CompTIA PenTest+ - PT0-003 Free Exam Questions

QUESTION NO: 1
A penetration tester wants to use multiple TTPs to assess the reactions (alerted, blocked, and others) by the client's current security tools. The threat-modeling team indicates the TTPs in the list might affect their internal systems and servers. Which of the following actions would the tester most likely take?

Correct Answer: A Vote an answer
Explanation: Only visible for Actual4test members. You can sign-up / login (it's free).
QUESTION NO: 2
A penetration tester reviews a SAST vulnerability scan report. The following lines of code have been reported as vulnerable:
Issue 40 of 126
Language: Java
Severity: Medium
Call:
try {
// ...
} catch (SomeException e) {
e.printStackTrace();
}
Which of the following is the best method to remediate this vulnerability?

Correct Answer: B Vote an answer
Explanation: Only visible for Actual4test members. You can sign-up / login (it's free).
QUESTION NO: 3
A penetration tester needs to use the native binaries on a system in order to download a file from the internet and evade detection. Which of the following tools would the tester most likely use?

Correct Answer: B Vote an answer
Explanation: Only visible for Actual4test members. You can sign-up / login (it's free).
QUESTION NO: 4
A penetration tester conducts a web application assessment and receives the following Set-Cookie upon logging in:
Set-Cookie auth=UGVudGVzdFVzZXI6OTE1MzYK
Upon analysis, the penetration tester determines this is a Base64-encoded string, which when decoded reads:
Pentestuser:91536
The penetration tester logs out, logs back in, and sees the decoded string now reads:
Pentestuser:91944
Which of the following attacks will the penetration tester most likely conduct based on this information?

Correct Answer: C Vote an answer
Explanation: Only visible for Actual4test members. You can sign-up / login (it's free).
QUESTION NO: 5
A client warns the assessment team that an ICS application is maintained by the manufacturer. Any tampering of the host could void the enterprise support terms of use. Which of the following techniques would be most effective to validate whether the application encrypts communications in transit?

Correct Answer: A Vote an answer
Explanation: Only visible for Actual4test members. You can sign-up / login (it's free).
QUESTION NO: 6
A penetration testing team needs to determine whether it is possible to disrupt the wireless communications for PCs deployed in the client ' s offices. Which of the following techniques should the penetration tester leverage?

Correct Answer: B Vote an answer
Explanation: Only visible for Actual4test members. You can sign-up / login (it's free).
QUESTION NO: 7
A penetration tester currently conducts phishing reconnaissance using various tools and accounts for multiple intelligence-gathering platforms. The tester wants to consolidate some of the tools and accounts into one solution to analyze the output from the intelligence-gathering tools. Which of the following is the best tool for the penetration tester to use?

Correct Answer: D Vote an answer
Explanation: Only visible for Actual4test members. You can sign-up / login (it's free).
QUESTION NO: 8
During a security assessment, a penetration tester uses a tool to capture plaintext log-in credentials on the communication between a user and an authentication system. The tester wants to use this information for further unauthorized access. Which of the following tools is the tester using?

Correct Answer: C Vote an answer
Explanation: Only visible for Actual4test members. You can sign-up / login (it's free).
QUESTION NO: 9
A penetration tester finished a security scan and uncovered numerous vulnerabilities on several hosts. Based on the targets ' EPSS and CVSS scores, which of the following targets is the most likely to get attacked?

Correct Answer: B Vote an answer
Explanation: Only visible for Actual4test members. You can sign-up / login (it's free).
QUESTION NO: 10
While conducting OSINT, a penetration tester discovers the client ' s administrator posted part of an unsanitized firewall configuration to a troubleshooting message board. Which of the following did the penetration tester most likely use?

Correct Answer: B Vote an answer
Explanation: Only visible for Actual4test members. You can sign-up / login (it's free).
QUESTION NO: 11
During an assessment, a penetration tester wants to extend the vulnerability search to include the use of dynamic testing. Which of the following tools should the tester use?

Correct Answer: D Vote an answer
Explanation: Only visible for Actual4test members. You can sign-up / login (it's free).
QUESTION NO: 12
A penetration tester has been asked to conduct a blind web application test against a customer ' s corporate website. Which of the following tools would be best suited to perform this assessment?

Correct Answer: C Vote an answer
Explanation: Only visible for Actual4test members. You can sign-up / login (it's free).

QUALITY AND VALUE

Actual4test Practice Exams are written to the highest standards of technical accuracy, using only certified subject matter experts and published authors for development - no all study materials.

Tested and Approved

We are committed to the process of vendor and third party approvals. We believe professionals and executives alike deserve the confidence of quality coverage these authorizations provide.

Easy to Pass

If you prepare for the exams using our Actual4test testing engine, It is easy to succeed for all certifications in the first attempt. You don't have to deal with all dumps or any free torrent / rapidshare all stuff.

Try Before Buy

Actual4test offers free demo of each product. You can check out the interface, question quality and usability of our practice exams before you decide to buy.