CompTIA PT0-003 Actual Questions

CompTIA PenTest+ Exam Questions and Answers

Question 21

During an assessment, a penetration tester runs the following command:

dnscmd.exe /config /serverlevelplugindll C:\users\necad-TA\Documents\adduser.dll

Which of the following is the penetration tester trying to achieve?

Options:

DNS enumeration

Privilege escalation

Command injection

A list of available users

Answer:

Explanation:

The tester is attempting to register a malicious DLL as a server-level plugin to escalate privileges.

Privilege escalation (Option B):

The command uses dnscmd.exe, a legitimate Windows tool for managing DNS servers.

By setting a malicious DLL (adduser.dll) as a server-level plugin, attackers can gain SYSTEM-level privileges.

This technique is a DLL hijacking attack.

[Reference: CompTIA PenTest+ PT0-003 Official Study Guide - "Windows Privilege Escalation Techniques", Incorrect options:, Option A (DNS enumeration): The command modifies DNS settings rather than querying them., Option C (Command injection): The attacker is not injecting arbitrary shell commands., Option D (List of users): The command does not retrieve user information.et unauthorized access to, , , , ]

Question 22

A tester performs a vulnerability scan and identifies several outdated libraries used within the customer SaaS product offering. Which of the following types of scans did the tester use to identify the libraries?

Options:

IAST

SBOM

DAST

SAST

Answer:

Explanation:

kube-hunter is a tool designed to perform security assessments on Kubernetes clusters. It identifies various vulnerabilities, focusing on weaknesses and misconfigurations. Here’s why option B is correct:

Kube-hunter: It scans Kubernetes clusters to identify security issues, such as misconfigurations, insecure settings, and potential attack vectors.

Network Configuration Errors: While kube-hunter might identify some network-related issues, its primary focus is on Kubernetes-specific vulnerabilities and misconfigurations.

Application Deployment Issues: These are more related to the applications running within the cluster, not the cluster configuration itself.

Security Vulnerabilities in Docker Containers: Kube-hunter focuses on the Kubernetes environment rather than Docker container-specific vulnerabilities.

References from Pentest:

Forge HTB: Highlights the use of specialized tools to identify misconfigurations in environments, similar to how kube-hunter operates within Kubernetes clusters.

Anubis HTB: Demonstrates the importance of identifying and fixing misconfigurations within complex environments like Kubernetes clusters.

Conclusion:

Option B, weaknesses and misconfigurations in the Kubernetes cluster, accurately describes the type of vulnerabilities that kube-hunter is designed to detect.

======

Question 23

During an assessment, a penetration tester plans to gather metadata from various online files, including pictures. Which of the following standards outlines the formats for pictures, audio, and additional tags that facilitate this type of reconnaissance?

Options:

EXIF

GIF

COFF

ELF

Answer:

Explanation:

Metadata extraction allows attackers to collect sensitive information from digital files.

EXIF (Exchangeable Image File Format) (Option A):

EXIF metadata contains camera details, GPS coordinates, timestamps, and software versions used to edit the file.

Attackers use tools like ExifTool to extract metadata for reconnaissance.

[Reference: CompTIA PenTest+ PT0-003 Official Study Guide - "Metadata Analysis in Open-Source Intelligence (OSINT)", Incorrect options:, Option B (GIF): A file format for images, but not a metadata standard., Option C (COFF): Common Object File Format, related to executable files, not images., Option D (ELF): Executable and Linkable Format, used for Linux binaries, not metadata analysis., , , ]

Question 24

Which of the following can an access control vestibule help deter?

Options:

USB drops

Badge cloning

Lock picking

Tailgating

Answer:

Explanation:

Un access control vestibule (también conocido como mantrap) es una estructura de seguridad que permite que solo una persona entre a la vez a través de dos puertas controladas. Este tipo de estructura está diseñada específicamente para evitar tailgating, donde una persona no autorizada intenta entrar siguiendo a una autorizada.

No previene ataques como la clonación de credenciales (badge cloning), ni el uso de USB maliciosos, ni técnicas de lock picking.

Referencia: PT0-003 Objective 2.1 – Physical security controls, including mantraps and their use against tailgating.

Free PT0-003 CompTIA Updates
Last Attempt PT0-003 Questions
PenTest+ PT0-003 Book
Full Access CompTIA PT0-003 Tutorials
CompTIA PT0-003 Actual Questions
Selected PT0-003 PenTest+ Questions Answers
PenTest+ PT0-003 CompTIA Study Notes
PenTest+ PT0-003 Full Course Free
PT0-003 CompTIA Exam Lab Questions
PenTest+ PT0-003 Syllabus Exam Questions Answers
PenTest+ PT0-003 Reddit Questions
CompTIA PT0-003 Based on Real Exam Environment
Pass PT0-003 Exam Guide
All PT0-003 Test Inside CompTIA Questions
Ace Your PT0-003 PenTest+ Exam
Complete PT0-003 CompTIA Materials
PenTest+ Changed PT0-003 Questions
CompTIA PenTest+ PT0-003 New Questions
PT0-003 Questions Bank
CompTIA PT0-003 Questions Answers
Get More CompTIA Exams Free Access

Spring Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

CompTIA PenTest+ Exam Questions and Answers

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

CompTIA

Fortinet

Microsoft

Salesforce