Practice Free PT0-003 Exam Online Questions
During a pre-engagement activity with a new customer, a penetration tester looks for assets to test.
Which of the following is an example of a target that can be used for testing?
- A . API
- B . HTTP
- C . IPA
- D . ICMP
A
Explanation:
API as a Target:
APIs (Application Programming Interfaces) are common assets to test for vulnerabilities such as improper authentication, data leakage, or injection attacks. Testing APIs often uncovers critical issues in modern applications.
Why Not Other Options?
B (HTTP): This is a protocol, not a specific asset.
C (IPA): Unrelated to penetration testing (likely a typo or irrelevant here).
D (ICMP): This is a protocol used for network diagnostics, not an application asset.
CompTIA Pentest+
Reference: Domain 1.0 (Planning and Scoping)
During a pre-engagement activity with a new customer, a penetration tester looks for assets to test.
Which of the following is an example of a target that can be used for testing?
- A . API
- B . HTTP
- C . IPA
- D . ICMP
A
Explanation:
API as a Target:
APIs (Application Programming Interfaces) are common assets to test for vulnerabilities such as improper authentication, data leakage, or injection attacks. Testing APIs often uncovers critical issues in modern applications.
Why Not Other Options?
B (HTTP): This is a protocol, not a specific asset.
C (IPA): Unrelated to penetration testing (likely a typo or irrelevant here).
D (ICMP): This is a protocol used for network diagnostics, not an application asset.
CompTIA Pentest+
Reference: Domain 1.0 (Planning and Scoping)
A penetration tester is searching for vulnerabilities or misconfigurations on a container environment.
Which of the following tools will the tester most likely use to achieve this objective?
- A . Nikto
- B . Trivy
- C . Nessus
- D . Nmap
B
Explanation:
Containers (e.g., Docker, Kubernetes) require specialized scanning tools to detect vulnerabilities.
Trivy (Option B):
Trivy is an open-source vulnerability scanner designed specifically for containers and Kubernetes environments.
It scans container images, repositories, and running containers for known vulnerabilities (CVEs).
Reference: CompTIA PenTest+ PT0-003 Official Study Guide – "Container Security and Vulnerability Scanning"
Incorrect options:
Option A (Nikto): Web server scanner, not container-focused.
Option C (Nessus): General network vulnerability scanner, but lacks container-specific scanning.
Option D (Nmap): Network mapper, not a vulnerability scanner.
During a red-team exercise, a penetration tester obtains an employee’s access badge. The tester uses the badge’s information to create a duplicate for unauthorized entry.
Which of the following best describes this action?
- A . Smurfing
- B . Credential stuffing
- C . RFID cloning
- D . Card skimming
C
Explanation:
RFID cloning involves copying data from an existing access card to create a duplicate badge. Attackers use tools like Proxmark3 or Flipper Zero to capture and replicate RFID signals.
Option A (Smurfing) ❌ : A DDoS attack technique, unrelated to physical security.
Option B (Credential stuffing) ❌ : Uses compromised usernames/passwords, not RFID badges.
Option C (RFID cloning) ✅ : Correct. Creates a duplicate access badge using RFID technology.
Option D (Card skimming) ❌ : Steals credit card data, but does not duplicate RFID badges.
Reference: CompTIA PenTest+ PT0-003 Official Guide C Physical Security Testing & RFID Cloning
A penetration tester needs to exploit a vulnerability in a wireless network that has weak encryption to perform traffic analysis and decrypt sensitive information.
Which of the following techniques would best allow the penetration tester to have access to the sensitive information?
- A . Bluejacking
- B . SSID spoofing
- C . Packet sniffing
- D . ARP poisoning
C
Explanation:
If a wireless network uses weak encryption (e.g., WEP), attackers can capture and analyze packets to extract sensitive data.
Packet sniffing (Option C):
Tools like Wireshark, Aircrack-ng, and Kismet capture network packets.
Attackers analyze captured traffic to decrypt WEP encryption or extract plaintext credentials.
Reference: CompTIA PenTest+ PT0-003 Official Study Guide – "Wireless Network Attacks and Sniffing" Incorrect options:
Option A (Bluejacking): Sends unsolicited Bluetooth messages, not for network sniffing.
Option B (SSID spoofing): Involves creating a fake access point, but does not analyze traffic.
Option D (ARP poisoning): Used for MITM attacks, but not specific to wireless traffic analysis.
HOTSPOT
You are a security analyst tasked with hardening a web server.
