Exam2pass
0 items Sign In or Register
  • Home
  • IT Exams
  • Guarantee
  • FAQs
  • Reviews
  • Contact Us
  • Demo
Exam2pass > CompTIA > CompTIA Certifications > PT0-003 > PT0-003 Online Practice Questions and Answers

PT0-003 Online Practice Questions and Answers

Questions 4

SIMULATION A penetration tester has been provided with only the public domain name and must enumerate additional information for the public-facing assets. INSTRUCTIONS Select the appropriate answer(s), given the output from each section. Output 1

A. Check the answer in explanation.

Buy Now

Correct Answer:

Answer: See all the solutions below in Explanation.

Questions 5

During a web application assessment, a penetration tester identifies an input field that allows JavaScript injection. The tester inserts a line of JavaScript that results in a prompt, presenting a text box when browsing to the page going forward. Which of the following types of attacks is this an example of?

A. SQL injection

B. SSRF

C. XSS

D. Server-side template injection

Buy Now

Correct Answer: C

Cross-Site Scripting (XSS) is an attack that involves injecting malicious scripts into web pages viewed by other users. Here's why option C is correct:

XSS (Cross-Site Scripting): This attack involves injecting JavaScript into a web application, which is then executed by the user's browser. The scenario describes injecting a JavaScript prompt, which is a typical XSS payload. SQL Injection:

This involves injecting SQL commands to manipulate the database and does not relate to JavaScript injection.

SSRF (Server-Side Request Forgery): This attack tricks the server into making requests to unintended locations, which is not related to client-side JavaScript execution. Server-Side Template Injection: This involves injecting code into server-

side templates, not JavaScript that executes in the user's browser.

References from Pentest:

Horizontall HTB: Demonstrates identifying and exploiting XSS vulnerabilities in web applications.

Luke HTB: Highlights the process of testing for XSS by injecting scripts and observing their execution in the browser.

Questions 6

Given the following statements:

Implement a web application firewall. Upgrade end-of-life operating systems.

Implement a secure software development life cycle. In which of the following sections of a penetration test report would the above statements be found?

A. Executive summary

B. Attack narrative

C. Detailed findings

D. Recommendations

Buy Now

Correct Answer: D

The given statements are actionable steps aimed at improving security. They fall under the recommendations section of a penetration test report. Here's why option D is correct:

Recommendations: This section of the report provides specific actions that should be taken to mitigate identified vulnerabilities and improve the overall security posture. Implementing a WAF, upgrading operating systems, and implementing a

secure SDLC are recommendations to enhance security. Executive Summary: This section provides a high-level overview of the findings and their implications, intended for executive stakeholders. Attack Narrative: This section details the

steps taken during the penetration test, describing the attack vectors and methods used.

Detailed Findings: This section provides an in-depth analysis of each identified vulnerability, including evidence and technical details.

References from Pentest:

Forge HTB: The report's recommendations section suggests specific measures to address the identified issues, similar to the given statements. Writeup HTB: Highlights the importance of the recommendations section in providing actionable

steps to improve security based on the findings from the assessment.

Conclusion:

Option D, recommendations, is the correct section where the given statements would be found in a penetration test report.

Questions 7

During a penetration test, the tester uses a vulnerability scanner to collect information about any possible vulnerabilities that could be used to compromise the network. The tester receives the results and then executes the following command:

snmpwalk -v 2c -c public 192.168.1.23

Which of the following is the tester trying to do based on the command they used?

A. Bypass defensive systems to collect more information.

B. Use an automation tool to perform the attacks.

C. Script exploits to gain access to the systems and host.

D. Validate the results and remove false positives.

Buy Now

Correct Answer: D

The command snmpwalk -v 2c -c public 192.168.1.23 is used to query SNMP (Simple Network Management Protocol) data from a device. Here's the purpose in the context provided:

SNMP Enumeration:

Purpose of the Command:

Comparison with Other Options:

By using snmpwalk, the tester is validating the results from the vulnerability scanner and removing any false positives, ensuring accurate reporting.

Questions 8

A penetration tester needs to help create a threat model of a custom application. Which of the following is the most likely framework the tester will use?

A. MITRE ATTandCK

B. OSSTMM

C. CI/CD

D. DREAD

Buy Now

Correct Answer: D

The DREAD model is a risk assessment framework used to evaluate and prioritize the security risks of an application. It stands for Damage potential, Reproducibility, Exploitability, Affected users, and Discoverability.

