Practice Free PT0-003 Exam Online Questions
Question #61
A penetration tester is getting ready to conduct a vulnerability scan to evaluate an environment that consists of a container orchestration cluster.
Which of the following tools would be best to use for this purpose?
- A . NSE
- B . Nessus
- C . CME
- D . Trivy
Correct Answer: D
D
Explanation:
In a container orchestration environment (for example, Kubernetes), the most valuable vulnerability scanning capability is one that understands container images, packages, and misconfigurations that commonly occur in containerized workloads. Trivy is specifically designed for container security assessment: it scans container images and the underlying OS/application dependencies for known vulnerabilities and can also identify misconfigurations relevant to cloud-native deployments. This aligns closely with PenTest+ guidance that testers should choose tools that match the technology stack being assessed―container ecosystems require image- and dependency-aware scanning rather than only traditional host/service scanning.
NSE (Nmap Scripting Engine) is excellent for network discovery and service enumeration, but it does not provide comprehensive container image vulnerability coverage. Nessus is a general-purpose vulnerability scanner and can be useful for hosts, but it is not as directly focused on container image supply chain issues and cluster workload artifacts as a dedicated container scanner. CrackMapExec (CME) is aimed at Windows/AD enumeration and lateral movement, not container vulnerability scanning. Therefore, Trivy is the best fit for scanning a container orchestration cluster environment.
D
Explanation:
In a container orchestration environment (for example, Kubernetes), the most valuable vulnerability scanning capability is one that understands container images, packages, and misconfigurations that commonly occur in containerized workloads. Trivy is specifically designed for container security assessment: it scans container images and the underlying OS/application dependencies for known vulnerabilities and can also identify misconfigurations relevant to cloud-native deployments. This aligns closely with PenTest+ guidance that testers should choose tools that match the technology stack being assessed―container ecosystems require image- and dependency-aware scanning rather than only traditional host/service scanning.
NSE (Nmap Scripting Engine) is excellent for network discovery and service enumeration, but it does not provide comprehensive container image vulnerability coverage. Nessus is a general-purpose vulnerability scanner and can be useful for hosts, but it is not as directly focused on container image supply chain issues and cluster workload artifacts as a dedicated container scanner. CrackMapExec (CME) is aimed at Windows/AD enumeration and lateral movement, not container vulnerability scanning. Therefore, Trivy is the best fit for scanning a container orchestration cluster environment.
Question #62
A penetration tester completes a scan and sees the following output on a host:
bash
Copy code
Nmap scan report for victim (10.10.10.10)
Host is up (0.0001s latency)
PORT STATE SERVICE
161/udp open|filtered snmp
445/tcp open microsoft-ds
3389/tcp open microsoft-ds
Running Microsoft Windows 7
OS CPE: cpe: /o: microsoft: windows_7_sp0
The tester wants to obtain shell access.
Which of the following related exploits should the tester try first?
- A . exploit/windows/smb/psexec
- B . exploit/windows/smb/ms08_067_netapi
- C . exploit/windows/smb/ms17_010_eternalblue
- D . auxiliary/scanner/snmp/snmp_login
Correct Answer: C
C
Explanation:
The ms17_010_eternalblue exploit is the most appropriate choice based on the scenario.
Why MS17-010 EternalBlue?
EternalBlue is a critical vulnerability in SMBv1 (port 445) affecting older versions of Windows, including Windows 7.
The exploit can be used to execute arbitrary code remotely, providing shell access to the target system.
Other Options:
A (psexec): This exploit is a post-exploitation tool that requires valid credentials to execute commands remotely.
B (ms08_067_netapi): A vulnerability targeting older Windows systems (e.g., Windows XP). It is unlikely to work on Windows 7.
D (snmp_login): This is an auxiliary module for enumerating SNMP, not gaining shell access.
CompTIA Pentest+
Reference: Domain 2.0 (Information Gathering and Vulnerability Identification)
Domain 3.0 (Attacks and Exploits)
C
Explanation:
The ms17_010_eternalblue exploit is the most appropriate choice based on the scenario.
Why MS17-010 EternalBlue?
EternalBlue is a critical vulnerability in SMBv1 (port 445) affecting older versions of Windows, including Windows 7.
The exploit can be used to execute arbitrary code remotely, providing shell access to the target system.
