Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CompTIA PT0-003 Exam - Topic 2 Question 30 Discussion

Actual exam question for CompTIA's PT0-003 exam
Question #: 30
Topic #: 2
[All PT0-003 Questions]

[Attacks and Exploits]

A tester gains initial access to a server and needs to enumerate all corporate domain DNS records. Which of the following commands should the tester use?

Show Suggested Answer Hide Answer
Suggested Answer: C

La opcin C, dig axfr @local.dns.server, realiza una transferencia de zona DNS (Zone Transfer). Si el servidor DNS est mal configurado y permite este tipo de solicitudes, el atacante puede obtener todos los registros DNS del dominio interno.

La opcin A muestra solo registros A/AAAA. La B no hace enumeracin completa. La D no es vlida como sintaxis.

Referencia: PT0-003 Objective 3.3 -- Perform domain enumeration using dig and DNS zone transfer techniques.


by Patrick at Nov 23, 2025, 02:01 AM

Limited Time Offer

25%

Off

Get Premium PT0-003 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Alesia
1 month ago
I feel like B is safer for initial access.
upvoted 0 times
...
Yan
2 months ago
D is useful if you want to specify the DNS server.
upvoted 0 times
...
Derick
2 months ago
C seems risky, but it could reveal a lot.
upvoted 0 times
...
Jules
2 months ago
A is good too, quick results for A and AAAA records.
upvoted 0 times
...
Demetra
2 months ago
I prefer B. It's straightforward for basic queries.
upvoted 0 times
...
Rana
2 months ago
I think option C is the best. It does a zone transfer.
upvoted 0 times
...
Whitley
2 months ago
D seems useful too, but I’d stick with C for thoroughness.
upvoted 0 times
...
Chana
3 months ago
Wait, can you really do a zone transfer with C? Sounds risky!
upvoted 0 times
...
Jaleesa
3 months ago
I disagree, B is simpler for basic queries.
upvoted 0 times
...
Wilda
3 months ago
A is a quick way to get specific records, but not exhaustive.
upvoted 0 times
...
Ashlyn
4 months ago
I think C is the best choice for DNS enumeration.
upvoted 0 times
...
Cheryl
4 months ago
Haha, the tester should just ask the IT admin nicely for the DNS records. No need for all this hacking stuff!
upvoted 0 times
...
Germaine
4 months ago
B) nslookup local.domain is too basic, it doesn't provide a comprehensive list of all domain records.
upvoted 0 times
...
Florencia
4 months ago
A) dig +short A AAAA local.domain is not enough, it only retrieves the A and AAAA records.
upvoted 0 times
...
Laquita
4 months ago
D) nslookup -server local.dns.server local.domain is also a good option to enumerate the DNS records.
upvoted 0 times
...
Taryn
4 months ago
C) dig axfr @local.dns.server is the correct answer. This command performs a DNS zone transfer to retrieve all domain records.
upvoted 0 times
...
King
5 months ago
I’m torn between B and D; I think using `nslookup` with a specific server could help, but I can't remember the exact syntax for option D.
upvoted 0 times
...
Marquetta
5 months ago
I vaguely recall that `dig axfr` is used for zone transfers, so option C might be the best one if the server allows it.
upvoted 0 times
...
Terina
5 months ago
I practiced with `nslookup` before, and it seems like option B could work, but I feel like there might be a better choice for enumerating all records.
upvoted 0 times
...
Aja
5 months ago
I think I remember that `dig` is often used for DNS queries, but I'm not sure if it's the right one for this specific task.
upvoted 0 times
...
Carissa
5 months ago
Hmm, I'm a bit confused. A lot of these options look similar, and I'm not sure which one is the best approach. Maybe I'll try a few and see which one gives me the most useful information.
upvoted 0 times
...
Kimbery
6 months ago
This is a tricky one, but I think I know the answer. Option C, the dig axfr command, is the way to go. It's the classic technique for doing a full zone transfer and enumerating all the DNS records. Gotta love those AXFR queries!
upvoted 0 times
...
Anastacia
6 months ago
Okay, I've got this. Option D is the answer - the nslookup command with the -server flag will let us query the local DNS server directly and pull all the domain info we need. Simple and effective.
upvoted 0 times
...
Johanna
6 months ago
I'm not too sure about this one. The question is asking about enumerating DNS records, but some of these options seem a bit specific. I might try a few of them and see which one gives me the most comprehensive results.
upvoted 0 times
...
Jenifer
6 months ago
Hmm, this looks like a classic DNS enumeration question. I think option C is the way to go - the dig axfr command should let us do a full zone transfer and get all the domain records.
upvoted 0 times
Ula
21 days ago
Option A could also work for quick checks, but not as thorough.
upvoted 0 times
...
Gerri
26 days ago
I’d still consider option B for a safer approach.
upvoted 0 times
...
Herschel
1 month ago
True, but if done stealthily, it can be very effective.
upvoted 0 times
...
Nobuko
1 month ago
Yeah, but isn't it risky? It could alert the admins.
upvoted 0 times
...
Paris
5 months ago
I agree, option C seems like the best choice for a full zone transfer.
upvoted 0 times
...
...

Save Cancel