CompTIA CompTIA Certifications PT0-003 Questions & Answers

• Question 131:

  A penetration tester is working on an engagement in which a main objective is to collect confidential information that could be used to exfiltrate data and perform a ransomware attack. During the engagement, the tester is able to obtain an internal foothold on the target network. Which of the following is the next task the tester should complete to accomplish the objective?

  A. Initiate a social engineering campaign.

  B. Perform credential dumping.

  C. Compromise an endpoint.

  D. Share enumeration.

  Correct Answer: D

  Given that the penetration tester has already obtained an internal foothold on the target network, the next logical step to achieve the objective of collecting confidential information and potentially exfiltrating data or performing a ransomware

  attack is to perform credential dumping. Here's why:

  Credential Dumping:

  Comparison with Other Options:

  Performing credential dumping is the most effective next step to escalate privileges and access sensitive data, making it the best choice.

• Question 132:

  Which of the following OT protocols sends information in cleartext?

  A. TTEthernet

  B. DNP3

  C. Modbus

  D. PROFINET

  Correct Answer: C

  Operational Technology (OT) protocols are used in industrial control systems (ICS) to manage and automate physical processes. Here's an analysis of each protocol regarding whether it sends information in cleartext:

  TTEthernet (Option A):

  DNP3 (Option B):

  Modbus (Answer: C):

  PROFINET (Option D):

  Conclusion: Modbus is the protocol that most commonly sends information in cleartext, making it vulnerable to eavesdropping and interception.

• Question 133:

  A penetration tester needs to launch an Nmap scan to find the state of the port for both TCP and UDP services. Which of the following commands should the tester use?

  A. nmap -sU -sW -p 1-65535 example.com

  B. nmap -sU -sY -p 1-65535 example.com

  C. nmap -sU -sT -p 1-65535 example.com

  D. nmap -sU -sN -p 1-65535 example.com

  Correct Answer: C

  To find the state of both TCP and UDP ports using Nmap, the appropriate command should combine both TCP and UDP scan options:

  Understanding the Options:

  Command Explanation:

  Comparison with Other Options:

• Question 134:

  A penetration tester performs a service enumeration process and receives the following result after scanning a server using the Nmap tool: PORT STATE SERVICE

  22/tcp open ssh 25/tcp filtered smtp

  111/tcp open rpcbind

  2049/tcp open nfs

  Based on the output, which of the following services provides the best target for launching an attack?

  A. Database

  B. Remote access

  C. Email

  D. File sharing

  Correct Answer: D

  Based on the Nmap scan results, the services identified on the target server are as follows:

  22/tcp open ssh:

  25/tcp filtered smtp:

  111/tcp open rpcbind:

  2049/tcp open nfs:

  Conclusion: The NFS service (2049/tcp) provides the best target for launching an attack. File sharing services like NFS often contain sensitive data and can be vulnerable to misconfigurations that allow unauthorized access or privilege

  escalation.

• Question 135:

  A penetration tester wants to check the security awareness of specific workers in the company with targeted attacks. Which of the following attacks should the penetration tester perform?

  A. Phishing

  B. Tailgating

  C. Whaling

  D. Spear phishing

  Correct Answer: D

  Spear phishing is a targeted email attack aimed at specific individuals within an organization. Unlike general phishing, spear phishing is personalized and often involves extensive reconnaissance to increase the likelihood of success.

  Understanding Spear Phishing:

  Purpose:

  Process:

  References from Pentesting Literature:

  Step-by-Step ExplanationReferences:

  Penetration Testing - A Hands-on Introduction to Hacking HTB Official Writeups

• Question 136:

  During a penetration testing engagement, a tester targets the internet-facing services used by the client. Which of the following describes the type of assessment that should be considered in this scope of work?

  A. Segmentation

  B. Mobile

  C. External

  D. Web

  Correct Answer: C

  An external assessment focuses on testing the security of internet-facing services. Here's why option C is correct:

  External Assessment: It involves evaluating the security posture of services exposed to the internet, such as web servers, mail servers, and other public-facing infrastructure. The goal is to identify vulnerabilities that could be exploited by

  attackers from outside the organization's network. Segmentation: This type of assessment focuses on ensuring that different parts of a network are appropriately segmented to limit the spread of attacks. It's more relevant to internal network

  architecture.

