CompTIA CompTIA Certifications PT0-003 Questions & Answers

• Question 51:

  A penetration tester was contracted to test a proprietary application for buffer overflow vulnerabilities. Which of the following tools would be BEST suited for this task?

  A. GDB

  B. Burp Suite

  C. SearchSpliot

  D. Netcat

  Correct Answer: A

  GDB is a debugging tool that can be used to analyze and manipulate the memory of a running process, which is useful for finding and exploiting buffer overflow vulnerabilities. Burp Suite is a web application testing tool that does not directly test for buffer overflows. SearchSpliot is a database of known exploits that does not test for new vulnerabilities. Netcat is a network utility that can be used to send and receive data, but not to test for buffer overflows.

• Question 52:

  A penetration tester is testing input validation on a search form that was discovered on a website. Which of the following characters is the BEST option to test the website for vulnerabilities?

  A. Comma

  B. Double dash

  C. Single quote

  D. Semicolon

  Correct Answer: C

  A single quote (') is a common character used to test for SQL injection vulnerabilities, which occur when user input is directly passed to a database query. A single quote can terminate a string literal and allow an attacker to inject malicious SQL commands. For example, if the search form uses the query SELECT * FROM products WHERE name LIKE `%user_input%', then entering a single quote as user input would result in an error or unexpected behavior

• Question 53:

  A penetration tester ran the following command on a staging server:

  python

  Correct Answer: D

  Reference: https://www.redhat.com/sysadmin/simple-http-server

• Question 54:

  A penetration tester is working on a scoping document with a new client. The methodology the client uses includes the following:

  Pre-engagement interaction (scoping and ROE) Intelligence gathering (reconnaissance) Threat modeling Vulnerability analysis Exploitation and post exploitation Reporting

  Which of the following methodologies does the client use?

  A. OWASP Web Security Testing Guide

  B. PTES technical guidelines

  C. NIST SP 800-115

  D. OSSTMM

  Correct Answer: B

  Reference: https://kirkpatrickprice.com/blog/stages-of-penetration-testing-according-to- ptes/

• Question 55:

  Which of the following BEST describes why a client would hold a lessons-learned meeting with the penetration-testing team?

  A. To provide feedback on the report structure and recommend improvements

  B. To discuss the findings and dispute any false positives

  C. To determine any processes that failed to meet expectations during the assessment

  D. To ensure the penetration-testing team destroys all company data that was gathered during the test

  Correct Answer: C

• Question 56:

  A penetration tester is conducting an engagement against an internet-facing web application and planning a phishing campaign. Which of the following is the BEST passive method of obtaining the technical contacts for the website?

  A. WHOIS domain lookup

  B. Job listing and recruitment ads

  C. SSL certificate information

  D. Public data breach dumps

  Correct Answer: A

  The BEST passive method of obtaining the technical contacts for the website would be a WHOIS domain lookup. WHOIS is a protocol that provides information about registered domain names, such as the registration date, registrant's name and contact information, and the name servers assigned to the domain. By performing a WHOIS lookup, the penetration tester can obtain the contact information of the website's technical staff, which can be used to craft a convincing phishing email.

• Question 57:

  Which of the following is a regulatory compliance standard that focuses on user privacy by implementing the right to be forgotten?

  A. NIST SP 800-53

  B. ISO 27001

  C. GDPR

  Correct Answer: C

  GDPR is a regulatory compliance standard that focuses on user privacy by implementing the right to be forgotten. GDPR stands for General Data Protection Regulation, and it is a law that applies to the European Union and the United Kingdom. GDPR gives individuals the right to request their personal data be deleted by data controllers and processors under certain circumstances, such as when the data is no longer necessary, when the consent is withdrawn, or when the data was unlawfully processed. GDPR also imposes other obligations and rights related to data protection, such as data minimization, data portability, data breach notification, and consent management. The other options are not regulatory compliance standards that focus on user privacy by implementing the right to be forgotten. NIST SP 800-53 is a set of security and privacy controls for federal information systems and organizations in the United States. ISO 27001 is an international standard that specifies the requirements for an information security management system.

• Question 58:

  A penetration tester needs to upload the results of a port scan to a centralized security tool.

  Which of the following commands would allow the tester to save the results in an interchangeable format?

  A. nmap -iL results 192.168.0.10-100

  B. nmap 192.168.0.10-100 -O > results

  C. nmap -A 192.168.0.10-100 -oX results

  D. nmap 192.168.0.10-100 | grep "results"

  Correct Answer: C

• Question 59:

  A penetration tester has been given an assignment to attack a series of targets in the 192.168.1.0/24 range, triggering as few alarms and countermeasures as possible.

  Which of the following Nmap scan syntaxes would BEST accomplish this objective?

  A. nmap -sT -vvv -O 192.168.1.2/24 -PO

  B. nmap -sV 192.168.1.2/24 -PO

  C. nmap -sA -v -O 192.168.1.2/24

  D. nmap -sS -O 192.168.1.2/24 -T1

  Correct Answer: D

  Reference: https://nmap.org/book/man-port-scanning-techniques.html

• Question 60:

  A company requires that all hypervisors have the latest available patches installed. Which of the following would BEST explain the reason why this policy is in place?

  A. To provide protection against host OS vulnerabilities

  B. To reduce the probability of a VM escape attack

  C. To fix any misconfigurations of the hypervisor

  D. To enable all features of the hypervisor

  Correct Answer: B

  A hypervisor is a type of virtualization software that allows multiple virtual machines (VMs) to run on a single physical host machine. If the hypervisor is compromised, an attacker could potentially gain access to all of the VMs running on that host, which could lead to a significant data breach or other security issues. One common type of attack against hypervisors is known as a VM escape attack. In this type of attack, an attacker exploits a vulnerability in the hypervisor to break out of the VM and gain access to the host machine. From there, the attacker can potentially gain access to other VMs running on the same host. By ensuring that all hypervisors have the latest available patches installed, the company can reduce the likelihood that a VM escape attack will be successful. Patches often include security updates and vulnerability fixes that address known issues and can help prevent attacks.