Understanding DREAD:

Usage in Threat Modeling:

Process:

References from Pentesting Literature:

Step-by-Step ExplanationReferences:

Penetration Testing - A Hands-on Introduction to Hacking HTB Official Writeups

Questions 9

A penetration tester performs a service enumeration process and receives the following result after scanning a server using the Nmap tool: PORT STATE SERVICE

22/tcp open ssh 25/tcp filtered smtp

111/tcp open rpcbind

2049/tcp open nfs

Based on the output, which of the following services provides the best target for launching an attack?

A. Database

B. Remote access

C. Email

D. File sharing

Buy Now

Correct Answer: D

Based on the Nmap scan results, the services identified on the target server are as follows:

22/tcp open ssh:

25/tcp filtered smtp:

111/tcp open rpcbind:

2049/tcp open nfs:

Conclusion: The NFS service (2049/tcp) provides the best target for launching an attack. File sharing services like NFS often contain sensitive data and can be vulnerable to misconfigurations that allow unauthorized access or privilege

escalation.

Questions 10

While conducting a reconnaissance activity, a penetration tester extracts the following information:

Emails: - admin@acme.com - sales@acme.com - support@acme.com

Which of the following risks should the tester use to leverage an attack as the next step in the security assessment?

A. Unauthorized access to the network

B. Exposure of sensitive servers to the internet

C. Likelihood of SQL injection attacks

D. Indication of a data breach in the company

Buy Now

Correct Answer: A

When a penetration tester identifies email addresses during reconnaissance, the most immediate risk to leverage for an attack is unauthorized access to the network. Here's why:

Phishing Attacks:

Spear Phishing:

Comparison with Other Risks:

Email addresses are a starting point for phishing attacks, making unauthorized access to the network the most relevant risk.

Questions 11

A penetration tester downloaded the following Perl script that can be used to identify vulnerabilities in network switches. However, the script is not working properly.

Which of the following changes should the tester apply to make the script work as intended?

A. Change line 2 to $ip= 10.192.168.254;

B. Remove lines 3, 5, and 6.

C. Remove line 6.

D. Move all the lines below line 7 to the top of the script.

Buy Now

Correct Answer: B

https://www.asc.ohio-state.edu/lewis.239/Class/Perl/perl.html Example script:

#!/usr/bin/perl

$ip=$argv[1];

attack($ip);

sub attack {

print("x");

}

Questions 12

The following line-numbered Python code snippet is being used in reconnaissance:

Which of the following line numbers from the script MOST likely contributed to the script triggering a "probable port scan" alert in the organization's IDS?

A. Line 01

B. Line 02

C. Line 07

D. Line 08

Buy Now

Correct Answer: D

Questions 13

Given the following output:

User-agent:* Disallow: /author/

Disallow: /xmlrpc.php

Disallow: /wp-admin

Disallow: /page/

During which of the following activities was this output MOST likely obtained?

A. Website scraping

B. Website cloning

C. Domain enumeration

D. URL enumeration

Buy Now

Correct Answer: D

URL enumeration is the activity of discovering and mapping the URLs of a website, such as directories, files, parameters, or subdomains. URL enumeration can help to identify the structure, content, and functionality of a website, as well as potential vulnerabilities or misconfigurations. One of the methods of URL enumeration is to analyze the robots.txt file of a website, which is a text file that tells search engine crawlers which URLs the crawler can or can't request from the site1. The output shown in the question is an example of a robots.txt file that disallows crawling of certain URLs, such as /author/, /xmlrpc.php, /wp-admin, or /page/.

Exam Code: PT0-003
Exam Name: CompTIA PenTest+
Last Update: May 27, 2026
Questions: 404

PDF (Q&A)

$45.99
ADD TO CART

VCE

$49.99
ADD TO CART

PDF + VCE

$59.99
ADD TO CART

Exam2Pass----The Most Reliable Exam Preparation Assistance

There are tens of thousands of certification exam dumps provided on the internet. And how to choose the most reliable one among them is the first problem one certification candidate should face. Exam2Pass provide a shot cut to pass the exam and get the certification. If you need help on any questions or any Exam2Pass exam PDF and VCE simulators, customer support team is ready to help at any time when required.

Home | Guarantee & Policy |  Privacy & Policy |  Terms & Conditions |  How to buy |  FAQs |  About Us |  Contact Us |  Demo |  Reviews

2026 Copyright @ exam2pass.com All trademarks are the property of their respective vendors. We are not associated with any of them.