New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CompTIA PT0-003 Exam - Topic 2 Question 30 Discussion

Actual exam question for CompTIA's PT0-003 exam
Question #: 30
Topic #: 2
[All PT0-003 Questions]

[Attacks and Exploits]

A tester gains initial access to a server and needs to enumerate all corporate domain DNS records. Which of the following commands should the tester use?

Show Suggested Answer Hide Answer
Suggested Answer: C

La opcin C, dig axfr @local.dns.server, realiza una transferencia de zona DNS (Zone Transfer). Si el servidor DNS est mal configurado y permite este tipo de solicitudes, el atacante puede obtener todos los registros DNS del dominio interno.

La opcin A muestra solo registros A/AAAA. La B no hace enumeracin completa. La D no es vlida como sintaxis.

Referencia: PT0-003 Objective 3.3 -- Perform domain enumeration using dig and DNS zone transfer techniques.


by Patrick at Nov 23, 2025, 02:01 AM

Limited Time Offer

25%

Off

Get Premium PT0-003 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Chana
18 hours ago
Wait, can you really do a zone transfer with C? Sounds risky!
upvoted 0 times
...
Jaleesa
6 days ago
I disagree, B is simpler for basic queries.
upvoted 0 times
...
Wilda
11 days ago
A is a quick way to get specific records, but not exhaustive.
upvoted 0 times
...
Ashlyn
16 days ago
I think C is the best choice for DNS enumeration.
upvoted 0 times
...
Cheryl
21 days ago
Haha, the tester should just ask the IT admin nicely for the DNS records. No need for all this hacking stuff!
upvoted 0 times
...
Germaine
27 days ago
B) nslookup local.domain is too basic, it doesn't provide a comprehensive list of all domain records.
upvoted 0 times
...
Florencia
1 month ago
A) dig +short A AAAA local.domain is not enough, it only retrieves the A and AAAA records.
upvoted 0 times
...
Laquita
1 month ago
D) nslookup -server local.dns.server local.domain is also a good option to enumerate the DNS records.
upvoted 0 times
...
Taryn
1 month ago
C) dig axfr @local.dns.server is the correct answer. This command performs a DNS zone transfer to retrieve all domain records.
upvoted 0 times
...
King
2 months ago
I’m torn between B and D; I think using `nslookup` with a specific server could help, but I can't remember the exact syntax for option D.
upvoted 0 times
...
Marquetta
2 months ago
I vaguely recall that `dig axfr` is used for zone transfers, so option C might be the best one if the server allows it.
upvoted 0 times
...
Terina
2 months ago
I practiced with `nslookup` before, and it seems like option B could work, but I feel like there might be a better choice for enumerating all records.
upvoted 0 times
...
Aja
2 months ago
I think I remember that `dig` is often used for DNS queries, but I'm not sure if it's the right one for this specific task.
upvoted 0 times
...
Carissa
2 months ago
Hmm, I'm a bit confused. A lot of these options look similar, and I'm not sure which one is the best approach. Maybe I'll try a few and see which one gives me the most useful information.
upvoted 0 times
...
Kimbery
3 months ago
This is a tricky one, but I think I know the answer. Option C, the dig axfr command, is the way to go. It's the classic technique for doing a full zone transfer and enumerating all the DNS records. Gotta love those AXFR queries!
upvoted 0 times
...
Anastacia
3 months ago
Okay, I've got this. Option D is the answer - the nslookup command with the -server flag will let us query the local DNS server directly and pull all the domain info we need. Simple and effective.
upvoted 0 times
...
Johanna
3 months ago
I'm not too sure about this one. The question is asking about enumerating DNS records, but some of these options seem a bit specific. I might try a few of them and see which one gives me the most comprehensive results.
upvoted 0 times
...
Jenifer
3 months ago
Hmm, this looks like a classic DNS enumeration question. I think option C is the way to go - the dig axfr command should let us do a full zone transfer and get all the domain records.
upvoted 0 times
Paris
2 months ago
I agree, option C seems like the best choice for a full zone transfer.
upvoted 0 times
...
...

Save Cancel