Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CompTIA PT0-003 Exam - Topic 2 Question 30 Discussion

Actual exam question for CompTIA's PT0-003 exam
Question #: 30
Topic #: 2
[All PT0-003 Questions]

[Attacks and Exploits]

A tester gains initial access to a server and needs to enumerate all corporate domain DNS records. Which of the following commands should the tester use?

Show Suggested Answer Hide Answer
Suggested Answer: C

La opcin C, dig axfr @local.dns.server, realiza una transferencia de zona DNS (Zone Transfer). Si el servidor DNS est mal configurado y permite este tipo de solicitudes, el atacante puede obtener todos los registros DNS del dominio interno.

La opcin A muestra solo registros A/AAAA. La B no hace enumeracin completa. La D no es vlida como sintaxis.

Referencia: PT0-003 Objective 3.3 -- Perform domain enumeration using dig and DNS zone transfer techniques.


by Patrick at Nov 23, 2025, 02:01 AM

Limited Time Offer

25%

Off

Get Premium PT0-003 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Yan
1 day ago
D is useful if you want to specify the DNS server.
upvoted 0 times
...
Derick
7 days ago
C seems risky, but it could reveal a lot.
upvoted 0 times
...
Jules
12 days ago
A is good too, quick results for A and AAAA records.
upvoted 0 times
...
Demetra
17 days ago
I prefer B. It's straightforward for basic queries.
upvoted 0 times
...
Rana
22 days ago
I think option C is the best. It does a zone transfer.
upvoted 0 times
...
Whitley
27 days ago
D seems useful too, but I’d stick with C for thoroughness.
upvoted 0 times
...
Chana
2 months ago
Wait, can you really do a zone transfer with C? Sounds risky!
upvoted 0 times
...
Jaleesa
2 months ago
I disagree, B is simpler for basic queries.
upvoted 0 times
...
Wilda
2 months ago
A is a quick way to get specific records, but not exhaustive.
upvoted 0 times
...
Ashlyn
2 months ago
I think C is the best choice for DNS enumeration.
upvoted 0 times
...
Cheryl
2 months ago
Haha, the tester should just ask the IT admin nicely for the DNS records. No need for all this hacking stuff!
upvoted 0 times
...
Germaine
2 months ago
B) nslookup local.domain is too basic, it doesn't provide a comprehensive list of all domain records.
upvoted 0 times
...
Florencia
3 months ago
A) dig +short A AAAA local.domain is not enough, it only retrieves the A and AAAA records.
upvoted 0 times
...
Laquita
3 months ago
D) nslookup -server local.dns.server local.domain is also a good option to enumerate the DNS records.
upvoted 0 times
...
Taryn
3 months ago
C) dig axfr @local.dns.server is the correct answer. This command performs a DNS zone transfer to retrieve all domain records.
upvoted 0 times
...
King
3 months ago
I’m torn between B and D; I think using `nslookup` with a specific server could help, but I can't remember the exact syntax for option D.
upvoted 0 times
...
Marquetta
3 months ago
I vaguely recall that `dig axfr` is used for zone transfers, so option C might be the best one if the server allows it.
upvoted 0 times
...
Terina
3 months ago
I practiced with `nslookup` before, and it seems like option B could work, but I feel like there might be a better choice for enumerating all records.
upvoted 0 times
...
Aja
4 months ago
I think I remember that `dig` is often used for DNS queries, but I'm not sure if it's the right one for this specific task.
upvoted 0 times
...
Carissa
4 months ago
Hmm, I'm a bit confused. A lot of these options look similar, and I'm not sure which one is the best approach. Maybe I'll try a few and see which one gives me the most useful information.
upvoted 0 times
...
Kimbery
4 months ago
This is a tricky one, but I think I know the answer. Option C, the dig axfr command, is the way to go. It's the classic technique for doing a full zone transfer and enumerating all the DNS records. Gotta love those AXFR queries!
upvoted 0 times
...
Anastacia
4 months ago
Okay, I've got this. Option D is the answer - the nslookup command with the -server flag will let us query the local DNS server directly and pull all the domain info we need. Simple and effective.
upvoted 0 times
...
Johanna
5 months ago
I'm not too sure about this one. The question is asking about enumerating DNS records, but some of these options seem a bit specific. I might try a few of them and see which one gives me the most comprehensive results.
upvoted 0 times
...
Jenifer
5 months ago
Hmm, this looks like a classic DNS enumeration question. I think option C is the way to go - the dig axfr command should let us do a full zone transfer and get all the domain records.
upvoted 0 times
Paris
4 months ago
I agree, option C seems like the best choice for a full zone transfer.
upvoted 0 times
...
...

Save Cancel