CompTIA PT0-003 Questions Answers

Comprehensive and Detailed Explanation:

The appropriate first step for a low-profile physical access attempt is conducting surveillance to gather information such as entry points, peak/low occupancy times, security guard patterns, camera placement, and typical foot traffic. Surveillance (visual observation, external photography, publicly available schedules) informs a safe, low-risk entry plan and helps the tester choose tactics that minimize attention.

Why not the others first:

A. Interacting with security employees to clone a badge — directly engaging security staff to manipulate them is an escalation and could alert personnel; it’s also ethically/contractually risky if done without prior scoped approval and planning.

B. Trying to enter the back door after hours on a weekend — acting without reconnaissance increases likelihood of detection or legal exposure.

C. Collecting building blueprints to run a site survey — blueprints are useful but often hard to obtain and not the initial low-effort step; surveillance provides immediate, actionable behavioral intelligence.

CompTIA PT0-003 Mapping: Physical security assessments — perform reconnaissance and site survey activities first to develop low-visibility access strategies that adhere to the engagement rules of engagement and legal constraints.

Dynamic Application Security Testing (DAST):

Definition: DAST involves testing the application in its running state to identify vulnerabilities that could be exploited by an attacker.

Purpose: Simulates attacks on a live application, examining how it behaves and identifying security weaknesses.

ZAP (Zed Attack Proxy):

Description: An open-source DAST tool developed by OWASP.

Features: Capable of scanning web applications for vulnerabilities, including SQL injection, XSS, CSRF, and other common web application vulnerabilities.

Usage: Ideal for dynamic testing as it interacts with the live application and identifies vulnerabilities that may not be visible in static code analysis.

Other Tools:

Mimikatz: Used for post-exploitation activities, specifically credential dumping on Windows systems.

OllyDbg: A debugger used for reverse engineering and static analysis of binary files, not suitable for dynamic testing.

SonarQube: A static code analysis tool used for SAST (Static Application Security Testing), not for dynamic testing.

Pentest References:

Web Application Security Testing: Utilizing DAST tools like ZAP to dynamically test and find vulnerabilities in running web applications.

OWASP Tools: Leveraging open-source tools recommended by OWASP for comprehensive security testing.

By using ZAP, the penetration tester can perform dynamic testing to identify runtime vulnerabilities in web applications, extending the scope of the vulnerability search.

======

The script is retrieving base64-encoded commands hidden in DNS TXT records and executing them. This is a technique known as DNS tunneling, which allows covert data transmission using DNS queries/responses — often used to bypass firewalls or exfiltrate data without detection.

From the CompTIA PenTest+ PT0-003 Official Study Guide (Chapter 9 – Evading Detection and Exploitation Techniques):

“DNS tunneling is a covert communication technique where command-and-control instructions or exfiltrated data are encoded into DNS queries and responses, typically using TXT records.”

At the end of a penetration test, handling sensitive data properly ensures compliance with legal, regulatory, and ethical guidelines.

Securely destroy or remove all engagement-related data (Option B):

Ensures confidentiality of test results.

Prevents unauthorized access to client information.

Methods include secure wiping tools (shred, sdelete), and encrypted storage deletion.