Free CompTIA PenTest+ Exam PT0-003 Exam Practice Test

A penetration tester needs to identify all vulnerable input fields on a customer website. Which of the following tools would be best suited to complete this request?

• DAST
• SAST
• IAST
• SCA

During a penetration test, the tester gains full access to the application's source code. The application repository includes thousands of code files. Given that the assessment timeline is very short, which of the following approaches would allow the tester to identify hard-coded credentials most effectively?

• Run TrufleHog against a local clone of the application
• Scan the live web application using Nikto
• Perform a manual code review of the Git repository
• Use SCA software to scan the application source code

During a security assessment, a penetration tester needs to exploit a vulnerability in a wireless network's authentication mechanism to gain unauthorized access to the network. Which of the following attacks would the tester most likely perform to gain access?

• KARMA attack
• Beacon flooding
• MAC address spoofing
• Eavesdropping

A penetration tester needs to launch an Nmap scan to find the state of the port for both TCP and UDP services. Which of the following commands should the tester use?

• nmap -sU -sW -p 1-65535 example.com
• nmap -sU -sY -p 1-65535 example.com
• nmap -sU -sT -p 1-65535 example.com
• nmap -sU -sN -p 1-65535 example.com

A penetration tester is working on an engagement in which a main objective is to collect confidential information that could be used to exfiltrate data and perform a ransomware attack. During the engagement, the tester is able to obtain an internal foothold on the target network. Which of the following is the next task the tester should complete to accomplish the objective?

• Initiate a social engineering campaign.
• Perform credential dumping.
• Compromise an endpoint.
• Share enumeration.

A penetration tester needs to evaluate the order in which the next systems will be selected for testing. Given the following output:Hostname | IP address | CVSS 2.0 | EPSS hrdatabase | 192.168.20.55 | 9.9 | 0.50financesite | 192.168.15.99 | 8.0 | 0.01legaldatabase | 192.168.10.2 | 8.2 | 0.60fileserver | 192.168.125.7 | 7.6 | 0.90Which of the following targets should the tester select next?

• fileserver
• hrdatabase
• legaldatabase
• financesite

A penetration tester is compiling the final report for a recently completed engagement. A junior QA team member wants to know where they can find details on the impact, overall security findings,and high-level statements. Which of the following sections of the report would most likely contain this information?

• Quality control
• Methodology
• Executive summary
• Risk scoring

SIMULATIONYou are a penetration tester running port scans on a server.INSTRUCTIONSPart 1: Given the output, construct the command that was used to generate this output from the available options.Part 2: Once the command is appropriately constructed, use the given output to identify the potential attack vectors that should be investigated further.If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

A penetration tester completed OSINT work and needs to identify all subdomains for mydomain.com. Which of the following is the best command for the tester to use?

• nslookup mydomain.com » /path/to/results.txt
• crunch 1 2 | xargs -n 1 -I 'X' nslookup X.mydomain.com
• dig @8.8.8.8 mydomain.com ANY » /path/to/results.txt
• cat wordlist.txt | xargs -n 1 -I 'X' dig X.mydomain.com

During a security assessment, a penetration tester needs to exploit a vulnerability in a wireless network's authentication mechanism to gain unauthorized access to the network. Which of the following attacks would the tester most likely perform to gain access?

• KARMA attack
• Beacon flooding
• MAC address spoofing
• Eavesdropping