CompTIA PT0-003 Practice Questions

The latest changes and updates from the administration for this exam.

verified

Latest Update: Jun 15 2026

All questions are working fine.

All Questions (540)bookmarkBookmarked (0)

All540Show all accessible questions in this exam.Missed540Questions you haven't attempted yet.Incorrect0Questions you answered incorrectly on your last attempt.

Question 261

During a penetration test on a cloud environment, you need to identify and exploit misconfigurations in Identity and Access Management (IAM). Which of the following tools would be best in this scenario?

ScoutSuite

CloudSploit

Prowler

Pacu

Question 262

Barry, a penetration tester, is tasked with assessing the security of a client's internal network. During the engagement, he identifies an open SSH port on a critical server that handles sensitive data. He selects Hydra as his tool of choice for this task. Which of the following best describes the action Barry should take next to effectively use Hydra in this scenario?

Use Hydra to perform an on-path attack by intercepting SSH traffic between the client and server

Use Hydra to flood the SSH service with excessive login attempts to cause a denial-of-service (DoS) condition

Configure Hydra to exploit known vulnerabilities in the SSH protocol to gain unauthorized access

Use Hydra to perform a dictionary attack against the SSH service, using a wordlist of common passwords

Question 263

During a mobile device assessment, you discover that an employee’s Bluetooth-enabled wireless headset is configured in discoverable mode and is paired with their corporate smartphone. Then you demonstrate that unsolicited messages can be sent to the headset and that, under certain conditions, the pairing can be leveraged to interact with the smartphone without the user’s awareness. Which term BEST describes exploiting Bluetooth connectivity weaknesses in this manner?

Zero-day attack

Multiplexing

Smurfing

Bluejacking

Question 264

During a multi-tenant cloud assessment, a penetration tester observes that compute instances from different customers are scheduled on the same physical host. The tester hypothesizes that by carefully measuring cache access times and CPU execution patterns, it may be possible to infer sensitive data from a co-resident instance without direct interaction. Which of the following attack types is MOST likely being considered?

XSS

Side-channel attack

On-path attack

Resource exhaustion

Question 265

A penetration tester is conducting an assessment of a wireless network that is secure using WPA2 Enterprise encryption. Which of the following are major differences between conducting reconnaissance of a wireless network versus a wired network? (SELECT TWO)

Question 266

During an engagement, you are reviewing a PowerShell script that repeats the same enumeration commands for each target system. This duplication makes the script difficult to maintain and prone to errors. What change would best improve the script?

Convert output to text files only

Add additional output statements

Replace variables with static values

Encapsulate logic in a function

Question 267

During the reconnaissance phase of a penetration test, an assessor uses advanced search operators to locate publicly indexed pages that may reference sensitive credentials related to the target organization. The tester executes the following Google query:

password inurl:example.com

Which of the following results would most likely be returned by this search?

https://www.example.com/admin/password-policy.html

https://www.sample.com/example/password-guide

https://www.othersite.org/password-reset

https://www.passworddumps.com/example

Question 268

While conducting an assessment of user behavior risks, a penetration tester sets up a rogue AP (Access Point) in a hotel environment to capture network traffic from connected clients. The tester observes a user authenticate to a webmail portal over an unencrypted session, and later successfully reuses captured credentials to access the user’s account. Which of the following protocols was MOST likely responsible for exposing the user’s credentials to packet capture?

HTTP

DNS

SSL

TFTP

Question 269

During an engagement, you are developing a Python-based reconnaissance tool that performs repeated Domain Name System (DNS) lookups against multiple discovered subdomains and external assets. To support maintainability and allow reuse of the lookup logic across different enumeration modules (such as host discovery and mail record analysis), you want to structure the script using sound software design principles. Which approach would BEST ensure modularity and reusability in this scenario?

Use the print statement each time you need the DNS lookup

Hard-code the DNS lookup in the script multiple times

Repeat the DNS lookup code at every necessary step in the script

Write the DNS lookup code within a class and call it when needed

Question 270

During a physical penetration test, an assessor attempts to gain entry into a restricted data center by closely following an authorized employee through an access-controlled door without presenting credentials. While documenting weaknesses in the facility’s physical access controls, the tester considers which control would most effectively prevent this tailgating technique. Which of the following physical security mechanisms would most effectively stop the tester from entering using this method?

Using facial recognition systems to authenticate users

Installing security turnstiles that allow only one person through at a time

Placing security guards at entry points to check badges manually

Requiring employees to complete security awareness training

Update History

Update History