Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
MuleSoft
Okta
Palo Alto Networks
Salesforce
SAP
All Vendors
  1. Home
  2. CompTIA
  3. PT0-003

CompTIA PT0-003 Exam (page: 9)
CompTIA PenTest+
Updated on: 01-Aug-2025

Viewing Page 9 of 49
PT0-003 PDF 183 Questions

During a vulnerability assessment, a penetration tester configures the scanner sensor and performs the initial vulnerability scanning under the client's internal network. The tester later discusses the results with the client, but the client does not accept the results. The client indicates the host and assets that were within scope are not included in the vulnerability scan results.
Which of the following should the tester have done?

  1. Rechecked the scanner configuration.
  2. Performed a discovery scan.
  3. Used a different scan engine.
  4. Configured all the TCP ports on the scan.

Answer(s): B

Explanation:

When the client indicates that the scope's hosts and assets are not included in the vulnerability scan results, it suggests that the tester may have missed discovering all the devices in the scope. Here's the best course of action:
Performing a Discovery Scan:
Purpose: A discovery scan identifies all active devices on the network before running a detailed vulnerability scan. It ensures that all in-scope devices are included in the assessment. Process: The discovery scan uses techniques like ping sweeps, ARP scans, and port scans to identify active hosts and services.
Comparison with Other Actions:
Rechecking the Scanner Configuration (A): Useful but not as comprehensive as ensuring all hosts are discovered.
Using a Different Scan Engine (C): Not necessary if the issue is with host discovery rather than the scanner's capability.
Configuring All TCP Ports on the Scan (D): Helps in detailed scanning but does not address missing hosts.
Performing a discovery scan ensures that all in-scope devices are identified and included in the vulnerability assessment, making it the best course of action.



[Information Gathering and Vulnerability Scanning]
Which of the following describes the process of determining why a vulnerability scanner is not providing results?

  1. Root cause analysis
  2. Secure distribution
  3. Peer review
  4. Goal reprioritization

Answer(s): A

Explanation:

Root cause analysis involves identifying the underlying reasons why a problem is occurring. In the context of a vulnerability scanner not providing results, performing a root cause analysis would help determine why the scanner is failing to deliver the expected output. Here's why option A is correct:
Root Cause Analysis: This is a systematic process used to identify the fundamental reasons for a problem. It involves investigating various potential causes and pinpointing the exact issue that is preventing the vulnerability scanner from working correctly. Secure Distribution: This refers to the secure delivery and distribution of software or updates, which is not relevant to troubleshooting a vulnerability scanner. Peer Review: This involves evaluating work by others in the same field to ensure quality and accuracy, but it is not directly related to identifying why a tool is malfunctioning. Goal Reprioritization: This involves changing the priorities of goals within a project, which does not address the technical issue of the scanner not working.
Reference from Pentest:
Horizontall HTB: Demonstrates the process of troubleshooting and identifying issues with tools and their configurations to ensure they work correctly.
Writeup HTB: Emphasizes the importance of thorough analysis to understand why certain security tools may fail during an assessment.



[Tools and Code Analysis]
During a security audit, a penetration tester wants to run a process to gather information about a target network's domain structure and associated IP addresses.
Which of the following tools should the tester use?

  1. Dnsenum
  2. Nmap
  3. Netcat
  4. Wireshark

Answer(s): A

Explanation:

Dnsenum is a tool specifically designed to gather information about DNS, including domain structure and associated IP addresses. Here's why option A is correct:
Dnsenum: This tool is used for DNS enumeration and can gather information about a domain's DNS records, subdomains, IP addresses, and other related information. It is highly effective for mapping out a target network's domain structure.
Nmap: While a versatile network scanning tool, Nmap is more focused on port scanning and service detection rather than detailed DNS enumeration.
Netcat: This is a network utility for reading and writing data across network connections, not for DNS enumeration.
Wireshark: This is a network protocol analyzer used for capturing and analyzing network traffic but not specifically for gathering DNS information.
Reference from Pentest:

Anubis HTB: Shows the importance of using DNS enumeration tools like Dnsenum to gather detailed information about the target's domain structure.
Forge HTB: Demonstrates the process of using specialized tools to collect DNS and IP information efficiently.



[Tools and Code Analysis]
During an external penetration test, a tester receives the following output from a tool:

test.comptia.org info.comptia.org vpn.comptia.org exam.comptia.org

Which of the following commands did the tester most likely run to get these results?

  1. nslookup -type=SOA comptia.org
  2. amass enum -passive -d comptia.org
  3. nmap -Pn -sV -vv -A comptia.org
  4. shodan host comptia.org

Answer(s): B

Explanation:

The tool and command provided by option B are used to perform passive DNS enumeration, which can uncover subdomains associated with a domain. Here's why option B is correct:
amass enum -passive -d comptia.org: This command uses the Amass tool to perform passive DNS enumeration, effectively identifying subdomains of the target domain. The output provided (subdomains) matches what this tool and command would produce. nslookup -type=SOA comptia.org: This command retrieves the Start of Authority (SOA) record, which does not list subdomains.
nmap -Pn -sV -vv -A comptia.org: This Nmap command performs service detection and aggressive scanning but does not enumerate subdomains.

shodan host comptia.org: Shodan is an internet search engine for connected devices, but it does not perform DNS enumeration to list subdomains.
Reference from Pentest:
Writeup HTB: Demonstrates the use of DNS enumeration tools like Amass to uncover subdomains during external assessments.
Horizontall HTB: Highlights the effectiveness of passive DNS enumeration in identifying subdomains and associated information.