Other Options:
A (psexec): This exploit is a post-exploitation tool that requires valid credentials to execute commands remotely.
B (ms08_067_netapi): A vulnerability targeting older Windows systems (e.g., Windows XP). It is unlikely to work on Windows 7.
D (snmp_login): This is an auxiliary module for enumerating SNMP, not gaining shell access.
CompTIA Pentest+
Reference: Domain 2.0 (Information Gathering and Vulnerability Identification)
Domain 3.0 (Attacks and Exploits)
Question #63
As part of an engagement, a penetration tester wants to maintain access to a compromised system after rebooting.
Which of the following techniques would be best for the tester to use?
- A . Establishing a reverse shell
- B . Executing a process injection attack
- C . Creating a scheduled task
- D . Performing a credential-dumping attack
Correct Answer: C
C
Explanation:
To maintain access to a compromised system after rebooting, a penetration tester should create a scheduled task. Scheduled tasks are designed to run automatically at specified times or when certain conditions are met, ensuring persistence across reboots.
Persistence Mechanisms:
Scheduled Task: Creating a scheduled task ensures that a specific program or script runs automatically according to a set schedule or in response to certain events, including system startup. This makes it a reliable method for maintaining access after a system reboot.
Reverse Shell: While establishing a reverse shell provides immediate access, it typically does not survive a system reboot unless coupled with another persistence mechanism.
Process Injection: Injecting a malicious process into another running process can provide stealthy access but may not persist through reboots.
Credential Dumping: Dumping credentials allows for re-access by using stolen credentials, but it does not ensure automatic access upon reboot.
Creating a Scheduled Task:
On Windows, the schtasks command can be used to create scheduled tasks. For example: schtasks /create /tn "Persistence" /tr "C: pathtomalicious.exe" /sc onlogon /ru SYSTEM On Linux, a cron job can be created by editing the crontab:
(crontab -l; echo "@reboot /path/to/malicious.sh") | crontab –
Pentest
Reference: Maintaining persistence is a key objective in post-exploitation. Scheduled tasks (Windows Task Scheduler) and cron jobs (Linux) are commonly used techniques.
Reference to real-world scenarios include creating scheduled tasks to execute malware, keyloggers, or reverse shells automatically on system startup.
By creating a scheduled task, the penetration tester ensures that their access method (e.g., reverse shell, malware) is executed automatically whenever the system reboots, providing reliable persistence.
C
Explanation:
To maintain access to a compromised system after rebooting, a penetration tester should create a scheduled task. Scheduled tasks are designed to run automatically at specified times or when certain conditions are met, ensuring persistence across reboots.
Persistence Mechanisms:
Scheduled Task: Creating a scheduled task ensures that a specific program or script runs automatically according to a set schedule or in response to certain events, including system startup. This makes it a reliable method for maintaining access after a system reboot.
Reverse Shell: While establishing a reverse shell provides immediate access, it typically does not survive a system reboot unless coupled with another persistence mechanism.
Process Injection: Injecting a malicious process into another running process can provide stealthy access but may not persist through reboots.
Credential Dumping: Dumping credentials allows for re-access by using stolen credentials, but it does not ensure automatic access upon reboot.
Creating a Scheduled Task:
On Windows, the schtasks command can be used to create scheduled tasks. For example: schtasks /create /tn "Persistence" /tr "C: pathtomalicious.exe" /sc onlogon /ru SYSTEM On Linux, a cron job can be created by editing the crontab:
(crontab -l; echo "@reboot /path/to/malicious.sh") | crontab –
Pentest
Reference: Maintaining persistence is a key objective in post-exploitation. Scheduled tasks (Windows Task Scheduler) and cron jobs (Linux) are commonly used techniques.
Reference to real-world scenarios include creating scheduled tasks to execute malware, keyloggers, or reverse shells automatically on system startup.
By creating a scheduled task, the penetration tester ensures that their access method (e.g., reverse shell, malware) is executed automatically whenever the system reboots, providing reliable persistence.
Question #64
Which of the following would most likely reduce the possibility of a client rejecting the final deliverable for a penetration test?
