COMPTIA-PENTEST

CompTIA's PT0-003 A penetration tester has just started a new engagement. The tester is using a framework that breaks the life cycle into 14 components. Which of the following frameworks is the tester using?

CompTIA's PT0-003 A penetration tester successfully gains access to a Linux system and then uses the following command:find / -type f -ls > /tmp/recon.txtWhich of the following best describes the tester's goal?

CompTIA's PT0-003 Which of the following protocols would a penetration tester most likely utilize to exfiltrate data covertly and evade detection?

CompTIA's PT0-003 During a penetration test, a junior tester uses Hunter.io for an assessment and plans to review the information that will be collected. Which of the following describes the information the junior tester will receive from the Hunter.io tool?

CompTIA's PT0-003 A penetration tester wants to download sensitive files stored on the client's file server and runs the following scan:Which of the following TCP ports should the penetration tester target as a next step?

CompTIA's PT0-003 A penetration tester enters an invalid user ID on the login page of a web application. The tester receives a message indicating the user is not found. Then, the tester tries a valid user ID but an incorrect password, but the web application indicates the password is invalid. Which of the following should the tester attempt next?

CompTIA's PT0-003 After completing vulnerability scans for a given test, a penetration tester needs to prioritize which potential assets are in scope and should be exploited first. Given the following scanner output:Which of the following findings should the tester prioritize first based upon a consideration of risk to the organization?

CompTIA's PT0-003 A penetration tester uses a Python script to enumerate open ports across a list of IP addresses. The current script runs sequentially, which slows it down during larger engagements. The tester wants to improve the script’s performance so it can handle multiple targets simultaneously.Which of the following changes is the best way to achieve this goal?

CompTIA's PT0-003 A penetration tester sets up a C2 server to manage and control payloads deployed in the target network.Which of the following tools is the most suitable for establishing a robust and stealthy connection?

CompTIA's PT0-003 A penetration tester obtains a regular domain user’s set of credentials. The tester wants to attempt a dictionary attack by creating a custom word list based on the Active Directory password policy.Which of the following tools should the penetration tester use to retrieve the password policy?

CompTIA's PT0-003 A penetration tester is ready to add shellcode for a specific remote executable exploit. The tester is trying to prevent the payload from being blocked by anti-malware that is running on the target.Which of the following commands should the tester use to obtain shell access?

CompTIA's PT0-003 A penetration tester is investigating a buffer overflow on the myfile binary. The tester wants to send a payload to help identify the exact offset to inject the memory address to take control of the buffer.Which of the following would allow the penetration tester to quickly identify the offset?

CompTIA's PT0-003 A penetration tester is attempting to exfiltrate sensitive data from a client environment without alerting the client’s blue team.Which of the following exfiltration methods most likely remain undetected?

CompTIA's PT0-003 A penetration tester reviews the following output:Which of the following most likely describes the function of this system?

CompTIA's PT0-003 During a penetration test for a client that has a diverse infrastructure, the tester scans the network using Nmap and observes the following output:Which of the following would most likely be the target device?

CompTIA's PT0-003 A tester compromises a shared host that is manually audited every week due to the absence of a SIEM.Which of the following is the best way to reduce the chances of being detected?

CompTIA's PT0-003 A penetration tester wants to verify whether passwords from a leaked password list can be used to access an SSH server as a legitimate user.Which of the following is the most appropriate tool for this task?

CompTIA's PT0-003 A penetration tester discovers a deprecated directory in which files are accessible to anyone.Which of the following would most likely assist the penetration tester in finding sensitive information without raising suspicion?

CompTIA's PT0-003 A penetration tester gains initial access to a Windows workstation on a client’s network. The tester wants to determine the next target but does not want to install software on the workstation.Which of the following is the best tool to list potential targets? E. CME

CompTIA's PT0-003 A penetration tester completes an authenticated vulnerability scan of a host and receives the following results:Which of the following is most likely to cause stability when a session is created on a target machine?

CompTIA's PT0-003 A penetration tester uses the Intruder tool from the Burp Suite Community Edition while assessing a web application. The tester notices the test is taking too long to complete.Which of the following tools can the tester use to accelerate the test and achieve similar results?