CompTIA PenTest+ - PT0-003 FREE EXAM DUMPS QUESTIONS & ANSWERS

A penetration tester conducts a web application assessment and receives the following Set-Cookie upon logging in:
Set-Cookie auth=UGVudGVzdFVzZXI6OTE1MzYK
Upon analysis, the penetration tester determines this is a Base64-encoded string, which when decoded reads:
Pentestuser:91536
The penetration tester logs out, logs back in, and sees the decoded string now reads:
Pentestuser:91944
Which of the following attacks will the penetration tester most likely conduct based on this information?
Correct Answer: C Vote an answer
Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).
A penetration tester modifies a web application's URL by inserting malformed data into input parameters.
The web application returns the error message below:
Internal Server Error
NumberFormatException: For input string ...
Source file: /home/www/htmldoc/app001/140612/main
Which of the following actions will the tester most likely take?
Correct Answer: D Vote an answer
Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).
A penetration tester successfully phishes a user and compromises a domain-joined endpoint. The tester enumerates the domain controller and discovers that Group Policy Preferences are in use. The tester also finds that the version of the domain controllers is Windows Server 2012. The tester wants to use the fastest possible method of pivoting successfully to multiple production servers joined to the domain. Which of the following is the best way to achieve this goal?
Correct Answer: D Vote an answer
Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).
A penetration tester downloads a JAR file that is used in an organization ' s production environment. The tester evaluates the contents of the JAR file to identify potentially vulnerable components that can be targeted for exploit. Which of the following describes the tester ' s activities?
Correct Answer: B Vote an answer
Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).
A penetration tester is working on an engagement in which a main objective is to collect confidential information that could be used to exfiltrate data and perform a ransomware attack. During the engagement, the tester is able to obtain an internal foothold on the target network. Which of the following is the next task the tester should complete to accomplish the objective?
Correct Answer: B Vote an answer
Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).
A penetration tester successfully gains access to a Linux system and then uses the following command:
find / -type f -ls > /tmp/recon.txt
Which of the following best describes the tester's goal?
Correct Answer: D Vote an answer
Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).
A penetration tester is assessing the security of a web application. When the tester attempts to access the application, the tester receives an HTTP 403 response. Which of the following should the penetration tester do to overcome this issue?
Correct Answer: D Vote an answer
Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).
A penetration tester obtains password dumps associated with the target and identifies strict lockout policies.
The tester does not want to lock out accounts when attempting access. Which of the following techniques should the tester use?
Correct Answer: D Vote an answer
Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).
A penetration tester performs the following scan:
nmap -sU -p 53,161,162 192.168.1.51
PORT | STATE
53/udp | open|filtered
161/udp | open|filtered
162/udp | open|filtered
The tester then manually uses snmpwalk against port 161 and receives valid SNMP responses. Which of the following best explains the scan result for port 161?
Correct Answer: A Vote an answer
Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).
A penetration tester needs to complete cleanup activities from the testing lead. Which of the following should the tester do to validate that reverse shell payloads are no longer running?
Correct Answer: D Vote an answer
Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).
A penetration tester compromises a Windows OS endpoint that is joined to an Active Directory local environment. Which of the following tools should the tester use to manipulate authentication mechanisms to move laterally in the network?
Correct Answer: D Vote an answer
Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).
During an assessment, a penetration tester sends the following request:
POST /services/v1/users/create HTTP/1.1
Host: target-application.com
Content-Type: application/json
Content-Length: [dynamic]
Authorization: Bearer (FUZZ)
Which of the following attacks is the penetration tester performing?
Correct Answer: C Vote an answer
Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).
A penetration tester discovers a deprecated directory in which files are accessible to anyone. Which of the following would most likely assist the penetration tester in finding sensitive information without raising suspicion?
Correct Answer: B Vote an answer
Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).
A penetration tester runs a vulnerability scan that identifies several issues across numerous customer hosts.
The executive report outlines the following:

The client is concerned about the availability of its consumer-facing production application. Which of the following hosts should the penetration tester select for additional manual testing?
Correct Answer: B Vote an answer
Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).
0
0
0
10