Free Preparation Discussions
MENU
CompTIA PT0-003 Exam Questions
- Topic 1: Engagement Management: In this topic, cybersecurity analysts learn about pre-engagement activities, collaboration, and communication in a penetration testing environment. The topic covers testing frameworks, methodologies, and penetration test reports. It also explains how to analyze findings and recommend remediation effectively within reports, crucial for real-world testing scenarios.
- Topic 2: Reconnaissance and Enumeration: This topic focuses on applying information gathering and enumeration techniques. Cybersecurity analysts will learn how to modify scripts for reconnaissance and enumeration purposes. They will also understand which tools to use for these stages, essential for gathering crucial information before performing deeper penetration tests.
- Topic 3: Vulnerability Discovery and Analysis: In this section, cybersecurity analysts will learn various techniques to discover vulnerabilities. Analysts will also analyze data from reconnaissance, scanning, and enumeration phases to identify threats. Additionally, it covers physical security concepts, enabling analysts to understand security gaps beyond just the digital landscape.
- Topic 4: Attacks and Exploits: This extensive topic trains cybersecurity analysts to analyze data and prioritize attacks. Analysts will learn how to conduct network, authentication, host-based, web application, cloud, wireless, and social engineering attacks using appropriate tools. Understanding specialized systems and automating attacks with scripting will also be emphasized.
- Topic 5: Post-exploitation and Lateral Movement: Cybersecurity analysts will gain skills in establishing and maintaining persistence within a system. This topic also covers lateral movement within an environment and introduces concepts of staging and exfiltration. Lastly, it highlights cleanup and restoration activities, ensuring analysts understand the post-exploitation phase’s responsibilities.
Free CompTIA PT0-003 Exam Actual Questions
Note: Premium Questions for PT0-003 were last updated On Feb. 27, 2026 (see below)
A penetration tester is performing a cloud-based penetration test against a company. Stakeholders have indicated the priority is to see if the tester can get into privileged systems that are not directly accessible from the internet. Given the following scanner information:
Server-side request forgery (SSRF) vulnerability in test.comptia.org
Reflected cross-site scripting (XSS) vulnerability in test2.comptia.org
Publicly accessible storage system named static_comptia_assets
SSH port 22 open to the internet on test3.comptia.org
Open redirect vulnerability in test4.comptia.org
Which of the following attack paths should the tester prioritize first?
Leverage SSRF for Metadata Access:
Server-side request forgery (SSRF) vulnerabilities allow attackers to force a server to send requests to internal resources. In cloud environments, SSRF can often be used to access the metadata service (e.g., AWS EC2 metadata) to retrieve credentials for cloud services.
Once credentials are obtained, they can be used to access privileged systems that are not directly accessible from the internet.
Why Not Other Options?
A (Public bucket): Analyzing the bucket for sensitive data is useful but does not directly lead to privileged system access.
B (Pacu): Pacu is used for AWS exploitation but requires credentials or misconfigured roles. SSRF can provide the credentials needed to run Pacu effectively.
C (SSH brute force): Brute-forcing SSH is noisy and inefficient. Privileged systems are likely better protected than SSH open to the internet.
D (Phishing via XSS): This is a longer-term attack and less direct compared to leveraging SSRF.
CompTIA Pentest+ Reference:
Domain 3.0 (Attacks and Exploits)
SSRF Exploitation and Cloud Metadata Access Techniques
[Attacks and Exploits]
A penetration tester is evaluating a SCADA system. The tester receives local access to a workstation that is running a single application. While navigating through the application, the tester opens a terminal window and gains access to the underlying operating system. Which of the following attacks is the tester performing?
A kiosk escape involves breaking out of a restricted environment, such as a kiosk or a single application interface, to access the underlying operating system. Here's why option A is correct:
Kiosk Escape: This attack targets environments where user access is intentionally limited, such as a kiosk or a dedicated application. The goal is to break out of these restrictions and gain access to the full operating system.
Arbitrary Code Execution: This involves running unauthorized code on the system, but the scenario described is more about escaping a restricted environment.
Process Hollowing: This technique involves injecting code into a legitimate process, making it appear benign while executing malicious activities.
Library Injection: This involves injecting malicious code into a running process by loading a malicious library, which is not the focus in this scenario.
Reference from Pentest:
Forge HTB: Demonstrates techniques to escape restricted environments and gain broader access to the system.
Horizontall HTB: Shows methods to break out of limited access environments, aligning with the concept of kiosk escape.