  Mobile: This assessment targets mobile applications and devices, not general internet-facing services.

  Web: While web assessments focus on web applications, the scope of an external assessment is broader and includes all types of internet-facing services.

  References from Pentest:

  Horizontall HTB: Highlights the importance of assessing external services to identify vulnerabilities that could be exploited from outside the network. Luke HTB: Demonstrates the process of evaluating public-facing services to ensure their

  security.

  Conclusion:

  Option C, External, is the most appropriate type of assessment for targeting internet-facing services used by the client.

• Question 137:

  During a security audit, a penetration tester wants to run a process to gather information about a target network's domain structure and associated IP addresses. Which of the following tools should the tester use?

  A. Dnsenum

  B. Nmap

  C. Netcat

  D. Wireshark

  Correct Answer: A

  Dnsenum is a tool specifically designed to gather information about DNS, including domain structure and associated IP addresses. Here's why option A is correct:

  Dnsenum: This tool is used for DNS enumeration and can gather information about a domain's DNS records, subdomains, IP addresses, and other related information. It is highly effective for mapping out a target network's domain structure.

  Nmap: While a versatile network scanning tool, Nmap is more focused on port scanning and service detection rather than detailed DNS enumeration. Netcat: This is a network utility for reading and writing data across network connections, not

  for DNS enumeration.

  Wireshark: This is a network protocol analyzer used for capturing and analyzing network traffic but not specifically for gathering DNS information.

  References from Pentest:

  Anubis HTB: Shows the importance of using DNS enumeration tools like Dnsenum to gather detailed information about the target's domain structure. Forge HTB: Demonstrates the process of using specialized tools to collect DNS and IP

  information efficiently.

• Question 138:

  During an assessment, a penetration tester wants to extend the vulnerability search to include the use of dynamic testing. Which of the following tools should the tester use?

  A. Mimikatz

  B. ZAP

  C. OllyDbg

  D. SonarQube

  Correct Answer: B

  Dynamic Application Security Testing (DAST):

  ZAP (Zed Attack Proxy):

  Other Tools:

  Pentest References:

  Web Application Security Testing: Utilizing DAST tools like ZAP to dynamically test and find vulnerabilities in running web applications. OWASP Tools: Leveraging open-source tools recommended by OWASP for comprehensive security

  testing.

  By using ZAP, the penetration tester can perform dynamic testing to identify runtime vulnerabilities in web applications, extending the scope of the vulnerability search.

• Question 139:

  A penetration tester needs to help create a threat model of a custom application. Which of the following is the most likely framework the tester will use?

  A. MITRE ATTandCK

  B. OSSTMM

  C. CI/CD

  D. DREAD

  Correct Answer: D

  The DREAD model is a risk assessment framework used to evaluate and prioritize the security risks of an application. It stands for Damage potential, Reproducibility, Exploitability, Affected users, and Discoverability.

  Understanding DREAD:

  Usage in Threat Modeling:

  Process:

  References from Pentesting Literature:

  Step-by-Step ExplanationReferences:

  Penetration Testing - A Hands-on Introduction to Hacking HTB Official Writeups

• Question 140:

  During the reconnaissance phase, a penetration tester collected the following information from the DNS records:

  A-----> www

  A-----> host

  TXT --> vpn.comptia.org

  SPF---> ip =2.2.2.2

  Which of the following DNS records should be in place to avoid phishing attacks using spoofing domain techniques?

  A. MX

  B. SOA

  C. DMARC

  D. CNAME

  Correct Answer: C

  DMARC (Domain-based Message Authentication, Reporting and Conformance) is an email authentication protocol that helps prevent email spoofing and phishing. It builds on SPF (Sender Policy Framework) and DKIM (DomainKeys Identified

  Mail) to provide a mechanism for email senders and receivers to improve and monitor the protection of the domain from fraudulent email.

  Understanding DMARC:

  Implementing DMARC:

  Benefits of DMARC:

  DMARC Record Components:

  Real-World Example:

  References from Pentesting Literature:

  Step-by-Step ExplanationReferences:

  Penetration Testing - A Hands-on Introduction to Hacking HTB Official Writeups