A penetration tester is developing the rules of engagement for a potential client.
Which of the following would most likely be a function of the rules of engagement?

  1. Testing window
  2. Terms of service
  3. Authorization letter
  4. Shared responsibilities

Answer(s): A

Explanation:

The rules of engagement define the scope, limitations, and conditions under which a penetration test is conducted. Here's why option A is correct:
Testing Window: This specifies the time frame during which the penetration testing activities are authorized to occur. It is a crucial part of the rules of engagement to ensure the testing does not disrupt business operations and is conducted within agreed-upon hours. Terms of Service: This generally refers to the legal agreement between a service provider and user, not specific to penetration testing engagements.
Authorization Letter: This provides formal permission for the penetration tester to perform the assessment but is not a component of the rules of engagement. Shared Responsibilities: This refers to the division of security responsibilities between parties, often seen in cloud service agreements, but not specifically a function of the rules of engagement.
Reference from Pentest:
Luke HTB: Highlights the importance of clearly defining the testing window in the rules of engagement to ensure all parties are aligned.
Forge HTB: Demonstrates the significance of having a well-defined testing window to avoid disruptions and ensure compliance during the assessment.



Viewing Page 9 of 49



Share your comments for CompTIA PT0-003 exam with other users:

Noor 10/2/2023 7:48:00 AM

could you please upload ad0-127 dumps
INDIA


Kotesh 7/27/2023 2:30:00 AM

good content
Anonymous


Biswa 11/20/2023 9:07:00 AM

understanding about joins
Anonymous


Jimmy Lopez 8/25/2023 10:19:00 AM

please upload oracle cloud infrastructure 2023 foundations associate exam braindumps. thank you.
Anonymous


Lily 4/24/2023 10:50:00 PM

questions made studying easy and enjoyable, passed on the first try!
UNITED STATES


John 8/7/2023 12:12:00 AM

has anyone recently attended safe 6.0 exam? did you see any questions from here?
Anonymous


Big Dog 6/24/2023 4:47:00 PM

question 13 should be dhcp option 43, right?
UNITED STATES


B.Khan 4/19/2022 9:43:00 PM

the buy 1 get 1 is a great deal. so far i have only gone over exam. it looks promissing. i report back once i write my exam.
INDIA


Ganesh 12/24/2023 11:56:00 PM

is this dump good
Anonymous


Albin 10/13/2023 12:37:00 AM

good ................
EUROPEAN UNION


Passed 1/16/2022 9:40:00 AM

passed
GERMANY


Harsh 6/12/2023 1:43:00 PM

yes going good
Anonymous


Salesforce consultant 1/2/2024 1:32:00 PM

good questions for practice
FRANCE


Ridima 9/12/2023 4:18:00 AM

need dump and sap notes for c_s4cpr_2308 - sap certified application associate - sap s/4hana cloud, public edition - sourcing and procurement
Anonymous


Tanvi Rajput 10/6/2023 6:50:00 AM

question 11: d i personally feel some answers are wrong.
UNITED KINGDOM


Anil 7/18/2023 9:38:00 AM

nice questions
Anonymous


Chris 8/26/2023 1:10:00 AM

looking for c1000-158: ibm cloud technical advocate v4 questions
Anonymous


sachin 6/27/2023 1:22:00 PM

can you share the pdf
Anonymous


Blessious Phiri 8/13/2023 10:26:00 AM

admin ii is real technical stuff
Anonymous


Luis Manuel 7/13/2023 9:30:00 PM

could you post the link
UNITED STATES


vijendra 8/18/2023 7:54:00 AM

hello send me dumps
Anonymous


Simeneh 7/9/2023 8:46:00 AM

it is very nice
Anonymous


john 11/16/2023 5:13:00 PM

i gave the amazon dva-c02 tests today and passed. very helpful.
Anonymous


Tao 11/20/2023 8:53:00 AM

there is an incorrect word in the problem statement. for example, in question 1, there is the word "speci c". this is "specific. in the other question, there is the word "noti cation". this is "notification. these mistakes make this site difficult for me to use.
Anonymous


patricks 10/24/2023 6:02:00 AM

passed my az-120 certification exam today with 90% marks. studied using the dumps highly recommended to all.
Anonymous


Ananya 9/14/2023 5:17:00 AM

i need it, plz make it available
UNITED STATES


JM 12/19/2023 2:41:00 PM

q47: intrusion prevention system is the correct answer, not patch management. by definition, there are no patches available for a zero-day vulnerability. the way to prevent an attacker from exploiting a zero-day vulnerability is to use an ips.
UNITED STATES


Ronke 8/18/2023 10:39:00 AM

this is simple but tiugh as well
Anonymous


CesarPA 7/12/2023 10:36:00 PM

questão 4, segundo meu compilador local e o site https://www.jdoodle.com/online-java-compiler/, a resposta correta é "c" !
UNITED STATES


Jeya 9/13/2023 7:50:00 AM

its very useful
INDIA


Tracy 10/24/2023 6:28:00 AM

i mastered my skills and aced the comptia 220-1102 exam with a score of 920/1000. i give the credit to for my success.
Anonymous


James 8/17/2023 4:33:00 PM

real questions
UNITED STATES


Aderonke 10/23/2023 1:07:00 PM

very helpful assessments
UNITED KINGDOM


Simmi 8/24/2023 7:25:00 AM

hi there, i would like to get dumps for this exam
AUSTRALIA