Free CompTIA PT0-003 Practice Exams

Question #1

During a discussion of a penetration test final report, the consultant shows the following payload used to attack a system:

html

Copy code

7/<sCRitP>aLeRt(‘pwned’)</ScriPt>

Based on the code, which of the following options represents the attack executed by the tester and the associated countermeasure?

A . Arbitrary code execution: the affected computer should be placed on a perimeter network
B . SQL injection attack: should be detected and prevented by a web application firewall
C . Cross-site request forgery: should be detected and prevented by a firewall
D . XSS obfuscated: should be prevented by input sanitization

Reveal Solution Hide Solution

Question #2

A consultant starts a network penetration test. The consultant uses a laptop that is hardwired to the network to try to assess the network with the appropriate tools.

Which of the following should the consultant engage first?

A . Service discovery
B . OS fingerprinting
C . Host discovery
D . DNS enumeration

Reveal Solution Hide Solution

Correct Answer: C
C

Explanation:

In network penetration testing, the initial steps involve gathering information to build an understanding of the network’s structure, devices, and potential entry points. The process generally follows a structured approach, starting from broad discovery methods to more specific identification techniques. Here’s a comprehensive breakdown of the steps: Host Discovery ( Answer C):

Objective: Identify live hosts on the network.

Tools & Techniques:

Ping Sweep: Using tools like nmap with the -sn option (ping scan) to check for live hosts by sending ICMP Echo requests.

ARP Scan: Useful in local networks, arp-scan can help identify all devices on the local subnet by broadcasting ARP requests.

nmap -sn 192.168.1.0/24

Reference: The GoBox HTB write-up emphasizes the importance of identifying hosts before moving to service enumeration.

The Forge HTB write-up also highlights using Nmap for initial host discovery in its enumeration phase.

Service Discovery (Option A):

Objective: After identifying live hosts, determine the services running on them.

Tools & Techniques:

Nmap: Often used with options like -sV for version detection to identify services.

nmap -sV 192.168.1.100

Reference: As seen in multiple write-ups (e.g., Anubis HTB and Bolt HTB), service discovery follows host identification to understand the services available for potential exploitation.

OS Fingerprinting (Option B):

Objective: Determine the operating system of the identified hosts.

Tools & Techniques:

Nmap: With the -O option for OS detection.

nmap -O 192.168.1.100

Reference: Accurate OS fingerprinting helps tailor subsequent attacks and is often performed after host and service discovery, as highlighted in the write-ups. DNS Enumeration (Option D):

Objective: Identify DNS records and gather subdomains related to the target domain.

Tools & Techniques:

dnsenum, dnsrecon, and dig.

dnsenum example.com

Reference: DNS enumeration is crucial for identifying additional attack surfaces, such as subdomains and related services. This step is typically part of the reconnaissance phase but follows host discovery and sometimes service identification.

Conclusion: The initial engagement in a network penetration test is to identify the live hosts on the network (Host Discovery). This foundational step allows the penetration tester to map out active devices before delving into more specific enumeration tasks like service discovery, OS fingerprinting, and DNS enumeration. This structured approach ensures that the tester maximizes their understanding of the network environment efficiently and systematically.

Question #2

A consultant starts a network penetration test. The consultant uses a laptop that is hardwired to the network to try to assess the network with the appropriate tools.

Which of the following should the consultant engage first?

A . Service discovery
B . OS fingerprinting
C . Host discovery
D . DNS enumeration

Reveal Solution Hide Solution

Correct Answer: C
C

Explanation:

In network penetration testing, the initial steps involve gathering information to build an understanding of the network’s structure, devices, and potential entry points. The process generally follows a structured approach, starting from broad discovery methods to more specific identification techniques. Here’s a comprehensive breakdown of the steps: Host Discovery ( Answer C):

Objective: Identify live hosts on the network.

Tools & Techniques:

Ping Sweep: Using tools like nmap with the -sn option (ping scan) to check for live hosts by sending ICMP Echo requests.

ARP Scan: Useful in local networks, arp-scan can help identify all devices on the local subnet by broadcasting ARP requests.

nmap -sn 192.168.1.0/24

Reference: The GoBox HTB write-up emphasizes the importance of identifying hosts before moving to service enumeration.

