.

    B. Stop the penetration test.

    C. Escalate the issue.

    D. Include the discovery and interaction in the daily report.

  • Question 4:

    A consulting company is completing the ROE during scoping.

    Which of the following should be included in the ROE?

    A. Cost ofthe assessment

    B. Report distribution

    C. Testing restrictions

    D. Liability

  • Question 5:

    A penetration tester ran a simple Python-based scanner. The following is a snippet of the code: Which of the following BEST describes why this script triggered a `probable port scan` alert in the organization's IDS?

    A. sock.settimeout(20) on line 7 caused each next socket to be created every 20 milliseconds.

    B. *range(1, 1025) on line 1 populated the portList list in numerical order.

    C. Line 6 uses socket.SOCK_STREAM instead of socket.SOCK_DGRAM

    D. The remoteSvr variable has neither been type-hinted nor initialized.

  • Question 6:

    Which of the following tools would be best suited to perform a cloud security assessment?

    A. OpenVAS

    B. Scout Suite

    C. Nmap

    D. ZAP

    E. Nessus

  • Question 7:

    A penetration tester is able to capture the NTLM challenge-response traffic between a client and a server.

    Which of the following can be done with the pcap to gain access to the server?

    A. Perform vertical privilege escalation.

    B. Replay the captured traffic to the server to recreate the session.

    C. Use John the Ripper to crack the password.

    D. Utilize a pass-the-hash attack.

  • Question 8:

    During a penetration tester found a web component with no authentication requirements. The web component also allows file uploads and is hosted on one of the target public web the following actions should the penetration tester perform next?

    A. Continue the assessment and mark the finding as critical.

    B. Attempting to remediate the issue temporally.

    C. Notify the primary contact immediately.

    D. Shutting down the web server until the assessment is finished

  • Question 9:

    A company has hired a penetration tester to deploy and set up a rogue access point on the network.

    Which of the following is the BEST tool to use to accomplish this goal?

    A. Wireshark

    B. Aircrack-ng

    C. Kismet

    D. Wifite

  • Question 10:

    A penetration tester is trying to restrict searches on Google to a specific domain. Which of the following commands should the penetration tester consider?

    A. inurl:

    B. link:

    C. site:

    D. intitle:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PT0-003 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.