Free Preparation Discussions
MENU
CompTIA PT0-003 Exam Questions
- Topic 1: Engagement Management: In this topic, cybersecurity analysts learn about pre-engagement activities, collaboration, and communication in a penetration testing environment. The topic covers testing frameworks, methodologies, and penetration test reports. It also explains how to analyze findings and recommend remediation effectively within reports, crucial for real-world testing scenarios.
- Topic 2: Reconnaissance and Enumeration: This topic focuses on applying information gathering and enumeration techniques. Cybersecurity analysts will learn how to modify scripts for reconnaissance and enumeration purposes. They will also understand which tools to use for these stages, essential for gathering crucial information before performing deeper penetration tests.
- Topic 3: Vulnerability Discovery and Analysis: In this section, cybersecurity analysts will learn various techniques to discover vulnerabilities. Analysts will also analyze data from reconnaissance, scanning, and enumeration phases to identify threats. Additionally, it covers physical security concepts, enabling analysts to understand security gaps beyond just the digital landscape.
- Topic 4: Attacks and Exploits: This extensive topic trains cybersecurity analysts to analyze data and prioritize attacks. Analysts will learn how to conduct network, authentication, host-based, web application, cloud, wireless, and social engineering attacks using appropriate tools. Understanding specialized systems and automating attacks with scripting will also be emphasized.
- Topic 5: Post-exploitation and Lateral Movement: Cybersecurity analysts will gain skills in establishing and maintaining persistence within a system. This topic also covers lateral movement within an environment and introduces concepts of staging and exfiltration. Lastly, it highlights cleanup and restoration activities, ensuring analysts understand the post-exploitation phase’s responsibilities.
Free CompTIA PT0-003 Exam Actual Questions
Note: Premium Questions for PT0-003 were last updated On Apr. 14, 2026 (see below)
[Attacks and Exploits]
A penetration tester is unable to identify the Wi-Fi SSID on a client's cell phone.
Which of the following techniques would be most effective to troubleshoot this issue?
Since SSID broadcast might be hidden, channel scanning allows the tester to identify active Wi-Fi networks.
Option A (Sidecar scanning) : Not a recognized Wi-Fi testing method.
Option B (Channel scanning) : Correct.
Identifies hidden SSIDs by monitoring probe requests and responses.
Option C (Stealth scanning) : Typically refers to evading detection, not Wi-Fi analysis.
Option D (Static analysis scanning) : Static analysis applies to code security, not Wi-Fi networks.
Reference: CompTIA PenTest+ PT0-003 Official Guide -- Wireless Reconnaissance Techniques
A tester is finishing an engagement and needs to ensure that artifacts resulting from the test are safely handled. Which of the following is the best procedure for maintaining client data privacy?
At the end of a penetration test, handling sensitive data properly ensures compliance with legal, regulatory, and ethical guidelines.
Securely destroy or remove all engagement-related data (Option B):
Ensures confidentiality of test results.
Prevents unauthorized access to client information.
Methods include secure wiping tools (shred, sdelete), and encrypted storage deletion.
Incorrect options:
Option A (Remove configuration changes): Necessary but does not ensure complete data destruction.
Option C (Search for sensitive credentials): Important but does not address all artifacts.
Option D (Shut down C2 infrastructure): Important for OPSEC but does not address client data privacy.
[Tools and Code Analysis]
During an assessment, a penetration tester gains access to one of the internal hosts. Given the following command:
schtasks /create /sc onlogon /tn "Windows Update" /tr "cmd.exe /c reverse_shell.exe"
Which of the following is the penetration tester trying to do with this code?
The command creates a scheduled task that executes a reverse shell payload at logon, ensuring persistence.
Option A (Enumerate tasks) : This command creates a task, not lists tasks (schtasks /query is used for enumeration).
Option B (Establish persistence) : Correct.
The attacker ensures a reverse shell opens every time a user logs in.
Option C (Deactivate Windows Update) : The task is named 'Windows Update' but does not disable updates.
Option D (Create a Windows Update binary) : This executes a reverse shell, not a system update.
Reference: CompTIA PenTest+ PT0-003 Official Guide -- Windows Persistence Techniques
A penetration tester is performing a cloud-based penetration test against a company. Stakeholders have indicated the priority is to see if the tester can get into privileged systems that are not directly accessible from the internet. Given the following scanner information:
Server-side request forgery (SSRF) vulnerability in test.comptia.org
Reflected cross-site scripting (XSS) vulnerability in test2.comptia.org
Publicly accessible storage system named static_comptia_assets
SSH port 22 open to the internet on test3.comptia.org
Open redirect vulnerability in test4.comptia.org
Which of the following attack paths should the tester prioritize first?
