CompTIA PT0-003 Practice Questions

The latest changes and updates from the administration for this exam.

verified

Latest Update: Jun 15 2026

All questions are working fine.

All Questions (540)bookmarkBookmarked (0)

All540Show all accessible questions in this exam.Missed540Questions you haven't attempted yet.Incorrect0Questions you answered incorrectly on your last attempt.

Question 171

During a web application assessment, a penetration tester identifies a legacy IIS (Internet Information Services) 4.0 server vulnerable to command execution via the msadc.pl exploit. To improve efficiency, the tester locates a Perl script (shown below) that automates multiple stages of the attack, including writing credentials to a file, transferring tools via FTP, and establishing a reverse shell using Netcat.

Based on the sequence of commands demonstrated in the script, which of the following exploit types is being used?

Buffer overflow exploit

SQL injection exploit

Chained exploit

Denial of Service exploit

Question 172

During the post-exploitation phase of your penetration test, you use the credentials obtained from a compromised machine to access other systems within the same network. Which of the following best describes this activity?

Lateral movement

Persistence

Pivoting

Privilege escalation

Question 173

What is the proper threat classification for a security breach that employs brute-force methods to compromise, degrade, or destroy systems?

Attrition

Improper usage

Impersonation

Loss or theft of equipment

Question 174

During a wireless security assessment, you discover that the client’s access points have Wi-Fi Protected Setup (WPS) enabled using PIN-based enrollment. You capture the WPS authentication exchange and determine that the access point validates portions of the PIN separately rather than as a single eight-digit value. Which inherent weakness in WPS makes this PIN configuration susceptible to exploitation?

Utilizes TKIP to secure the authentication handshake

Utilizes a 24-bit initialization vector

Utilizes a 40-bit encryption key

Brute force occurs within 11,000 combinations

Question 175

Tyler is conducting a penetration test and needs to execute various network protocols over a compromised system to interact with Windows systems remotely. Which of the following would be most suitable for this?

scp user@host:file .

sshuttle -r user@host 0/0

netcat -lvp 4444

impacket-smbclient

Question 176

During the reconnaissance phase of a penetration test, an assessor is attempting to identify publicly accessible documentation hosted on the target organization’s website that might expose weak operational security practices. Specifically, the tester wants to locate any pages on example.com that contain references to the word “password”, as these pages may include training materials, configuration examples, or accidentally exposed credentials. Which of the following Google dork queries would most effectively return only results hosted on the target domain that contain this keyword?

password inurl:example.com

password link:example.com

password site:example.com

password inanchor:example.com

Question 177

While using SpiderFoot, you want to identify potential vulnerabilities in the DNS configuration of your target by discovering exposed subdomains. Which module would you configure in SpiderFoot to achieve this?

DNS Resolver

Whois

Subdomain Finder

Port Scanner

Question 178

You are conducting reconnaissance against an organization for an upcoming engagement. Last week, you read a press release on their website that mentioned a new security infrastructure being deployed soon, but you cannot remember the exact date for the deployment. You tried to navigate back to the press release on their website, but it seems to have been taken down. Which of the following can you use to find a copy of the press release? (Select TWO)

Select all that apply

Use a network sniffer to capture API requests and responses from the site

Use a standard cache search by entering cache:https://example.com

Use a website archive like archive.org to find a copy of the press release

Conduct a website crawl of https://example.com to find the hidden document

Question 179

During a mobile payment security assessment, you observe two devices communicating via Near-field communication (NFC) to complete a contactless transaction. You demonstrate that, using specialized radio equipment positioned within close proximity, it is possible to capture and analyze the raw data exchanged during the transaction without interrupting the communication. Which type of attack does this scenario BEST represent?

Phishing

Bluejacking

Eavesdropping

Jamming

Question 180

During a network traffic analysis exercise, a penetration tester needs to capture only HTTP requests that initiate resource retrieval from a web server while minimizing noise from other traffic. The tester decides to apply a Berkeley Packet Filter (BPF) expression that inspects both the destination port and the payload signature of the request on interface eth0. Which of the following tcpdump commands should the tester use to capture only these specific requests?

tcpdump -i eth0 "tcp port 80 and tcp contains 'GET'"

tcpdump -i eth0 "port 80 and host GET"

tcpdump -i eth0 "tcp port 80 and tcp[32:4] = 0x47455420"

tcpdump -i eth0 "tcp[32:4] == GET"

Update History

Update History