CompTIA PenTest+ - PT0-003 Exam Practice Test

A penetration tester gained a foothold within a network. The penetration tester needs to enumerate all users within the domain. Which of the following is the best way to accomplish this task?
Correct Answer: C Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).
A penetration tester is getting ready to conduct a vulnerability scan as part of the testing process. The tester will evaluate an environment that consists of a container orchestration cluster. Which of the following tools should the tester use to evaluate the cluster?
Correct Answer: A Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).
During a penetration test, the tester gains full access to the application ' s source code. The application repository includes thousands of code files. Given that the assessment timeline is very short, which of the following approaches would allow the tester to identify hard-coded credentials most effectively?
Correct Answer: C Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).
A penetration tester discovers data to stage and exfiltrate. The client has authorized movement to the tester ' s attacking hosts only. Which of the following would be most appropriate to avoid alerting the SOC?
Correct Answer: C Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).
A penetration tester discovers evidence of an advanced persistent threat on the network that is being tested.
Which of the following should the tester do next?
Correct Answer: D Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).
A penetration tester performs several Nmap scans against the web application for a client.
INSTRUCTIONS
Click on the WAF and servers to review the results of the Nmap scans. Then click on each tab to select the appropriate vulnerability and remediation options.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.




Correct Answer:
See the explanation part for detailed solution.
Explanation:
A screenshot of a computer Description automatically generated

A screenshot of a computer screen Description automatically generated

Most likely vulnerability: Perform a SSRF attack against App01.example.com from CDN.example.com.
The scenario suggests that the CDN network (with a WAF) can be used to perform a Server-Side Request Forgery (SSRF) attack. Since the penetration tester has the pentester workstation interacting through the CDN
/WAF and the production network is behind it, the most plausible attack vector is to exploit SSRF to interact with the internal services like App01.example.com.
Two best remediation options:
Restrict direct communications to App01.example.com to only approved components.
Require an additional authentication header value between CDN.example.com and App01.example.com.
Restrict direct communications to App01.example.com to only approved components: This limits the exposure of the application server by ensuring that only specified, trusted entities can communicate with it.
Require an additional authentication header value between CDN.example.com and App01.example.com:
Adding an authentication layer between the CDN and the app server helps ensure that requests are legitimate and originate from trusted sources, mitigating SSRF and other indirect attack vectors.
Nmap Scan Observations:
CDN/WAF shows open ports for HTTP and HTTPS but filtered for MySQL, indicating it acts as a filtering layer.
App Server has open ports for HTTP, HTTPS, and filtered for MySQL.
DB Server has all ports filtered, typical for a database server that should not be directly accessible.
These findings align with the SSRF vulnerability and the appropriate remediation steps to enhance the security of internal communications.
Which of the following methods should a physical penetration tester employ to access a rarely used door that has electronic locking mechanisms?
Correct Answer: D Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).
A penetration tester wants to collect credentials against an organization with a PEAP infrastructure. Which of the following tools should the tester use?
Correct Answer: B Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).
A penetration tester cannot use Nmap and must perform port discovery and banner grabbing for potential vulnerable SSH services. Given the following script:
#!/usr/bin/bash
ip_address = " 192.168.5. "
...
for i in {1..254}
do
--missing command--
done
...
Which of the following commands will best help the tester achieve this objective?
Correct Answer: D Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).