PT0-003 Exam - Free Actual Q&As, Page 1

PT0-003 Actual Exam Questions

Last updated on Feb. 12, 2025.

Vendor:CompTIA

Exam Code:PT0-003

Exam Name:CompTIA PenTest+

Exam Questions:71

Topic 1 - Exam A

Question #1 Topic 1

A penetration tester wants to send a specific network packet with custom flags and sequence numbers to a vulnerable target. Which of the following should the tester use?

A. tcprelay
B. Bluecrack
C. Scapy
D. tcpdump

Reveal Solution Discussion

Correct Answer: C 🗳️

Question #2 Topic 1

Which of the following explains the reason a tester would opt to use DREAD over PTES during the planning phase of a penetration test?

A. The tester is conducting a web application test.
B. The tester is assessing a mobile application.
C. The tester is evaluating a thick client application.
D. The tester is creating a threat model.

Reveal Solution Discussion

Correct Answer: D 🗳️

Question #3 Topic 1

A penetration tester is performing a security review of a web application. Which of the following should the tester leverage to identify the presence of vulnerable open-source libraries?

A. VM
B. IAST
C. DAST
D. SCA

Reveal Solution Discussion

Correct Answer: D 🗳️

Question #4 Topic 1

A penetration tester finds that an application responds with the contents of the /etc/passwd file when the following payload is sent:

Which of the following should the tester recommend in the report to best prevent this type of vulnerability?

A. Drop all excessive file permissions with chmod o-rwx.
B. Ensure the requests application access logs are reviewed frequently.
C. Disable the use of external entities.
D. Implement a WAF to filter all incoming requests.

Reveal Solution Discussion

Correct Answer: C 🗳️

Viewing page 1 out of 18 pages.

Next Questions

Browse atleast 50% to increase passing rate

Someone Bought Contributor Access for:

SY0-701

London, 1 minute ago