PT0-003 Online Practice Questions and Answers

Correct Answer: See explanation below.

Correct Answer: A

Dynamic Application Security Testing (DAST):

Advantages of DAST:

Examples of DAST Tools:

Pentest References:

Web Application Testing: Understanding the importance of testing web applications for security vulnerabilities and the role of different testing methodologies.

Security Testing Tools: Familiarity with various security testing tools and their applications in penetration testing.

DAST vs. SAST: Knowing the difference between DAST (dynamic testing) and SAST (static testing) and when to use each method. By using a DAST tool, the penetration tester can effectively identify all vulnerable input fields on the customer

website, ensuring a thorough assessment of the application's security.

Correct Answer: A

Script Analysis:

Error Identification:

Correct Condition:

Corrected Script:

Pentest References:

In penetration testing, checking the accessibility of multiple URLs is a common task, often part of reconnaissance. Identifying publicly accessible resources can reveal potential entry points for further testing. The requests library in Python is

widely used for making HTTP requests and handling responses. Understanding HTTP status codes is crucial for correctly interpreting the results of these requests. By changing the condition to check for a 200 status code, the script will

correctly identify and print URLs that are publicly accessible.

Correct Answer: C

To collect information over the network, especially during an internal assessment, tools that can capture and analyze network traffic are essential. Responder is specifically designed for this purpose, and it can capture NTLM hashes and other

credentials by poisoning various network protocols. Here's a breakdown of the options:

Option A: ntlmrelayx.py -t 192.168.1.0/24 -1 1234 Option B: nc -tulpn 1234 192.168.1.2

Option C: responder.py -I eth0 -wP

Option D: crackmapexec smb 192.168.1.0/24

References from Pentest:

Anubis HTB: Highlights the use of Responder to capture network credentials and hashes during internal assessments.

Horizontall HTB: Demonstrates the effectiveness of Responder in capturing and analyzing network traffic for further exploitation.

Correct Answer: A

Upon discovering evidence of an advanced persistent threat (APT) on the network, the penetration tester should report the finding immediately.

Advanced Persistent Threat (APT):

Immediate Reporting:

Other Actions:

Pentest References:

Incident Response: Understanding the importance of immediate reporting and collaboration with the organization's security team upon discovering critical threats like APTs. Ethical Responsibility: Following ethical guidelines and protocols to

ensure the organization can respond effectively to significant threats. By reporting the finding immediately, the penetration tester ensures that the organization's security team is alerted to the presence of an APT, allowing them to initiate an

appropriate incident response.

Correct Answer: B

The tool and command provided by option B are used to perform passive DNS enumeration, which can uncover subdomains associated with a domain. Here's why option B is correct:

amass enum -passive -d comptia.org: This command uses the Amass tool to perform passive DNS enumeration, effectively identifying subdomains of the target domain. The output provided (subdomains) matches what this tool and command

would produce.

nslookup -type=SOA comptia.org: This command retrieves the Start of Authority (SOA) record, which does not list subdomains.

nmap -Pn -sV -vv -A comptia.org: This Nmap command performs service detection and aggressive scanning but does not enumerate subdomains. shodan host comptia.org: Shodan is an internet search engine for connected devices, but it

does not perform DNS enumeration to list subdomains.

References from Pentest:

Writeup HTB: Demonstrates the use of DNS enumeration tools like Amass to uncover subdomains during external assessments.

Horizontall HTB: Highlights the effectiveness of passive DNS enumeration in identifying subdomains and associated information.

Correct Answer: A

The company that requested the penetration test is responsible for providing the correct and accurate network scope for the test. The network scope defines the boundaries and limitations of the test, such as which IP addresses, domains, systems, or networks are in scope or out of scope. If the company provided an incorrect network scope that included an IP address that belongs to a third party, then it is responsible for this mistake. The penetration testing company, the target host's owner, the penetration tester, and the subcontractor supporting the test are not responsible for this mistake, as they relied on the network scope provided by the company that requested the penetration test.

Correct Answer: C

The best option for the tester to take is to notify the client about the firewall. The firewall is not part of the original list of IP addresses for the engagement, which means it is out of scope and should not be tested without permission. The tester should inform the client about the existence and potential risks of the firewall, and ask if they want to include it in the scope or not.

Correct Answer: D

Correct Answer: D