You have been given a list of HTTP payloads that were flagged as malicious.
INSTRUCTIONS
Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
A penetration tester obtains the following output during an Nmap scan:
PORT STATE SERVICE
135/tcp open msrpc
445/tcp open microsoft-ds
1801/tcp open msmq
2103/tcp open msrpc
3389/tcp open ms-wbt-server
Which of the following should be the next step for the tester?
- A . Search for vulnerabilities on msrpc.
- B . Enumerate shares and search for vulnerabilities on the SMB service.
- C . Execute a brute-force attack against the Remote Desktop Services.
- D . Execute a new Nmap command to search for another port.
B
Explanation:
The presence of SMB (port 445) and MSRPC (port 135) indicates potential Windows network services that could be vulnerable to misconfigurations or exploits. Enumerate shares and search for vulnerabilities on SMB (Option B):
SMB (Server Message Block) allows file and printer sharing. Misconfigured or open shares could contain sensitive data.
Tools like enum4linux or smbclient can be used to list available shares and check for anonymous access.
SMB vulnerabilities (e.g., EternalBlue – CVE-2017-0144) can be exploited for remote code execution.
Reference: CompTIA PenTest+ PT0-003 Official Study Guide – "SMB Enumeration and Exploitation" Incorrect options:
Option A (Search vulnerabilities on msrpc): MSRPC (Microsoft Remote Procedure Call) is not commonly exploited directly unless an SMB or RDP vulnerability is found.
Option C (Brute-force RDP): Brute-force attacks generate excessive failed login attempts, triggering security alerts.
Option D (Search for another port): The open ports already provide sufficient attack vectors.
A penetration tester writes a Bash script to automate the execution of a ping command on a Class C network:
for var in –MISSING TEXT– do
ping -c 1 192.168.10.$var
done
Which of the following pieces of code should the penetration tester use in place of ―MISSING TEXT―?
- A . crunch 1 254 loop
- B . seq 1 254
- C . echo 1-254
- D . fl..254
B
Explanation:
The seq command generates a sequence of numbers, making it the best choice for iterating through IP addresses in a Class C subnet.
Option A (crunch) ❌ : Crunch generates wordlists, not IP ranges.
Option B (seq 1 254) ✅ : Correct. Generates the range 1-254 for a Class C subnet.
Option C (echo 1-254) ❌ : Outputs the string "1-254" instead of expanding it into numbers.
Option D (fl..254) ❌ : Incorrect syntax.
Reference: CompTIA PenTest+ PT0-003 Official Guide C Bash Scripting for Automation
A penetration testing team needs to determine whether it is possible to disrupt the wireless communications for PCs deployed in the client’s offices.
Which of the following techniques should the penetration tester leverage?
- A . Port mirroring
- B . Sidecar scanning
- C . ARP poisoning
- D . Channel scanning
D
Explanation:
Channel Scanning:
Wireless communications can be disrupted by identifying and interfering with the channels used by Wi-Fi networks.
Channel scanning allows the tester to map all active Wi-Fi channels, identify the target network, and determine possible jamming or interference strategies.
Why Not Other Options?
A (Port mirroring): This applies to wired network traffic duplication for monitoring purposes and is unrelated to wireless disruption.
B (Sidecar scanning): Not a relevant technique in the context of wireless disruption.
C (ARP poisoning): This targets Ethernet/IP communication in a local network, not wireless communication at the radio frequency level.
CompTIA Pentest+
Reference: Domain 3.0 (Attacks and Exploits)
Wireless Network Disruption Techniques
A penetration testing team needs to determine whether it is possible to disrupt the wireless communications for PCs deployed in the client’s offices.
Which of the following techniques should the penetration tester leverage?
- A . Port mirroring
- B . Sidecar scanning
- C . ARP poisoning
- D . Channel scanning
D
Explanation:
Channel Scanning:
Wireless communications can be disrupted by identifying and interfering with the channels used by Wi-Fi networks.
Channel scanning allows the tester to map all active Wi-Fi channels, identify the target network, and determine possible jamming or interference strategies.
Why Not Other Options?
A (Port mirroring): This applies to wired network traffic duplication for monitoring purposes and is unrelated to wireless disruption.
B (Sidecar scanning): Not a relevant technique in the context of wireless disruption.
C (ARP poisoning): This targets Ethernet/IP communication in a local network, not wireless communication at the radio frequency level.
CompTIA Pentest+
Reference: Domain 3.0 (Attacks and Exploits)
Wireless Network Disruption Techniques