- A . Goal reprioritization
- B . Stakeholder alignment
- C . Non-disclosure agreement
- D . Business impact analysis
Correct Answer: B
B
Explanation:
Stakeholder alignment is the most effective way to prevent deliverable rejection because it ensures everyone agrees―before testing begins―on scope, objectives, success criteria, assumptions, constraints, and what the final report will contain. PenTest+ pre-engagement activities stress confirming stakeholders (technical owners, management, legal/compliance) share the same understanding of rules of engagement, in-scope/out-of-scope targets, testing windows, permitted techniques, evidence handling, and reporting requirements (format, depth, risk rating method, and required artifacts). When these expectations are aligned early, the final deliverable is far less likely to be rejected for being “the wrong kind of report,” missing required sections, violating constraints, or addressing the wrong priorities.
Goal reprioritization can occur mid-engagement, but it does not inherently prevent rejection and can actually introduce mismatch if not formally managed. An NDA supports confidentiality but does not define acceptance criteria for the report. Business impact analysis strengthens findings, yet it is usually a component shaped by stakeholder expectations―so alignment is the primary factor that reduces rejection risk.
B
Explanation:
Stakeholder alignment is the most effective way to prevent deliverable rejection because it ensures everyone agrees―before testing begins―on scope, objectives, success criteria, assumptions, constraints, and what the final report will contain. PenTest+ pre-engagement activities stress confirming stakeholders (technical owners, management, legal/compliance) share the same understanding of rules of engagement, in-scope/out-of-scope targets, testing windows, permitted techniques, evidence handling, and reporting requirements (format, depth, risk rating method, and required artifacts). When these expectations are aligned early, the final deliverable is far less likely to be rejected for being “the wrong kind of report,” missing required sections, violating constraints, or addressing the wrong priorities.
Goal reprioritization can occur mid-engagement, but it does not inherently prevent rejection and can actually introduce mismatch if not formally managed. An NDA supports confidentiality but does not define acceptance criteria for the report. Business impact analysis strengthens findings, yet it is usually a component shaped by stakeholder expectations―so alignment is the primary factor that reduces rejection risk.
Question #65
A tester needs to begin capturing WLAN credentials for cracking during an on-site engagement.
Which of the following is the best command to capture handshakes?
- A . tcpdump -n -s0 -w <pcapname> -i <iface>
- B . airserv-ng -d <iface>
- C . aireplay-ng -0 1000 -a <target_mac>
- D . airodump-ng -c 6 –bssid <target_mac> <iface>
Correct Answer: D
D
Explanation:
The command airodump-ng -c 6 –bssid <target_mac> <iface> is used to capture WPA/WPA2 4-way handshakes on a specific channel and BSSID. This handshake is necessary for offline password cracking using tools like Hashcat or John the Ripper.
From the CompTIA PenTest+ PT0-003 Official Study Guide (Chapter 7 C Wireless Attacks):
“Airodump-ng is used to capture handshakes between a client and access point. The attacker can then attempt to crack the captured handshake offline.”
Reference: Chapter 7, CompTIA PenTest+ PT0-003 Official Study Guide
D
Explanation:
The command airodump-ng -c 6 –bssid <target_mac> <iface> is used to capture WPA/WPA2 4-way handshakes on a specific channel and BSSID. This handshake is necessary for offline password cracking using tools like Hashcat or John the Ripper.
From the CompTIA PenTest+ PT0-003 Official Study Guide (Chapter 7 C Wireless Attacks):
“Airodump-ng is used to capture handshakes between a client and access point. The attacker can then attempt to crack the captured handshake offline.”
Reference: Chapter 7, CompTIA PenTest+ PT0-003 Official Study Guide
Question #66
A penetration tester wants to send a specific network packet with custom flags and sequence numbers to a vulnerable target.
Which of the following should the tester use?
- A . tcprelay
- B . Bluecrack
- C . Scapy
- D . tcpdump
Correct Answer: C
C
Explanation:
Scapy is a powerful interactive Python-based packet manipulation tool used by penetration testers to create, modify, send, and analyze custom packets. It supports many protocols and allows you to set TCP flags, sequence numbers, and more.
tcprelay is used to redirect TCP traffic, not to craft packets.
Bluecrack is used for cracking Bluetooth encryption, irrelevant in this context.
tcpdump is a packet capture tool, not suitable for crafting or injecting packets.
Reference: PT0-003 Objective 3.4 C Tools for manipulating traffic, including Scapy for custom packet creation.
