Which of the following is a term used to describe a situation in which a penetration tester bypasses physical access controls and gains access to a facility by entering at the same time as an employee?
A. Badge cloning
B. Shoulder surfing
C. Tailgating
D. Site survey
Correct Answer: C
Understanding Tailgating:
Methods to Prevent Tailgating:
Examples in Penetration Testing:
References from Pentesting Literature:
References:
Penetration Testing - A Hands-on Introduction to Hacking HTB Official Writeups
Question 102:
Before starting an assessment, a penetration tester needs to scan a Class B IPv4 network for open ports in a short amount of time. Which of the following is the best tool for this task?
A. Burp Suite
B. masscan
C. Nmap
D. hping
Correct Answer: B
When needing to scan a large network for open ports quickly, the choice of tool is critical.
Here's why option B is correct:
masscan: This tool is designed for high-speed port scanning and can scan entire networks much faster than traditional tools like Nmap. It can handle large ranges of IP addresses and ports with high efficiency. Nmap: While powerful and
versatile, Nmap is generally slower than masscan for scanning very large networks, especially when speed is crucial. Burp Suite: This tool is primarily for web application security testing and not optimized for network-wide port scanning.
hping: This is a network tool used for packet crafting and network testing, but it is not designed for high-speed network port scanning.
References from Pentest:
Luke HTB: Highlights the use of efficient tools for large-scale network scanning to identify open ports quickly.
Anubis HTB: Demonstrates scenarios where high-speed scanning tools like masscan are essential for large network assessments.
Question 103:
Which of the following tasks would ensure the key outputs from a penetration test are not lost as part of the cleanup and restoration activities?
A. Preserving artifacts
B. Reverting configuration changes
C. Keeping chain of custody
D. Exporting credential data
Correct Answer: A
Preserving Artifacts:
Other Tasks:
Pentest References:
Reporting: Comprehensive documentation and reporting of findings are crucial parts of penetration testing.
Evidence Handling: Properly preserving and handling artifacts ensure that the integrity of the test results is maintained and can be used for future reference. By preserving artifacts, the penetration tester ensures that all key outputs from the
test are retained for analysis, reporting, and future reference.
Question 104:
A penetration tester obtains password dumps associated with the target and identifies strict lockout policies. The tester does not want to lock out accounts when attempting access. Which of the following techniques should the tester use?
A. Credential stuffing
B. MFA fatigue
C. Dictionary attack
D. Brute-force attack
Correct Answer: A
To avoid locking out accounts while attempting access, the penetration tester should use credential stuffing.
Credential Stuffing:
Other Techniques:
Pentest References:
Password Attacks: Understanding different types of password attacks and their implications on account security.
Account Lockout Policies: Awareness of how lockout mechanisms work and strategies to avoid triggering them during penetration tests. By using credential stuffing, the penetration tester can attempt to gain access using known credentials
without triggering account lockout policies, ensuring a stealthier approach to password attacks.
Question 105:
During a vulnerability assessment, a penetration tester configures the scanner sensor and performs the initial vulnerability scanning under the client's internal network. The tester later discusses the results with the client, but the client does not accept the results. The client indicates the host and assets that were within scope are not included in the vulnerability scan results. Which of the following should the tester have done?
A. Rechecked the scanner configuration.
B. Performed a discovery scan.
C. Used a different scan engine.
D. Configured all the TCP ports on the scan.
Correct Answer: B
When the client indicates that the scope's hosts and assets are not included in the vulnerability scan results, it suggests that the tester may have missed discovering all the devices in the scope. Here's the best course of action:
Performing a Discovery Scan:
Comparison with Other Actions:
Performing a discovery scan ensures that all in-scope devices are identified and included in the vulnerability assessment, making it the best course of action.
Question 106:
During a security assessment, a penetration tester needs to exploit a vulnerability in a wireless network's authentication mechanism to gain unauthorized access to the network. Which of the following attacks would the tester most likely perform to gain access?
A. KARMA attack
B. Beacon flooding
C. MAC address spoofing
D. Eavesdropping
Correct Answer: C
MAC address spoofing involves changing the MAC address of a network interface to mimic another device on the network. This technique is often used to bypass network access controls and gain unauthorized access to a network.
Penetration Testing - A Hands-on Introduction to Hacking HTB Official Writeups
Top of Form
Bottom of Form
Question 107:
During a penetration test, a tester captures information about an SPN account. Which of the following attacks requires this information as a prerequisite to proceed?
A. Golden Ticket
B. Kerberoasting
C. DCShadow
D. LSASS dumping
Correct Answer: B
Kerberoasting is an attack that specifically targets Service Principal Name (SPN) accounts in a Windows Active Directory environment. Here's a detailed explanation:
Understanding SPN Accounts:
Kerberoasting Attack:
Comparison with Other Attacks:
Kerberoasting specifically requires the SPN account information to proceed, making it the correct answer.
Question 108:
A penetration tester discovers evidence of an advanced persistent threat on the network that is being tested. Which of the following should the tester do next?
A. Report the finding.
B. Analyze the finding.
C. Remove the threat.
D. Document the finding and continue testing.
Correct Answer: A
Upon discovering evidence of an advanced persistent threat (APT) on the network, the penetration tester should report the finding immediately.
Advanced Persistent Threat (APT):
Immediate Reporting:
Other Actions:
Pentest References:
Incident Response: Understanding the importance of immediate reporting and collaboration with the organization's security team upon discovering critical threats like APTs. Ethical Responsibility: Following ethical guidelines and protocols to
ensure the organization can respond effectively to significant threats. By reporting the finding immediately, the penetration tester ensures that the organization's security team is alerted to the presence of an APT, allowing them to initiate an
appropriate incident response.
Question 109:
A penetration tester is testing a power plant's network and needs to avoid disruption to the grid. Which of the following methods is most appropriate to identify vulnerabilities in the network?
A. Configure a network scanner engine and execute the scan.
B. Execute a testing framework to validate vulnerabilities on the devices.
C. Configure a port mirror and review the network traffic.
D. Run a network mapper tool to get an understanding of the devices.
Correct Answer: C
When testing a power plant's network and needing to avoid disruption to the grid, configuring a port mirror and reviewing the network traffic is the most appropriate method to identify vulnerabilities without causing disruptions.
Port Mirroring:
Avoiding Disruption:
Other Options:
Pentest References:
Passive Monitoring: Passive techniques such as port mirroring are essential in environments where maintaining operational integrity is critical. Critical Infrastructure Security: Understanding the need for non-disruptive methods in critical
infrastructure penetration testing to ensure continuous operations. By configuring a port mirror and reviewing network traffic, the penetration tester can identify vulnerabilities in the power plant's network without risking disruption to the grid.
Question 110:
During an assessment, a penetration tester runs the following command: setspn.exe -Q /
Which of the following attacks is the penetration tester preparing for?
A. LDAP injection
B. Pass-the-hash
C. Kerberoasting
D. Dictionary
Correct Answer: C
Kerberoasting is an attack that involves requesting service tickets for service accounts from a Kerberos service, extracting the service tickets, and attempting to crack them offline to retrieve the plaintext passwords.
Understanding Kerberoasting:
Command Breakdown:
Kerberoasting Steps:
References from Pentesting Literature:
Step-by-Step ExplanationReferences:
Penetration Testing - A Hands-on Introduction to Hacking HTB Official Writeups
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PT0-003 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.