CompTIA CompTIA Certifications PT0-003 Questions & Answers

• Question 31:

  A penetration tester is taking screen captures of hashes obtained from a domain controller. Which of the following best explains why the penetration tester should immediately obscure portions of the images before saving?

  A. To maintain confidentiality of data/information

  B. To avoid disclosure of how the hashes were obtained

  C. To make the hashes appear shorter and easier to crack

  D. To prevent analysis based on the type of hash

  Correct Answer: A

  When a penetration tester captures screen images that include hashes from a domain controller, obscuring parts of these images before saving is crucial to maintain the confidentiality of sensitive data. Hashes can be considered sensitive information as they represent a form of digital identity for users within an organization. Revealing these hashes in full could lead to unauthorized access if the hashes were to be cracked or otherwise misused by malicious actors. By partially obscuring the images, the penetration tester ensures that the data remains confidential and reduces the risk of compromising user accounts and the integrity of the organization's security posture.

• Question 32:

  A penetration tester is performing an assessment for an organization and must gather valid user credentials. Which of the following attacks would be best for the tester to use to achieve this objective?

  A. Wardriving

  B. Captive portal

  C. Deauthentication

  D. Impersonation

  Correct Answer: D

  Impersonation attacks involve the penetration tester assuming the identity of a valid user to gain unauthorized access to systems or information. This method is particularly effective for gathering valid user credentials, as it can involve tactics such as phishing, social engineering, or exploiting weak authentication processes. The other options, such as Wardriving, Captive portal, and Deauthentication, are more focused on wireless network vulnerabilities and are less direct in obtaining user credentials.

• Question 33:

  A penetration tester is performing a vulnerability scan on a large ATM network. One of the organization's requirements is that the scan does not affect legitimate clients' usage of the ATMs. Which of the following should the tester do to best meet the company's vulnerability scan requirements?

  A. Use Nmap's -T2 switch to run a slower scan and with less resources.

  B. Run the scans using multiple machines.

  C. Run the scans only during lunch hours.

  D. Use Nmap's -host-timeout switch to skip unresponsive targets.

  Correct Answer: A

• Question 34:

  Which of the following tools would be best to use to conceal data in various kinds of image files?

  A. Kismet

  B. Snow

  C. Responder

  D. Metasploit

  Correct Answer: B

  Snow is a tool designed for steganography, which is the practice of concealing messages or information within other non-secret text or data. In this context, Snow is specifically used to hide data within whitespace of text files, which can include the whitespace areas of images saved in formats that support text descriptions or metadata, such as certain PNG or JPEG files. While the other tools listed (Kismet, Responder, Metasploit) are powerful in their respective areas (network sniffing, LLMNR/NBT-NS poisoning, and exploitation framework), they do not offer functionality related to data concealment in image files or steganography.

• Question 35:

  Which of the following describes a globally accessible knowledge base of adversary tactics and techniques based on real-world observations?

  A. OWASP Top 10

  B. MITRE ATTandCK

  C. Cyber Kill Chain

  D. Well-Architected Framework

  Correct Answer: B

• Question 36:

  A security engineer is trying to bypass a network IPS that isolates the source when the scan exceeds 100 packets per minute. The scope of the scan is to identify web servers in the 10.0.0.0/16 subnet.

  Which of the following commands should the engineer use to achieve the objective in the least amount of time?

  A. nmap -T3 -p 80 10.0.0.0/16 -- max-hostgroup 100

  B. nmap -TO -p 80 10.0.0.0/16

  C. nmap -T4 -p 80 10.0.0.0/16 -- max-rate 60

  D. nmap -T5 -p 80 10.0.0.0/16 -- min-rate 80

  Correct Answer: C

  The nmap -T4 -p 80 10.0.0.0/16 -- max-rate 60 command is used to scan the 10.0.0.0/16 subnet for web servers (port 80) at a maximum rate of 60 packets per minute. The -T4 option sets the timing template to "aggressive", which speeds up the scan. The -- max-rate option limits the number of packets sent per second, helping to bypass the network IPS that isolates the source when the scan exceeds 100 packets per minute12.

• Question 37:

  Which of the following compliance requirements would be BEST suited in an environment that processes credit card data?

  A. PCI DSS

  B. ISO 27001

  C. SOX

  D. GDPR

  Correct Answer: A

• Question 38:

  During a test of a custom-built web application, a penetration tester identifies several vulnerabilities. Which of the following would be the most interested in the steps to reproduce these vulnerabilities?

  A. Operations staff

  B. Developers

  C. Third-party stakeholders

  D. C-suite executives

  Correct Answer: B

  The developers would be the most interested in the steps to reproduce the web application vulnerabilities, because they are responsible for fixing the code and implementing security best practices. The steps to reproduce the vulnerabilities would help them understand the root cause of the problem, test the patches, and prevent similar issues in the future. The other options are less interested in the technical details of the vulnerabilities, as they have different roles and responsibilities. The operations staff are more concerned with the availability and performance of the web application, the third-party stakeholders are more interested in the business impact and risk assessment of the vulnerabilities, and the C-suite executives are more focused on the strategic and financial implications of the vulnerabilities123.

• Question 39:

  A company obtained permission for a vulnerability scan from its cloud service provider and now wants to test the security of its hosted data.

  Which of the following should the tester verify FIRST to assess this risk?

  A. Whether sensitive client data is publicly accessible

  B. Whether the connection between the cloud and the client is secure

  C. Whether the client's employees are trained properly to use the platform

  D. Whether the cloud applications were developed using a secure SDLC

  Correct Answer: A

• Question 40:

  A penetration tester discovered that a client uses cloud mail as the company's email system. During the penetration test, the tester set up a fake cloud mail login page and sent all company employees an email that stated their inboxes were

  full and directed them to the fake login page to remedy the issue.

  Which of the following BEST describes this attack?

  A. Credential harvesting

  B. Privilege escalation

  C. Password spraying

  D. Domain record abuse

  Correct Answer: A

  Credential harvesting is a type of attack that aims to collect usernames and passwords from unsuspecting users by tricking them into entering their credentials on a fake or spoofed website. Credential harvesting can be done by using phishing emails that lure users to click on malicious links or attachments that redirect them to the fake website. The fake website may look identical or similar to the legitimate one, but it will capture and store the user's credentials for later use by the attacker. In this case, the penetration tester set up a fake cloud mail login page and sent phishing emails to all company employees to harvest their credentials.