C
Explanation:
Scapy is a powerful interactive Python-based packet manipulation tool used by penetration testers to create, modify, send, and analyze custom packets. It supports many protocols and allows you to set TCP flags, sequence numbers, and more.
tcprelay is used to redirect TCP traffic, not to craft packets.
Bluecrack is used for cracking Bluetooth encryption, irrelevant in this context.
tcpdump is a packet capture tool, not suitable for crafting or injecting packets.
Reference: PT0-003 Objective 3.4 C Tools for manipulating traffic, including Scapy for custom packet creation.
Question #67
During an assessment, a penetration tester runs the following command:
dnscmd.exe /config /serverlevelplugindll C: usersnecad-TADocumentsadduser.dll.
Which of the following is the penetration tester trying to achieve?
- A . DNS enumeration
- B . Privilege escalation
- C . Command injection
- D . A list of available users
Correct Answer: B
B
Explanation:
The tester is attempting to register a malicious DLL as a server-level plugin to escalate privileges.
Privilege escalation (Option B):
The command uses dnscmd.exe, a legitimate Windows tool for managing DNS servers.
By setting a malicious DLL (adduser.dll) as a server-level plugin, attackers can gain SYSTEM-level privileges.
This technique is a DLL hijacking attack.
Reference: CompTIA PenTest+ PT0-003 Official Study Guide – "Windows Privilege Escalation Techniques"
Incorrect options:
Option A (DNS enumeration): The command modifies DNS settings rather than querying them.
Option C (Command injection): The attacker is not injecting arbitrary shell commands.
Option D (List of users): The command does not retrieve user information.et unauthorized access to
B
Explanation:
The tester is attempting to register a malicious DLL as a server-level plugin to escalate privileges.
Privilege escalation (Option B):
The command uses dnscmd.exe, a legitimate Windows tool for managing DNS servers.
By setting a malicious DLL (adduser.dll) as a server-level plugin, attackers can gain SYSTEM-level privileges.
This technique is a DLL hijacking attack.
Reference: CompTIA PenTest+ PT0-003 Official Study Guide – "Windows Privilege Escalation Techniques"
Incorrect options:
Option A (DNS enumeration): The command modifies DNS settings rather than querying them.
Option C (Command injection): The attacker is not injecting arbitrary shell commands.
Option D (List of users): The command does not retrieve user information.et unauthorized access to
Question #68
During an assessment, a penetration tester manages to get RDP access via a low-privilege user. The tester attempts to escalate privileges by running the following commands:
Import-Module .PrintNightmare.ps1
Invoke-Nightmare -NewUser "hacker" -NewPassword "Password123!" -DriverName "Print"
The tester attempts to further enumerate the host with the new administrative privileges by using the runas command. However, the access level is still low.
Which of the following actions should the penetration tester take next?
- A . Log off and log on with "hacker".
- B . Attempt to add another user.
- C . Bypass the execution policy.
- D . Add a malicious printer driver.
Correct Answer: A
A
Explanation:
In the scenario where a penetration tester uses the PrintNightmare exploit to create a new user with administrative privileges but still experiences low-privilege access, the tester should log off and log on with the new "hacker" account to escalate privileges correctly.
PrintNightmare Exploit:
PrintNightmare (CVE-2021-34527) is a vulnerability in the Windows Print Spooler service that allows remote code execution and local privilege escalation.
The provided commands are intended to exploit this vulnerability to create a new user with administrative privileges.
Commands Breakdown:
Import-Module .PrintNightmare.ps1: Loads the PrintNightmare exploit script.
Invoke-Nightmare -NewUser "hacker" -NewPassword "Password123!" -DriverName "Print": Executes the exploit, creating a new user "hacker" with administrative privileges.
Issue:
The tester still experiences low privileges despite running the exploit successfully. This could be due to the current session not reflecting the new privileges.
Solution:
Logging off and logging back on with the new "hacker" account will start a new session with the updated administrative privileges.
This ensures that the new privileges are applied correctly.
Pentest
Reference: Privilege Escalation: After gaining initial access, escalating privileges is crucial to gain full control over the target system.
Session Management: Understanding how user sessions work and ensuring that new privileges are recognized by starting a new session.
The use of the PrintNightmare exploit highlights a specific technique for privilege escalation within Windows environments.
By logging off and logging on with the new "hacker" account, the penetration tester can ensure the new administrative privileges are fully applied, allowing for further enumeration and exploitation of the target system.
