PT0-003試験無料問題集（241題）「CompTIA PenTest+ 認定」

出題：1

A penetration tester is performing network reconnaissance. The tester wants to gather information about the network without causing detection mechanisms to flag the reconnaissance activities. Which of the following techniques should the tester use?

A. TCP/UDP scanning

B. Sniffing

C. Ping sweeps

D. Banner grabbing

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

A penetration tester is performing a cloud-based penetration test against a company. Stakeholders have indicated the priority is to see if the tester can get into privileged systems that are not directly accessible from the internet. Given the following scanner information:
* Server-side request forgery (SSRF) vulnerability in test.comptia.org
* Reflected cross-site scripting (XSS) vulnerability in test2.comptia.org
* Publicly accessible storage system named static_comptia_assets
* SSH port 22 open to the internet on test3.comptia.org
* Open redirect vulnerability in test4.comptia.org
Which of the following attack paths should the tester prioritize first?

A. Run Pacu to enumerate permissions and roles within the cloud-based systems.

B. Leverage the SSRF to gain access to credentials from the metadata service.

C. Use the reflected cross-site scripting attack within a phishing campaign to attack administrators.

D. Perform a full dictionary brute-force attack against the open SSH service using Hydra.

E. Synchronize all the information from the public bucket and scan it with Trufflehog.

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

A penetration tester wants to send a specific network packet with custom flags and sequence numbers to a vulnerable target. Which of the following should the tester use?

A. tcprelay

B. Scapy

C. Bluecrack

D. tcpdump

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

Which of the following explains the reason a tester would opt to use DREAD over PTES during the planning phase of a penetration test?

A. The tester is evaluating a thick client application.

B. The tester is conducting a web application test.

C. The tester is assessing a mobile application.

D. The tester is creating a threat model.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

A penetration tester finds that an application responds with the contents of the /etc/passwd file when the following payload is sent:
xml
Copy code
<?xml version="1.0"?>
<!DOCTYPE data [
<!ENTITY foo SYSTEM "file:///etc/passwd" >
]>
<test>&foo;</test>
Which of the following should the tester recommend in the report to best prevent this type of vulnerability?

A. Ensure the requests application access logs are reviewed frequently.

B. Implement a WAF to filter all incoming requests.

C. Drop all excessive file permissions with chmod o-rwx.

D. Disable the use of external entities.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：6

A penetration tester performs a service enumeration process and receives the following result after scanning a server using the Nmap tool:
PORT STATE SERVICE
22/tcp open ssh
25/tcp filtered smtp
111/tcp open rpcbind
2049/tcp open nfs
Based on the output, which of the following services provides the best target for launching an attack?

A. File sharing

B. Database

C. Remote access

D. Email

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：7

During a penetration test, the tester gains full access to the application's source code. The application repository includes thousands of code files. Given that the assessment timeline is very short, which of the following approaches would allow the tester to identify hard-coded credentials most effectively?

A. Scan the live web application using Nikto

B. Perform a manual code review of the Git repository

C. Run TruffleHog against a local clone of the application

D. Use SCA software to scan the application source code

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

A penetration tester is performing a network security assessment. The tester wants to intercept communication between two users and then view and potentially modify transmitted data. Which of the following types of on- path attacks would be best to allow the penetration tester to achieve this result?

A. VLAN hopping

B. DNS spoofing

C. ARP poisoning

D. SYN flooding

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：9

A penetration tester is conducting a vulnerability scan. The tester wants to see any vulnerabilities that may be visible from outside of the organization. Which of the following scans should the penetration tester perform?

A. SAST

B. Host-based

C. Sidecar

D. Unauthenticated

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：10

Which of the following frameworks can be used to classify threats?

A. STRIDE

B. OCTAVE

C. OSSTMM

D. PTES

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：11

A client warns the assessment team that an ICS application is maintained by the manufacturer. Any tampering of the host could void the enterprise support terms of use.
Which of the following techniques would be most effective to validate whether the application encrypts communications in transit?

A. Requesting that certificate pinning be disabled

B. Utilizing port mirroring on a firewall appliance

C. Reconfiguring the application to use a proxy

D. Installing packet capture software on the server

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：12

A penetration tester wants to use PowerView in an AD environment. Which of the following is the most likely reason?

A. To decrypt stored passwords

B. To escalate privileges

C. To collect local hashes

D. To enumerate user groups

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：13

During a pre-engagement activity with a new customer, a penetration tester looks for assets to test. Which of the following is an example of a target that can be used for testing?

A. IPA

B. ICMP

C. API

D. HTTP

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：14

A penetration tester is performing an authorized physical assessment. During the test, the tester observes an access control vestibule and on-site security guards near the entry door in the lobby. Which of the following is the best attack plan for the tester to use in order to gain access to the facility?

A. Tailgate into the facility during a very busy time to gain initial access.

B. Drop USB devices with malware outside of the facility in order to gain access to internal machines.

C. Pick the lock on the rear entrance to gain access to the facility and try to gain access.

D. Clone badge information in public areas of the facility to gain access to restricted areas.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：15

During a penetration testing exercise, a team decides to use a watering hole strategy. Which of the following is the most effective approach for executing this attack?

A. Compromise a website frequently visited by the organization's employees.

B. Create fake social media profiles to befriend employees.

C. Launch a DDoS attack on the organization's website.

D. Send phishing emails to the organization's employees.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

PT0-003試験無料問題集「CompTIA PenTest+ 認定」