COMPTIA-PENTEST

CompTIA's PT0-003 A penetration tester attempts to run an automated web-application scanner against a target URL. The tester validates that the web page is accessible from a different device. The tester analyzes the following HTTP request header logging output:Which of the following actions should the tester take to get the scans to work properly?

CompTIA's PT0-003 During an assessment, a penetration tester runs the following command: setspn.exe -Q */*Which of the following attacks is the penetration tester preparing for?

CompTIA's PT0-003 While conducting an assessment, a penetration tester identifies the details for several unreleased products announced at a company-wide meeting. Which of the following attacks did the tester most likely use to discover this information?

CompTIA's PT0-003 A penetration tester wants to attack a server, exhausting its resources and making it unavailable to legitimate users. Which of the following attacks would be best to achieve this result?

CompTIA's PT0-003 During an internal penetration test, a tester compromises a Windows OS-based endpoint and bypasses the defensive mechanism on that system. The tester also discovers the endpoint is part of an Active Directory local domain. The tester’s main goal is to leverage credentials to authenticate into other systems within the Active Directory environment. Which of the following steps should the tester take to complete the goal?

CompTIA's PT0-003 A penetration tester is conducting a wireless security assessment for a client with 2.4GHz and 5GHz access points. The tester places a wireless USB dongle in the laptop to start capturing WPA2 handshakes. Which of the following steps should the tester take next?

CompTIA's PT0-003 A tester performs a vulnerability scan and identifies several outdated libraries used within the customer SaaS product offering. Which of the following types of scans did the tester use to identify the libraries?

CompTIA's PT0-003 A penetration tester reviews a SAST vulnerability scan report. The following vulnerability has been reported as high severity:The tester inspects the source file and finds the variable response is defined as a constant and is not referred to or used in other sections of the code. Which of the following describes how the tester should classify this reported vulnerability?

CompTIA's PT0-003 A penetration tester would like to leverage a CSRF vulnerability to gather sensitive details from an application's end users. Which of the following tools should the tester use for this task?

CompTIA's PT0-003 A penetration tester gains access to a Linux computer system. The tester then attempts to enumerate user accounts, including the directories and user default shell. Which of the following commands should the tester use to enumerate user accounts?

CompTIA's PT0-003 A client warns the assessment team that an ICS application is maintained by the manufacturer. Any tampering of the host could void the enterprise support terms of use. Which of the following techniques would be most effective to validate whether the application encrypts communications in transit?

CompTIA's PT0-003 While performing a penetration testing exercise, a tester executes the following command:PS c:\tools> c:\hacks\PsExec.exe \\server01.comptia.org -accepteula cmd.exeWhich of the following best explains what the tester is trying to do?

CompTIA's PT0-003 During an assessment, a penetration tester obtains a low-privilege shell and then runs the following command: findstr /SIM /C:"pass” *.txt *.cfg *.xmlWhich of the following is the penetration tester trying to enumerate?

CompTIA's PT0-003 A penetration tester finished a security scan and uncovered numerous vulnerabilities on several hosts. Based on the targets' EPSS and CVSS scores, which of the following targets is the most likely to get attacked?

CompTIA's PT0-003 During a discussion of a penetration test final report, the consultant shows the following payload used to attack a system:?/<sCRitP>aLeRt("pwned")</ScriPt>Based on the code, which of the following options represents the attack executed by the tester and the associated countermeasure?

CompTIA's PT0-003 A penetration tester gains shell access to a Windows host. The tester needs to permanently turn off protections in order to install additional payload. Which of the following commands is most appropriate?

CompTIA's PT0-003 A penetration tester discovers data to stage and exfiltrate. The client has authorized movement to the tester’s attacking hosts only. Which of the following would be most appropriate to avoid alerting the SOC?

CompTIA's PT0-003 A penetration tester performs a service enumeration process and receives the following result after scanning a server using the Nmap tool:Based on the output, which of the following services provides the best target for launching an attack?

CompTIA's PT0-003 A client recently hired a penetration testing firm to conduct an assessment of their consumer-facing web application. Several days into the assessment, the client's networking team observes a substantial increase in DNS traffic. Which of the following would most likely explain the increase in DNS traffic?

CompTIA's PT0-003 Which of the following could be used to enhance the quality and reliability of a vulnerability scan report?

CompTIA's PT0-003 During a preengagement activity with a new customer, a penetration tester looks for assets to test. Which of the following is an example of a target that can be used for testing?

CompTIA's PT0-003 Before starting an assessment, a penetration tester needs to scan a Class B IPv4 network for open ports in a short amount of time. Which of the following is the best tool for this task?

CompTIA's PT0-003 Which of the following activities should be performed to prevent uploaded web shells from being exploited by others?

CompTIA's PT0-003 A penetration tester writes a Bash script to automate the execution of a ping command on a Class C network:Which of the following pieces of code should the penetration tester use in place of the --MISSING-TEXT-- placeholder?

CompTIA's PT0-003 Which of the following components should a penetration tester include in an assessment report?

CompTIA's PT0-003 A penetration tester writes the following script to enumerate a /24 network:The tester executes the script, but it fails with the following error:-bash: syntax error near unexpected token ‘ping’Which of the following should the tester do to fix the error?

CompTIA's PT0-003 A penetration tester launches an attack against company employees. The tester clones the company's intranet log-in page and sends the link via email to all employees. Which of the following best describes the objective and tool selected by the tester to perform this activity?

CompTIA's PT0-003 Which of the following techniques is the best way to avoid detection by data loss prevention tools?

CompTIA's PT0-003 During host discovery, a security analyst wants to obtain GeoIP information and a comprehensive summary of exposed services. Which of the following tools is best for this task?

CompTIA's PT0-003 A penetration tester is attempting to discover vulnerabilities in a company's web application. Which of the following tools would most likely assist with testing the security of the web application?