Free Preparation Discussions
MENU
CompTIA PT0-003 Exam Questions
- Topic 1: Engagement Management: In this topic, cybersecurity analysts learn about pre-engagement activities, collaboration, and communication in a penetration testing environment. The topic covers testing frameworks, methodologies, and penetration test reports. It also explains how to analyze findings and recommend remediation effectively within reports, crucial for real-world testing scenarios.
- Topic 2: Reconnaissance and Enumeration: This topic focuses on applying information gathering and enumeration techniques. Cybersecurity analysts will learn how to modify scripts for reconnaissance and enumeration purposes. They will also understand which tools to use for these stages, essential for gathering crucial information before performing deeper penetration tests.
- Topic 3: Vulnerability Discovery and Analysis: In this section, cybersecurity analysts will learn various techniques to discover vulnerabilities. Analysts will also analyze data from reconnaissance, scanning, and enumeration phases to identify threats. Additionally, it covers physical security concepts, enabling analysts to understand security gaps beyond just the digital landscape.
- Topic 4: Attacks and Exploits: This extensive topic trains cybersecurity analysts to analyze data and prioritize attacks. Analysts will learn how to conduct network, authentication, host-based, web application, cloud, wireless, and social engineering attacks using appropriate tools. Understanding specialized systems and automating attacks with scripting will also be emphasized.
- Topic 5: Post-exploitation and Lateral Movement: Cybersecurity analysts will gain skills in establishing and maintaining persistence within a system. This topic also covers lateral movement within an environment and introduces concepts of staging and exfiltration. Lastly, it highlights cleanup and restoration activities, ensuring analysts understand the post-exploitation phase’s responsibilities.
Free CompTIA PT0-003 Exam Actual Questions
Note: Premium Questions for PT0-003 were last updated On Apr. 24, 2025 (see below)
[Information Gathering and Vulnerability Scanning]
A penetration tester performs a service enumeration process and receives the following result after scanning a server using the Nmap tool:
PORT STATE SERVICE
22/tcp open ssh
25/tcp filtered smtp
111/tcp open rpcbind
2049/tcp open nfs
Based on the output, which of the following services provides the best target for launching an attack?
Based on the Nmap scan results, the services identified on the target server are as follows:
22/tcp open ssh:
Service: SSH (Secure Shell)
Function: Provides encrypted remote access.
Attack Surface: Brute force attacks or exploiting vulnerabilities in outdated SSH implementations. However, it is generally considered secure if properly configured.
25/tcp filtered smtp:
Service: SMTP (Simple Mail Transfer Protocol)
Function: Email transmission.
Attack Surface: Potential for email-related attacks such as spoofing, but the port is filtered, indicating that access may be restricted or protected by a firewall.
111/tcp open rpcbind:
Service: RPCBind (Remote Procedure Call Bind)
Function: Helps in mapping RPC program numbers to network addresses.
Attack Surface: Can be exploited in specific configurations, but generally not a primary target compared to others.
2049/tcp open nfs:
Service: NFS (Network File System)
Function: Allows for file sharing over a network.
Attack Surface: NFS can be a significant target for attacks due to potential misconfigurations that can allow unauthorized access to file shares or exploitation of vulnerabilities in NFS services.
Conclusion: The NFS service (2049/tcp) provides the best target for launching an attack. File sharing services like NFS often contain sensitive data and can be vulnerable to misconfigurations that allow unauthorized access or privilege escalation.
A penetration tester completes a scan and sees the following output on a host:
bash
Copy code
Nmap scan report for victim (10.10.10.10)
Host is up (0.0001s latency)
PORT STATE SERVICE
161/udp open|filtered snmp
445/tcp open microsoft-ds
3389/tcp open microsoft-ds
Running Microsoft Windows 7
OS CPE: cpe:/o:microsoft:windows_7_sp0
The tester wants to obtain shell access. Which of the following related exploits should the tester try first?