Leverage SSRF for Metadata Access:
Server-side request forgery (SSRF) vulnerabilities allow attackers to force a server to send requests to internal resources. In cloud environments, SSRF can often be used to access the metadata service (e.g., AWS EC2 metadata) to retrieve credentials for cloud services.
Once credentials are obtained, they can be used to access privileged systems that are not directly accessible from the internet.
Why Not Other Options?
A (Public bucket): Analyzing the bucket for sensitive data is useful but does not directly lead to privileged system access.
B (Pacu): Pacu is used for AWS exploitation but requires credentials or misconfigured roles. SSRF can provide the credentials needed to run Pacu effectively.
C (SSH brute force): Brute-forcing SSH is noisy and inefficient. Privileged systems are likely better protected than SSH open to the internet.
D (Phishing via XSS): This is a longer-term attack and less direct compared to leveraging SSRF.
CompTIA Pentest+ Reference:
Domain 3.0 (Attacks and Exploits)
SSRF Exploitation and Cloud Metadata Access Techniques
[Attacks and Exploits]
A penetration tester is evaluating a SCADA system. The tester receives local access to a workstation that is running a single application. While navigating through the application, the tester opens a terminal window and gains access to the underlying operating system. Which of the following attacks is the tester performing?
A kiosk escape involves breaking out of a restricted environment, such as a kiosk or a single application interface, to access the underlying operating system. Here's why option A is correct:
Kiosk Escape: This attack targets environments where user access is intentionally limited, such as a kiosk or a dedicated application. The goal is to break out of these restrictions and gain access to the full operating system.
Arbitrary Code Execution: This involves running unauthorized code on the system, but the scenario described is more about escaping a restricted environment.
Process Hollowing: This technique involves injecting code into a legitimate process, making it appear benign while executing malicious activities.
Library Injection: This involves injecting malicious code into a running process by loading a malicious library, which is not the focus in this scenario.
Reference from Pentest:
Forge HTB: Demonstrates techniques to escape restricted environments and gain broader access to the system.
Horizontall HTB: Shows methods to break out of limited access environments, aligning with the concept of kiosk escape.
Conclusion:
Option A, Kiosk escape, accurately describes the type of attack where a tester breaks out of a restricted environment to access the underlying operating system.
- Select Question Types you want
- Set your Desired Pass Percentage
- Allocate Time (Hours : Minutes)
- Create Multiple Practice tests with Limited Questions
- Customer Support
Broderick
11 days agoBuddy
18 days agoPaulina
26 days agoAmber
1 month agoFrancis
1 month agoMarguerita
2 months agoEladia
2 months agoColetta
2 months agoDorothy
2 months agoCorrina
3 months agoCristina
3 months agoSharika
3 months agoBarabara
3 months agoSharen
4 months agoRessie
4 months agoCarey
4 months agoCarmen
4 months agoEmogene
5 months agoBuck
5 months agoLashawn
5 months agoMelissa
5 months agoMaryrose
6 months agoKristian
6 months agoRasheeda
6 months agoHuey
6 months agoLeslee
7 months agoAlishia
7 months agoDomitila
7 months agoAudra
7 months agoStephen
7 months agoCaitlin
9 months agoJerilyn
9 months agoMarion
10 months agoCorrina
10 months agoMel
10 months agoLindsey
11 months agoRachael
11 months agoDaren
12 months agoFrederick
1 year agoSunshine
1 year agoBoris
1 year agoMelita
1 year agoNieves
1 year agoVeronica
1 year agoJosefa
1 year agoOmer
1 year agoWillow
1 year agoYoulanda
1 year agoNorah
1 year agoAngelica
1 year agoKattie
1 year agoQueen
1 year agoJannette
1 year agoVirgina
1 year agoTheola
1 year agoYuki
1 year agoElmer
1 year agoCatarina
1 year agoCheryl
1 year agoViva
1 year agoMalcolm
1 year agoHelga
1 year agoGlory
2 years agoMee
2 years agoMaxima
2 years agoDacia
2 years agoNoah
2 years agoAlexia
2 years agoTracie
2 years agoJade
2 years agoDwight
2 years ago