CompTIA CompTIA Certifications PT0-003 Questions & Answers

• Question 11:

  In the process of active service enumeration, a penetration tester identifies an SMTP daemon running on one of the target company's servers. Which of the following actions would BEST enable the tester to perform phishing in a later stage of the assessment?

  A. Test for RFC-defined protocol conformance.

  B. Attempt to brute force authentication to the service.

  C. Perform a reverse DNS query and match to the service banner.

  D. Check for an open relay configuration.

  Correct Answer: D

  SMTP is a protocol associated with mail servers. Therefore, for a penetration tester, an open relay configuration can be exploited to launch phishing attacks.

• Question 12:

  A security analyst is conducting an unknown environment test from 192.168 3.3. The analyst wants to limit observation of the penetration tester's activities and lower the probability of detection by intrusion protection and detection systems. Which of the following Nmap commands should the analyst use to achieve This objective?

  A. Nmap

  Correct Answer: D

  To limit observation of the penetration tester's activities and lower the probability of detection by intrusion protection and detection systems, the security analyst should use the Nmap -D 10.5.2.2 192.168.3.3 command 1. The -D option is used to conceal the identity of the attacker by using decoy IP addresses. This option can be used to confuse the IDS/IPS and lower the probability of detection 1. References: 1: CompTIA. (2021). CompTIA PenTest+ Certification Exam Objectives. Retrieved from https://www.comptia.org/content/dam/comptia/documents/certifications/Exam%20Objective s/CompTIA-PenTest%2B%20Exam%20Objectives%20PT0-002.pdf

• Question 13:

  Which of the following provides a matrix of common tactics and techniques used by attackers along with recommended mitigations?

  A. NIST SP 800-53

  B. OWASP Top 10

  C. MITRE ATTandCK framework

  D. PTES technical guidelines

  Correct Answer: C

  Reference: https://digitalguardian.com/blog/what-mitre-attck-framework

• Question 14:

  A client evaluating a penetration testing company requests examples of its work.

  Which of the following represents the BEST course of action for the penetration testers?

  A. Redact identifying information and provide a previous customer's documentation.

  B. Allow the client to only view the information while in secure spaces.

  C. Determine which reports are no longer under a period of confidentiality.

  D. Provide raw output from penetration testing tools.

  Correct Answer: C

  Penetration testing reports contain sensitive information about the vulnerabilities and risks of a customer's systems and networks. Therefore, penetration testers should respect the confidentiality and privacy of their customers and only share their reports with authorized parties. Penetration testers should also follow the terms and conditions of their contracts with their customers, which may include a period of confidentiality that prohibits them from disclosing any information related to the testing without the customer's consent.

• Question 15:

  A client wants a security assessment company to perform a penetration test against its hot site. The purpose of the test is to determine the effectiveness of the defenses that protect against disruptions to business continuity. Which of the following is the MOST important action to take before starting this type of assessment?

  A. Ensure the client has signed the SOW.

  B. Verify the client has granted network access to the hot site.

  C. Determine if the failover environment relies on resources not owned by the client.

  D. Establish communication and escalation procedures with the client.

  Correct Answer: A

  The statement of work (SOW) is a document that defines the scope, objectives, deliverables, and timeline of a penetration testing engagement. It is important to have the client sign the SOW before starting the assessment to avoid any legal or contractual issues.

• Question 16:

  Which of the following provides an exploitation suite with payload modules that cover the broadest range of target system types?

  A. Nessus

  B. Metasploit

  C. Burp Suite

  D. Ethercap

  Correct Answer: B

• Question 17:

  A penetration tester has gained access to the Chief Executive Officer's (CEO's) internal, corporate email. The next objective is to gain access to the network.

  Which of the following methods will MOST likely work?

  A. Try to obtain the private key used for S/MIME from the CEO's account.

  B. Send an email from the CEO's account, requesting a new account.

  C. Move laterally from the mail server to the domain controller.

  D. Attempt to escalate privileges on the mail server to gain root access.

  Correct Answer: D

• Question 18:

  A penetration tester is contracted to attack an oil rig network to look for vulnerabilities. While conducting the assessment, the support organization of the rig reported issues connecting to corporate applications and upstream services for data acquisitions. Which of the following is the MOST likely culprit?

  A. Patch installations

  B. Successful exploits

  C. Application failures

  D. Bandwidth limitations

  Correct Answer: B

  Successful exploits could cause network disruptions, service outages, or data corruption, which could affect the connectivity and functionality of the oil rig network. Patch installations, application failures, and bandwidth limitations are less likely to be related to the penetration testing activities.

• Question 19:

  A penetration tester was able to gain access successfully to a Windows workstation on a mobile client's laptop. Which of the following can be used to ensure the tester is able to maintain access to the system?

  A. schtasks /create /sc /ONSTART /tr C:\Temp\WindowsUpdate.exe

  B. wmic startup get caption,command

  C. crontab

  Correct Answer: A

• Question 20:

  A security analyst needs to perform an on-path attack on BLE smart devices. Which of the following tools would be BEST suited to accomplish this task?

  A. Wireshark

  B. Gattacker C. tcpdump

  D. Netcat

  Correct Answer: B

  The best tool for performing an on-path attack on BLE smart devices is Gattacker. Gattacker is a Bluetooth Low Energy (BLE) pentesting and fuzzing framework specifically designed for on-path attacks. It allows security analysts to perform a variety of tasks, including man-in-the-middle attacks, passive and active scans, fuzzing of BLE services, and more. Gattacker also provides an interactive command-line interface that makes it easy to interact with the target BLE device and execute various commands.