The ms17_010_eternalblue exploit is the most appropriate choice based on the scenario.
Why MS17-010 EternalBlue?
EternalBlue is a critical vulnerability in SMBv1 (port 445) affecting older versions of Windows, including Windows 7.
The exploit can be used to execute arbitrary code remotely, providing shell access to the target system.
Other Options:
A (psexec): This exploit is a post-exploitation tool that requires valid credentials to execute commands remotely.
B (ms08_067_netapi): A vulnerability targeting older Windows systems (e.g., Windows XP). It is unlikely to work on Windows 7.
D (snmp_login): This is an auxiliary module for enumerating SNMP, not gaining shell access.
CompTIA Pentest+ Reference:
Domain 2.0 (Information Gathering and Vulnerability Identification)
Domain 3.0 (Attacks and Exploits)
A penetration tester is trying to get unauthorized access to a web application and executes the following command:
GET /foo/images/file?id=2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd
Which of the following web application attacks is the tester performing?
The attacker is attempting to access restricted files by navigating directories beyond their intended scope.
Directory Traversal (Option C):
The request uses encoded '../' sequences (%2e%2e%2f = ../) to move up directories and access /etc/passwd.
This is a classic directory traversal attack aimed at accessing system files.
Incorrect options:
Option A (Insecure Direct Object Reference - IDOR): IDOR exploits direct access to objects (e.g., changing user_id=123 to user_id=456), not directory navigation.
Option B (CSRF): CSRF forces users to execute unwanted actions, unrelated to directory access.
A penetration tester successfully clones a source code repository and then runs the following command:
find . -type f -exec egrep -i "token|key|login" {} \;
Which of the following is the penetration tester conducting?
Penetration testers search for hardcoded credentials, API keys, and authentication tokens in source code repositories to identify secrets leakage.
Secrets scanning (Option B):
The find and egrep command scans all files recursively for sensitive keywords like 'token,' 'key,' and 'login'.
Attackers use tools like TruffleHog and GitLeaks to automate secret discovery.
Incorrect options:
Option A (Data tokenization): Tokenization replaces sensitive data with unique tokens, not scanning for credentials.
Option C (Password spraying): Tries common passwords across multiple accounts, unrelated to scanning source code.
Which of the following activities should be performed to prevent uploaded web shells from being exploited by others?
Secure Data Destruction:
Securely deleting the web shell ensures it cannot be accessed or exploited by attackers in the future.
This involves removing the malicious file and overwriting the space it occupied to prevent recovery.
Why Not Other Options?
A (Remove persistence mechanisms): While helpful in maintaining security, this doesn't address the immediate threat of the web shell.
B (Spin down infrastructure): This could disrupt operations and doesn't directly mitigate the web shell issue.
C (Preserve artifacts): While necessary for forensic analysis, it does not prevent further exploitation of the web shell.
CompTIA Pentest+ Reference:
Domain 3.0 (Attacks and Exploits)
- Select Question Types you want
- Set your Desired Pass Percentage
- Allocate Time (Hours : Minutes)
- Create Multiple Practice tests with Limited Questions
- Customer Support
Daren
8 days agoFrederick
14 days agoSunshine
22 days agoBoris
1 months agoMelita
2 months agoNieves
2 months agoVeronica
2 months agoJosefa
2 months agoOmer
3 months agoWillow
3 months agoYoulanda
3 months agoNorah
4 months agoAngelica
4 months agoKattie
4 months agoQueen
4 months agoJannette
4 months agoVirgina
5 months agoTheola
5 months agoYuki
5 months agoElmer
5 months agoCatarina
5 months agoCheryl
6 months agoViva
6 months agoMalcolm
6 months agoHelga
6 months agoGlory
6 months agoMee
7 months agoMaxima
7 months agoDacia
7 months agoNoah
7 months agoAlexia
7 months agoTracie
8 months agoJade
8 months agoDwight
8 months ago