CompTIA CompTIA Certifications PT0-003 Questions & Answers

• Question 61:

  A penetration tester performs the following command:

  curl -l -http2 https://www.comptia.org

  Which of the following snippets of output will the tester MOST likely receive?

  

  A. Option A

  B. Option B

  C. Option C

  D. Option D

  Correct Answer: A

  Reference: https://research.securitum.com/http-2-protocol-it-is-faster-but-is-it-also-safer/

• Question 62:

  PCI DSS requires which of the following as part of the penetration-testing process?

  A. The penetration tester must have cybersecurity certifications.

  B. The network must be segmented.

  C. Only externally facing systems should be tested.

  D. The assessment must be performed during non-working hours.

  Correct Answer: B

• Question 63:

  A penetration tester has been hired to examine a website for flaws. During one of the time windows for testing, a network engineer notices a flood of GET requests to the web server, reducing the website's response time by 80%. The network

  engineer contacts the penetration tester to determine if these GET requests are part of the test.

  Which of the following BEST describes the purpose of checking with the penetration tester?

  A. Situational awareness

  B. Rescheduling

  C. DDoS defense

  D. Deconfliction

  Correct Answer: D

  https://redteam.guide/docs/definitions/ Deconfliction is the process of coordinating activities and communicating information to avoid interference, confusion, or conflict among different parties involved in an operation. The network engineer contacted the penetration tester to check if the GET requests were part of the test, and to avoid any potential misunderstanding or disruption of the test or the website. The other options are not related to the purpose of checking with the penetration tester.

• Question 64:

  A penetration tester is performing an assessment against a customer's web application that is hosted in a major cloud provider's environment. The penetration tester observes that the majority of the attacks attempted are being blocked by the

  organization's WAF.

  Which of the following attacks would be most likely to succeed?

  A. Reflected XSS

  B. Brute-force

  C. DDoS

  D. Direct-to-origin

  Correct Answer: D

• Question 65:

  During passive reconnaissance of a target organization's infrastructure, a penetration tester wants to identify key contacts and job responsibilities within the company. Which of the following techniques would be the most effective for this situation?

  A. Social media scraping

  B. Website archive and caching

  C. DNS lookup

  D. File metadata analysis

  Correct Answer: A

  Social media scraping involves collecting information from social media platforms where employees might share their roles, responsibilities, and professional affiliations. This method can reveal detailed insights into the organizational structure, key personnel, and specific job functions within the target organization, making it an invaluable tool for understanding the company's internal landscape without alerting the target to the reconnaissance activities.

• Question 66:

  A penetration tester identified numerous flaws that could lead to unauthorized modification of critical data.

  Which of the following would be best for the penetration tester to recommend?

  A. Flat access

  B. Role-based access control

  C. Permission-based access control

  D. Group-based control model

  Correct Answer: B

  RBAC is best for preventing unauthorized modification by assigning permissions to roles rather than individuals, ensuring that only authorized users can access critical data based on their role within the organization.

• Question 67:

  A penetration tester is testing a new version of a mobile application in a sandbox environment. To intercept and decrypt the traffic between the application and the external API, the tester has created a private root CA and issued a certificate

  from it. Even though the tester installed the root CA into the trusted stone of the smartphone used for the tests, the application shows an error indicating a certificate mismatch and does not connect to the server.

  Which of the following is the MOST likely reason for the error?

  A. TCP port 443 is not open on the firewall

  B. The API server is using SSL instead of TLS

  C. The tester is using an outdated version of the application

  D. The application has the API certificate pinned.

  Correct Answer: D

  This is the most likely reason for the error because the application is unable to validate the certificate issued by the tester's private root CA. Certificate pinning is a process where an application compares the certificate presented by the server with a predefined set of certificates and only accepts connections if the presented certificate is one of the predefined certificates. This means that the application will reject any certificate that is not in the predefined set, even if it is valid.

• Question 68:

  A company hired a penetration-testing team to review the cyber-physical systems in a manufacturing plant. The team immediately discovered the supervisory systems and PLCs are both connected to the company intranet. Which of the following assumptions, if made by the penetration-testing team, is MOST likely to be valid?

  A. PLCs will not act upon commands injected over the network.

  B. Supervisors and controllers are on a separate virtual network by default.

  C. Controllers will not validate the origin of commands.

  D. Supervisory systems will detect a malicious injection of code/commands.

  Correct Answer: C

  PLCs are programmable logic controllers that execute logic operations on input signals from sensors and output signals to actuators. They are often connected to supervisory systems that provide human-machine interfaces and data acquisition functions. If both systems are connected to the company intranet, they are exposed to potential attacks from internal or external adversaries. A valid assumption is that controllers will not validate the origin of commands, meaning that an attacker can send malicious commands to manipulate or sabotage the industrial process. The other assumptions are not valid because they contradict the facts or common practices.

• Question 69:

  Which of the following tools would be MOST useful in collecting vendor and other security- relevant information for IoT devices to support passive reconnaissance?

  A. Shodan

  B. Nmap

  C. WebScarab-NG

  D. Nessus

  Correct Answer: B

• Question 70:

  A tester who is performing a penetration test discovers an older firewall that is known to have serious vulnerabilities to remote attacks but is not part of the original list of IP addresses for the engagement. Which of the following is the BEST option for the tester to take?

  A. Segment the firewall from the cloud.

  B. Scan the firewall for vulnerabilities.

  C. Notify the client about the firewall.

  D. Apply patches to the firewall.

  Correct Answer: C

  The best option for the tester to take is to notify the client about the firewall. The firewall is not part of the original list of IP addresses for the engagement, which means it is out of scope and should not be tested without permission. The tester should inform the client about the existence and potential risks of the firewall, and ask if they want to include it in the scope or not.