COMPTIA-PENTEST

CompTIA's PT0-003 During a penetration test, a tester attempts to pivot from one Windows 10 system to another Windows system. The penetration tester thinks a local firewall is blocking connections. Which of the following command-line utilities built into Windows is most likely to disable the firewall?

CompTIA's PT0-003 During an engagement, a penetration tester runs the following command against the host system:host -t axfr domain.com dnsl.domain.comWhich of the following techniques best describes what the tester is doing?

CompTIA's PT0-003 Which of the following are valid reasons for including base, temporal, and environmental CVSS metrics in the findings section of a penetration testing report? (Choose two.) E. Prioritizing compliance information needed for an audit F. Adding risk levels to each asset

CompTIA's PT0-003 During an assessment, a penetration tester plans to gather metadata from various online files, including pictures. Which of the following standards outlines the formats for pictures, audio, and additional tags that facilitate this type of reconnaissance?

CompTIA's PT0-003 A penetration tester needs to exploit a vulnerability in a wireless network that has weak encryption in order to perform traffic analysis and decrypt sensitive information. Which of the following techniques would best allow the penetration tester to have access to the sensitive information?

CompTIA's PT0-003 A penetration tester wants to check the security awareness of specific workers in the company with targeted attacks. Which of the following attacks should the penetration tester perform?

CompTIA's PT0-003 During a penetration test, a tester compromises a Windows computer. The tester executes the following command and receives the following output:mimikatz # privilege::debugmimikatz # lsadump::cache-Output---lapsUser27dh9128361tsg264592101387541j--OutputEnd--Which of the following best describes what the tester plans to do by executing the command?

CompTIA's PT0-003 During an assessment, a penetration tester obtains an NTLM hash from a legacy Windows machine. Which of the following tools should the penetration tester use to continue the attack?

CompTIA's PT0-003 An external legal firm is conducting a penetration test of a large corporation. Which of the following would be most appropriate for the legal firm to use in the subject line of a weekly email update?

CompTIA's PT0-003 A penetration tester needs to evaluate the security of example.com and gather stealthy information using DNS. Which of the following is the best tool for the tester to use?

CompTIA's PT0-003 A penetration tester gains access to a chrooted environment and runs service --status-all on a target host. The tester reviews the following output:[ + ] cron[ + ] dhcp[ - ] tomcat[ - ] xserver[ + ] sshThe only other commands that the tester can execute are ps, nc, tcpdump, and crontab. Which of the following is the best method to maintain persistence?

CompTIA's PT0-003 A penetration tester completes a scan and sees the following output on a host:Nmap scan report for victim (10.10.10.10)Host is up (0.0001s latency)PORT STATE SERVICE -161/udp open|filtered snmp445/tcp open microsoft-ds3389/tcp open microsoft-dsRunning Microsoft Windows 7 -OS CPE: cpe./o.microsoft.windows_7_sp0The tester wants to obtain shell access. Which of the following related exploits should the tester try first?

CompTIA's PT0-003 A company hires a penetration tester to test the security implementation of its wireless networks. The main goal for this assessment is to intercept and get access to sensitive data from the company's employees. Which of the following tools should the security professional use to best accomplish this task? E. WiGLE.net

CompTIA's PT0-003 While conducting a reconnaissance activity, a penetration tester extracts the following information:Emails:- [email protected]- [email protected]- [email protected]Which of the following risks should the tester use to leverage an attack as the next step in the security assessment?

CompTIA's PT0-003 A penetration tester is preparing a password-spraying attack against a known list of users for the company "example." The tester is using the following list of commands:1. pw-inspector -i $allwords | tee $pass2. spray365.py spray -ep $plan3. users="~/user.txt"; allwords="~/words.txt"; pass="~/passwords.txt"; plan="~/spray.plan"4. spray365.py generate --password_file $pass --user file $user --domain "example.com" --execution_plan $plan5. cewl -m 5 "http://www.example.com" -w $allwordsWhich of the following is the correct order for the list of the commands?

CompTIA's PT0-003 During a penetration testing exercise, a team decides to use a watering hole strategy. Which of the following is the most effective approach for executing this attack?

CompTIA's PT0-003 During a testing engagement, a penetration tester compromises a host and locates data for exfiltration. Which of the following are the best options to move the data without triggering a data loss prevention tool? (Choose two.) E. Encode the data as Base64. F. Send the data to a commonly trusted service.

CompTIA's PT0-003 Which of the following will reduce the possibility of introducing errors or bias in a penetration test report?

CompTIA's PT0-003 A penetration tester identifies the URL for an internal administration application while following DevOps team members on their commutes. Which of the following attacks did penetration tester most likely use?

CompTIA's PT0-003 During an assessment, a penetration tester obtains access to an internal server and would like to perform further reconnaissance by capturing LLMNR traffic. Which of the following tools should the tester use?

CompTIA's PT0-003 A penetration tester needs to obtain sensitive data from several executives who regularly work while commuting by train. Which of the following methods should the tester use for this task?

CompTIA's PT0-003 While performing reconnaissance, a penetration tester attempts to identify publicly accessible ICS and IoT systems. Which of the following tools is most effective for this task?

CompTIA's PT0-003 A penetration tester successfully gained access to manage resources and services within the company’s cloud environment. This was achieved by exploiting poorly secured administrative credentials that had extensive permissions across the network. Which of the following credentials was the tester able to obtain?

CompTIA's PT0-003 Which of the following frameworks can be used to classify threats?

CompTIA's PT0-003 A penetration tester is enumerating a Linux system. The goal is to modify the following script to provide more comprehensive system information:#!/bin/bashps aux >> linux enum.txtWhich of the following lines would provide the most comprehensive enumeration of the system?

CompTIA's PT0-003 During an assessment, a penetration tester sends the following request:POST /services/v1/users/create HTTP/1.1Host: target-application.com -Content-Type: application/json -Content-Length: [dynamic]Authorization: Bearer [FUZZE]Which of the following attacks is the penetration tester performing?

CompTIA's PT0-003 During a penetration test, the tester identifies several unused services that are listening on all targeted internal laptops:Which of the following technical controls should the tester recommend to reduce the risk of compromise?

CompTIA's PT0-003 Which of the following elements of a penetration test report can be used to most effectively prioritize the remediation efforts for all the findings?

CompTIA's PT0-003 A penetration tester observes the following output from an Nmap command while attempting to troubleshoot connectivity to a Linux server.Which of the following is the most likely reason for the connectivity issue?

CompTIA's PT0-003 A penetration tester finds an un authenticated RCE vulnerability on a web server and wants to use it to enumerate other servers on the local network. The web server is behind a firewall that allows only an incoming connection to TCP ports 443 and 53 and unrestricted outbound TCP connections. The target web server is https://target.comptia.org. Which of the following should the tester use to perform the task with the fewest web requests?