CompTIA PT0-003 - CompTIA PenTest+ Exam
Page: 1 / 37
Total 183 questions
Question #1 (Topic: Exam A)
A penetration tester wants to send a specific network packet with custom flags and sequence numbers to a vulnerable target. Which of the following should the tester use?
A. tcprelay
B. Bluecrack
C. Scapy
D. tcpdump
Answer: C
Question #2 (Topic: Exam A)
Which of the following explains the reason a tester would opt to use DREAD over PTES during the planning phase of a penetration test?
A. The tester is conducting a web application test.
B. The tester is assessing a mobile application.
C. The tester is evaluating a thick client application.
D. The tester is creating a threat model.
Answer: D
Question #3 (Topic: Exam A)
A penetration tester is performing a security review of a web application. Which of the following should the tester leverage to identify the presence of vulnerable open-source libraries?
A. VM
B. IAST
C. DAST
D. SCA
Answer: D
Question #4 (Topic: Exam A)
A penetration tester finds that an application responds with the contents of the /etc/passwd file when the following payload is sent:
Which of the following should the tester recommend in the report to best prevent this type of vulnerability?
Which of the following should the tester recommend in the report to best prevent this type of vulnerability?
A. Drop all excessive file permissions with chmod o-rwx.
B. Ensure the requests application access logs are reviewed frequently.
C. Disable the use of external entities.
D. Implement a WAF to filter all incoming requests.
Answer: C
Question #5 (Topic: Exam A)
A penetration tester is conducting reconnaissance for an upcoming assessment of a large corporate client. The client authorized spear phishing in the rules of engagement. Which of the following should the tester do first when developing the phishing campaign?
A. Shoulder surfing
B. Recon-ng
C. Social media
D. Password dumps
Answer: C
