Exam PT0-003 Topic 3 Question 326 Discussion
Actual exam question for CompTIA's PT0-003 exam
Question #: 326
Topic #: 3
Question #: 326
Topic #: 3
A penetration tester is conducting an assessment on a network that consists entirely of Linux and Unix servers; there are no Windows hosts present in the environment. The tester has learned that the client's Security Operations Center (SOC) heavily monitors user endpoints but has no visibility or monitoring on the server subnet. The tester aims to gain access to these servers by performing a brute-force attack against the SSH service using a list of potential targets and a common wordlist. Which of the following commands should the tester use?
Suggested Answer: D Vote an answer
Comprehensive and Detailed Explanation:
The environment contains no Windows hosts (so Windows-specific credential-capture tools like Responder are ineffective). The tester needs credentials on non-Windows servers (likely SSH). The SOC only monitors endpoints (not servers), meaning aggressive credential guessing against servers may go unnoticed. hydra is a parallelized remote-auth brute-force tool that targets services such as SSH and can iterate a username list (-L) and password list (-P) across multiple targets (-M). This makes option D the most direct tool to attempt credential discovery on non-Windows hosts (SSH brute-force).
Why not the others:
* A: pwinspector is Windows-focused/unknown in this context.
* B: responder targets LLMNR/NetBIOS broadcasts on Windows networks - not applicable.
* C: nmap will enumerate services (helpful), but it does not obtain credentials.
PT0-003 mapping: Domain 3 - post-compromise credential discovery and use of appropriate tools given OS
/service mix.
The environment contains no Windows hosts (so Windows-specific credential-capture tools like Responder are ineffective). The tester needs credentials on non-Windows servers (likely SSH). The SOC only monitors endpoints (not servers), meaning aggressive credential guessing against servers may go unnoticed. hydra is a parallelized remote-auth brute-force tool that targets services such as SSH and can iterate a username list (-L) and password list (-P) across multiple targets (-M). This makes option D the most direct tool to attempt credential discovery on non-Windows hosts (SSH brute-force).
Why not the others:
* A: pwinspector is Windows-focused/unknown in this context.
* B: responder targets LLMNR/NetBIOS broadcasts on Windows networks - not applicable.
* C: nmap will enumerate services (helpful), but it does not obtain credentials.
PT0-003 mapping: Domain 3 - post-compromise credential discovery and use of appropriate tools given OS
/service mix.
by Wright at Jun 25, 2026, 10:54 AM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).