PT0-003 Practice Exam Questions and Answers

A penetration tester would like to leverage a CSRF vulnerability to gather sensitive details from an application's end users. Which of the following tools should the tester use for this task?

A penetration tester writes a Bash script to automate the execution of a ping command on a Class C network:

bash

for var in —MISSING TEXT—

do

ping -c 1 192.168.10.$var

done

Which of the following pieces of code should the penetration tester use in place of the —MISSING TEXT— placeholder?

As part of a security audit, a penetration tester finds an internal application that accepts unexpected user inputs, leading to the execution of arbitrary commands. Which of the following techniques would the penetration tester most likely use to access the sensitive data?

A penetration tester conducts reconnaissance for a client's network and identifies the following system of interest:

$ nmap -A AppServer1.compita.org

Starting Nmap 7.80 (2023-01-14) on localhost (127.0.0.1) at 2023-08-04 15:32:27

Nmap scan report for AppServer1.compita.org (192.168.1.100)

Host is up (0.001s latency).

Not shown: 999 closed ports

Port State Service

21/tcp open ftp

22/tcp open ssh

23/tcp open telnet

80/tcp open http

135/tcp open msrpc

139/tcp open netbios-ssn

443/tcp open https

445/tcp open microsoft-ds

873/tcp open rsync

8080/tcp open http-proxy

8443/tcp open https-alt

9090/tcp open zeus-admin

10000/tcp open snet-sensor-mgmt

The tester notices numerous open ports on the system of interest. Which of the following best describes this system?

As part of an engagement, a penetration tester wants to maintain access to a compromised system after rebooting. Which of the following techniques would be best for the tester to use?

During an engagement, a penetration tester found some weaknesses that were common across the customer’s entire environment. The weaknesses included the following:

Weaker password settings than the company standard

Systems without the company's endpoint security software installed

Operating systems that were not updated by the patch management system

Which of the following recommendations should the penetration tester provide to address the root issue?

In a file stored in an unprotected source code repository, a penetration tester discovers the following line of code:

sshpass -p donotchange ssh admin@192.168.6.14

Which of the following should the tester attempt to do next to take advantage of this information? (Select two).

A penetration tester performs an assessment on the target company's Kubernetes cluster using kube-hunter. Which of the following types of vulnerabilities could be detected with the tool?

A penetration tester is conducting a wireless security assessment for a client with 2.4GHz and 5GHz access points. The tester places a wireless USB dongle in the laptop to start capturing WPA2 handshakes. Which of the following steps should the tester take next?

During a security assessment, a penetration tester wants to compromise user accounts without triggering IDS/IPS detection rules. Which of the following is the most effective way for the tester to accomplish this task?