A
Explanation:
In the scenario where a penetration tester uses the PrintNightmare exploit to create a new user with administrative privileges but still experiences low-privilege access, the tester should log off and log on with the new "hacker" account to escalate privileges correctly.
PrintNightmare Exploit:
PrintNightmare (CVE-2021-34527) is a vulnerability in the Windows Print Spooler service that allows remote code execution and local privilege escalation.
The provided commands are intended to exploit this vulnerability to create a new user with administrative privileges.
Commands Breakdown:
Import-Module .PrintNightmare.ps1: Loads the PrintNightmare exploit script.
Invoke-Nightmare -NewUser "hacker" -NewPassword "Password123!" -DriverName "Print": Executes the exploit, creating a new user "hacker" with administrative privileges.
Issue:
The tester still experiences low privileges despite running the exploit successfully. This could be due to the current session not reflecting the new privileges.
Solution:
Logging off and logging back on with the new "hacker" account will start a new session with the updated administrative privileges.
This ensures that the new privileges are applied correctly.
Pentest
Reference: Privilege Escalation: After gaining initial access, escalating privileges is crucial to gain full control over the target system.
Session Management: Understanding how user sessions work and ensuring that new privileges are recognized by starting a new session.
The use of the PrintNightmare exploit highlights a specific technique for privilege escalation within Windows environments.
By logging off and logging on with the new "hacker" account, the penetration tester can ensure the new administrative privileges are fully applied, allowing for further enumeration and exploitation of the target system.
Question #68
During an assessment, a penetration tester manages to get RDP access via a low-privilege user. The tester attempts to escalate privileges by running the following commands:
Import-Module .PrintNightmare.ps1
Invoke-Nightmare -NewUser "hacker" -NewPassword "Password123!" -DriverName "Print"
The tester attempts to further enumerate the host with the new administrative privileges by using the runas command. However, the access level is still low.
Which of the following actions should the penetration tester take next?
- A . Log off and log on with "hacker".
- B . Attempt to add another user.
- C . Bypass the execution policy.
- D . Add a malicious printer driver.
Correct Answer: A
A
Explanation:
In the scenario where a penetration tester uses the PrintNightmare exploit to create a new user with administrative privileges but still experiences low-privilege access, the tester should log off and log on with the new "hacker" account to escalate privileges correctly.
PrintNightmare Exploit:
PrintNightmare (CVE-2021-34527) is a vulnerability in the Windows Print Spooler service that allows remote code execution and local privilege escalation.
The provided commands are intended to exploit this vulnerability to create a new user with administrative privileges.
Commands Breakdown:
Import-Module .PrintNightmare.ps1: Loads the PrintNightmare exploit script.
Invoke-Nightmare -NewUser "hacker" -NewPassword "Password123!" -DriverName "Print": Executes the exploit, creating a new user "hacker" with administrative privileges.
Issue:
The tester still experiences low privileges despite running the exploit successfully. This could be due to the current session not reflecting the new privileges.
Solution:
Logging off and logging back on with the new "hacker" account will start a new session with the updated administrative privileges.
This ensures that the new privileges are applied correctly.
Pentest
Reference: Privilege Escalation: After gaining initial access, escalating privileges is crucial to gain full control over the target system.
Session Management: Understanding how user sessions work and ensuring that new privileges are recognized by starting a new session.
The use of the PrintNightmare exploit highlights a specific technique for privilege escalation within Windows environments.
By logging off and logging on with the new "hacker" account, the penetration tester can ensure the new administrative privileges are fully applied, allowing for further enumeration and exploitation of the target system.
A
Explanation:
In the scenario where a penetration tester uses the PrintNightmare exploit to create a new user with administrative privileges but still experiences low-privilege access, the tester should log off and log on with the new "hacker" account to escalate privileges correctly.
PrintNightmare Exploit:
PrintNightmare (CVE-2021-34527) is a vulnerability in the Windows Print Spooler service that allows remote code execution and local privilege escalation.
The provided commands are intended to exploit this vulnerability to create a new user with administrative privileges.
Commands Breakdown:
Import-Module .PrintNightmare.ps1: Loads the PrintNightmare exploit script.
Invoke-Nightmare -NewUser "hacker" -NewPassword "Password123!" -DriverName "Print": Executes the exploit, creating a new user "hacker" with administrative privileges.