Conclusion:
Option A, Kiosk escape, accurately describes the type of attack where a tester breaks out of a restricted environment to access the underlying operating system.
[Attacks and Exploits]
A tester gains initial access to a server and needs to enumerate all corporate domain DNS records. Which of the following commands should the tester use?
La opcin C, dig axfr @local.dns.server, realiza una transferencia de zona DNS (Zone Transfer). Si el servidor DNS est mal configurado y permite este tipo de solicitudes, el atacante puede obtener todos los registros DNS del dominio interno.
La opcin A muestra solo registros A/AAAA. La B no hace enumeracin completa. La D no es vlida como sintaxis.
Referencia: PT0-003 Objective 3.3 -- Perform domain enumeration using dig and DNS zone transfer techniques.
[Tools and Code Analysis]
A penetration tester is performing a security review of a web application. Which of the following should the tester leverage to identify the presence of vulnerable open-source libraries?
Software Composition Analysis (SCA) is used to analyze dependencies in applications and identify vulnerable open-source libraries.
Option A (VM - Virtual Machine) : A VM is a computing environment, not a vulnerability detection tool.
Option B (IAST - Interactive Application Security Testing) : IAST analyzes runtime behavior, but it does not specialize in detecting vulnerable libraries.
Option C (DAST - Dynamic Application Security Testing) : DAST scans running applications for vulnerabilities, but it does not analyze open-source libraries.
Option D (SCA - Software Composition Analysis) : Correct.
Identifies security flaws in dependencies.
Used for managing supply chain risks.
Reference: CompTIA PenTest+ PT0-003 Official Guide -- Software Composition Analysis (SCA)
During a security assessment, a penetration tester uses a tool to capture plaintext log-in credentials on the communication between a user and an authentication system. The tester wants to use this information for further unauthorized access. Which of the following tools is the tester using?
Wireshark is a network packet analyzer used to capture and analyze network traffic in real-time. During a penetration test, it is often used to inspect unencrypted communication to extract sensitive information like plaintext login credentials. Here's how it works:
Packet Capturing:Wireshark captures the network packets transmitted over a network interface. If a user logs in through an insecure communication protocol (e.g., HTTP, FTP, or Telnet), the credentials are transmitted in plaintext.
Traffic Filtering:Using filters (e.g., http, tcp.port == 21), the tester narrows down the relevant traffic to locate the login request and response packets.
Sensitive Data Extraction:Analyzing the captured packets reveals plaintext credentials in the data payload, such as in HTTP POST requests.
Exploit the Information:After extracting the plaintext credentials, the tester can attempt unauthorized access to resources using these credentials.
CompTIA Pentest+ Reference:
Domain 1.0 (Planning and Scoping)
Domain 2.0 (Information Gathering and Vulnerability Identification)
Wireshark Usage Guide
- Select Question Types you want
- Set your Desired Pass Percentage
- Allocate Time (Hours : Minutes)
- Create Multiple Practice tests with Limited Questions
- Customer Support
Marguerita
2 days agoEladia
10 days agoColetta
17 days agoDorothy
24 days agoCorrina
1 month agoCristina
1 month agoSharika
2 months agoBarabara
2 months agoSharen
2 months agoRessie
2 months agoCarey
2 months agoCarmen
3 months agoEmogene
3 months agoBuck
3 months agoLashawn
4 months agoMelissa
4 months agoMaryrose
4 months agoKristian
4 months agoRasheeda
5 months agoHuey
5 months agoLeslee
5 months agoAlishia
5 months agoDomitila
5 months agoAudra
6 months agoStephen
6 months agoCaitlin
8 months agoJerilyn
8 months agoMarion
8 months agoCorrina
9 months agoMel
9 months agoLindsey
9 months agoRachael
10 months agoDaren
10 months agoFrederick
11 months agoSunshine
11 months agoBoris
11 months agoMelita
12 months agoNieves
12 months agoVeronica
1 year agoJosefa
1 year agoOmer
1 year agoWillow
1 year agoYoulanda
1 year agoNorah
1 year agoAngelica
1 year agoKattie
1 year agoQueen
1 year agoJannette
1 year agoVirgina
1 year agoTheola
1 year agoYuki
1 year agoElmer
1 year agoCatarina
1 year agoCheryl
1 year agoViva
1 year agoMalcolm
1 year agoHelga
1 year agoGlory
1 year agoMee
1 year agoMaxima
1 year agoDacia
1 year agoNoah
1 year agoAlexia
1 year agoTracie
2 years agoJade
2 years agoDwight
2 years ago