The Forge HTB write-up also highlights using Nmap for initial host discovery in its enumeration phase.

Service Discovery (Option A):

Objective: After identifying live hosts, determine the services running on them.

Tools & Techniques:

Nmap: Often used with options like -sV for version detection to identify services.

nmap -sV 192.168.1.100

Reference: As seen in multiple write-ups (e.g., Anubis HTB and Bolt HTB), service discovery follows host identification to understand the services available for potential exploitation.

OS Fingerprinting (Option B):

Objective: Determine the operating system of the identified hosts.

Tools & Techniques:

Nmap: With the -O option for OS detection.

nmap -O 192.168.1.100

Reference: Accurate OS fingerprinting helps tailor subsequent attacks and is often performed after host and service discovery, as highlighted in the write-ups. DNS Enumeration (Option D):

Objective: Identify DNS records and gather subdomains related to the target domain.

Tools & Techniques:

dnsenum, dnsrecon, and dig.

dnsenum example.com

Reference: DNS enumeration is crucial for identifying additional attack surfaces, such as subdomains and related services. This step is typically part of the reconnaissance phase but follows host discovery and sometimes service identification.

Conclusion: The initial engagement in a network penetration test is to identify the live hosts on the network (Host Discovery). This foundational step allows the penetration tester to map out active devices before delving into more specific enumeration tasks like service discovery, OS fingerprinting, and DNS enumeration. This structured approach ensures that the tester maximizes their understanding of the network environment efficiently and systematically.

Question #4

Which of the following is within the scope of proper handling and most crucial when working on a penetration testing report?

A . Keeping both video and audio of everything that is done
B . Keeping the report to a maximum of 5 to 10 pages in length
C . Basing the recommendation on the risk score in the report
D . Making the report clear for all objectives with a precise executive summary

Reveal Solution Hide Solution

Question #5

A penetration tester gains access to a Windows machine and wants to further enumerate users with native operating system credentials.

Which of the following should the tester use?

A . route.exe print
B . netstat.exe -ntp
C . net.exe commands
D . strings.exe -a

Reveal Solution Hide Solution

Question #6

While performing an internal assessment, a tester uses the following command:

crackmapexec smb 192.168.1.0/24 -u user.txt -p Summer123@

Which of the following is the main purpose of the command?

A . To perform a pass-the-hash attack over multiple endpoints within the internal network
B . To perform common protocol scanning within the internal network
C . To perform password spraying on internal systems
D . To execute a command in multiple endpoints at the same time

Reveal Solution Hide Solution

Question #7

While performing a penetration testing exercise, a tester executes the following command:

bash

Copy code

PS c:tools> c:hacksPsExec.exe \server01.comptia.org -accepteula cmd.exe Which of the following best explains what the tester is trying to do?

A . Test connectivity using PSExec on the server01 using CMD.exe.
B . Perform a lateral movement attack using PsExec.
C . Send the PsExec binary file to the server01 using CMD.exe.
D . Enable CMD.exe on the server01 through PsExec.

Reveal Solution Hide Solution

Question #8

In a cloud environment, a security team discovers that an attacker accessed confidential information that was used to configure virtual machines during their initialization.

Through which of the following features could this information have been accessed?

A . IAM
B . Block storage
C . Virtual private cloud
D . Metadata services

Reveal Solution Hide Solution

Question #9

A penetration tester is attempting to exfiltrate sensitive data from a client environment without alerting the client’s blue team.

Which of the following exfiltration methods most likely remain undetected?

A . Cloud storage
B . Email
C . Domain Name System
D . Test storage sites

Reveal Solution Hide Solution

Question #10

A penetration tester is testing a power plant’s network and needs to avoid disruption to the grid.

Which of the following methods is most appropriate to identify vulnerabilities in the network?

A . Configure a network scanner engine and execute the scan.
B . Execute a testing framework to validate vulnerabilities on the devices.
C . Configure a port mirror and review the network traffic.
D . Run a network mapper tool to get an understanding of the devices.

Reveal Solution Hide Solution