Issue:
The tester still experiences low privileges despite running the exploit successfully. This could be due to the current session not reflecting the new privileges.
Solution:
Logging off and logging back on with the new "hacker" account will start a new session with the updated administrative privileges.
This ensures that the new privileges are applied correctly.
Pentest
Reference: Privilege Escalation: After gaining initial access, escalating privileges is crucial to gain full control over the target system.
Session Management: Understanding how user sessions work and ensuring that new privileges are recognized by starting a new session.
The use of the PrintNightmare exploit highlights a specific technique for privilege escalation within Windows environments.
By logging off and logging on with the new "hacker" account, the penetration tester can ensure the new administrative privileges are fully applied, allowing for further enumeration and exploitation of the target system.
Question #68
During an assessment, a penetration tester manages to get RDP access via a low-privilege user. The tester attempts to escalate privileges by running the following commands:
Import-Module .PrintNightmare.ps1
Invoke-Nightmare -NewUser "hacker" -NewPassword "Password123!" -DriverName "Print"
The tester attempts to further enumerate the host with the new administrative privileges by using the runas command. However, the access level is still low.
Which of the following actions should the penetration tester take next?
- A . Log off and log on with "hacker".
- B . Attempt to add another user.
- C . Bypass the execution policy.
- D . Add a malicious printer driver.
Correct Answer: A
A
Explanation:
In the scenario where a penetration tester uses the PrintNightmare exploit to create a new user with administrative privileges but still experiences low-privilege access, the tester should log off and log on with the new "hacker" account to escalate privileges correctly.
PrintNightmare Exploit:
PrintNightmare (CVE-2021-34527) is a vulnerability in the Windows Print Spooler service that allows remote code execution and local privilege escalation.
The provided commands are intended to exploit this vulnerability to create a new user with administrative privileges.
Commands Breakdown:
Import-Module .PrintNightmare.ps1: Loads the PrintNightmare exploit script.
Invoke-Nightmare -NewUser "hacker" -NewPassword "Password123!" -DriverName "Print": Executes the exploit, creating a new user "hacker" with administrative privileges.
Issue:
The tester still experiences low privileges despite running the exploit successfully. This could be due to the current session not reflecting the new privileges.
Solution:
Logging off and logging back on with the new "hacker" account will start a new session with the updated administrative privileges.
This ensures that the new privileges are applied correctly.
Pentest
Reference: Privilege Escalation: After gaining initial access, escalating privileges is crucial to gain full control over the target system.
Session Management: Understanding how user sessions work and ensuring that new privileges are recognized by starting a new session.
The use of the PrintNightmare exploit highlights a specific technique for privilege escalation within Windows environments.
By logging off and logging on with the new "hacker" account, the penetration tester can ensure the new administrative privileges are fully applied, allowing for further enumeration and exploitation of the target system.
A
Explanation:
In the scenario where a penetration tester uses the PrintNightmare exploit to create a new user with administrative privileges but still experiences low-privilege access, the tester should log off and log on with the new "hacker" account to escalate privileges correctly.
PrintNightmare Exploit:
PrintNightmare (CVE-2021-34527) is a vulnerability in the Windows Print Spooler service that allows remote code execution and local privilege escalation.
The provided commands are intended to exploit this vulnerability to create a new user with administrative privileges.
Commands Breakdown:
Import-Module .PrintNightmare.ps1: Loads the PrintNightmare exploit script.
Invoke-Nightmare -NewUser "hacker" -NewPassword "Password123!" -DriverName "Print": Executes the exploit, creating a new user "hacker" with administrative privileges.
Issue:
The tester still experiences low privileges despite running the exploit successfully. This could be due to the current session not reflecting the new privileges.
Solution:
Logging off and logging back on with the new "hacker" account will start a new session with the updated administrative privileges.
This ensures that the new privileges are applied correctly.
Pentest
Reference: Privilege Escalation: After gaining initial access, escalating privileges is crucial to gain full control over the target system.
Session Management: Understanding how user sessions work and ensuring that new privileges are recognized by starting a new session.
The use of the PrintNightmare exploit highlights a specific technique for privilege escalation within Windows environments.
By logging off and logging on with the new "hacker" account, the penetration tester can ensure the new administrative privileges are fully applied, allowing for further enumeration and exploitation of the target system.