• Home
  • Articles
  • Best Way To Study For CompTIA PT0-003 Exam Brilliant PT0-003 Exam Questions PDF [Q69-Q93]

Best Way To Study For CompTIA PT0-003 Exam Brilliant PT0-003 Exam Questions PDF [Q69-Q93]

Share

Best Way To Study For CompTIA PT0-003 Exam Brilliant PT0-003 Exam Questions PDF

Updated Verified Pass PT0-003 Exam - Real Questions and Answers

NEW QUESTION # 69
A penetration tester is conducting an on-path link layer attack in order to take control of a key fob that controls an electric vehicle. Which of the following wireless attacks would allow a penetration tester to achieve a successful attack?

  • A. BLE attack
  • B. Bluesnarfing
  • C. WPS PIN attack
  • D. Bluejacking

Answer: A

Explanation:
A BLE (Bluetooth Low Energy) attack is specifically designed to exploit vulnerabilities in the Bluetooth Low Energy protocol, which is commonly used in modern wireless devices, including key fobs for electric vehicles. This type of attack can allow a penetration tester to intercept, manipulate, or take control of the communication between the key fob and the vehicle. Bluejacking and Bluesnarfing are older Bluetooth attacks that are less effective against modern BLE implementations. WPS PIN attacks target Wi-Fi Protected Setup, which is unrelated to key fobs and electric vehicles.


NEW QUESTION # 70
A penetration tester is starting an assessment but only has publicly available information about the target company. The client is aware of this exercise and is preparing for the test.
Which of the following describes the scope of the assessment?

  • A. Unknown environment testing
  • B. Known environment testing
  • C. Partially known environment testing
  • D. Physical environment testing

Answer: A


NEW QUESTION # 71
Which of the following tasks would ensure the key outputs from a penetration test are not lost as part of the cleanup and restoration activities?

  • A. Exporting credential data
  • B. Reverting configuration changes
  • C. Preserving artifacts
  • D. Keeping chain of custody

Answer: C

Explanation:
Preserving Artifacts:
Definition: Artifacts in penetration testing include all data and evidence collected during the test, such as logs, screenshots, exploit scripts, configuration files, and any other relevant information.
Importance: These artifacts are critical for reporting and post-assessment analysis. They serve as evidence of findings and support the conclusions and recommendations made in the penetration test report.
Other Tasks:
Reverting Configuration Changes: Important for restoring systems to their original state but does not directly ensure preservation of key outputs.
Keeping Chain of Custody: Ensures that evidence is handled properly, particularly in legal contexts, but is more relevant to forensic investigations.
Exporting Credential Data: Part of preserving artifacts, but preserving artifacts is a broader task that encompasses more than just credential data.
Pentest Reference:
Reporting: Comprehensive documentation and reporting of findings are crucial parts of penetration testing.
Evidence Handling: Properly preserving and handling artifacts ensure that the integrity of the test results is maintained and can be used for future reference.
By preserving artifacts, the penetration tester ensures that all key outputs from the test are retained for analysis, reporting, and future reference.


NEW QUESTION # 72
Which of the following is a rules engine for managing public cloud accounts and resources?

  • A. Cloud Brute
  • B. Cloud Custodian
  • C. Scout Suite
  • D. Pacu

Answer: B

Explanation:
Cloud Custodian is a rules engine for managing public cloud accounts and resources. It allows users to define policies to enable a well managed cloud infrastructure, that's both secure and cost optimized. It consolidates many of the adhoc scripts organizations have into a lightweight and flexible tool, with unified metrics and reporting.
Cloud Custodian is a tool that can be used to manage public cloud accounts and resources. Cloud Custodian can define policies and rules for cloud resources based on various criteria, such as tags, filters, actions, modes, or schedules. Cloud Custodian can enforce compliance, governance, security, cost optimization, and operational efficiency for cloud resources. Cloud Custodian supports multiple public cloud providers, such as AWS, Azure, GCP, and Kubernetes. Cloud Brute is a tool that can be used to enumerate cloud platforms and discover hidden files and buckets. Pacu is a tool that can be used to exploit AWS environments and perform post-exploitation actions. Scout Suite is a tool that can be used to audit cloud environments and identify security issues.


NEW QUESTION # 73
A client has requested that the penetration test scan include the following UDP services: SNMP, NetBIOS, and DNS. Which of the following Nmap commands will perform the scan?

  • A. nmap -vv sUV -p 53,137-139,161-162 10.10.1.20/24 -oA udpscan
  • B. nmap -vv sUV -p 53, 122-123, 160-161 10.10.1.20/24 -oA udpscan
  • C. nmap -vv sUV -p 53, 123-159 10.10.1.20/24 -oA udpscan
  • D. nmap -vv sUV -p 53,123,161-162 10.10.1.20/24 -oA udpscan

Answer: A


NEW QUESTION # 74
A penetration tester is required to perform a vulnerability scan that reduces the likelihood of false positives and increases the true positives of the results. Which of the following would MOST likely accomplish this goal?

  • A. Using Nmap as the root user
  • B. Using OpenVAS in default mode
  • C. Using Nessus with credentials
  • D. Using OWASP ZAP

Answer: C

Explanation:
Using credentials during a vulnerability scan allows the scanner to gather more detailed information about the target system, including installed software, patch levels, and configuration settings. This helps to reduce the likelihood of false positives and increase the true positives of the results. Nessus is a popular vulnerability scanner that supports credential-based scanning and can be used to accomplish this goal. OpenVAS and Nmap are also popular scanning tools, but using default mode or running as the root user alone may not provide the necessary level of detail for accurate vulnerability identification. OWASP ZAP is a web application scanner and may not be applicable for non-web-based targets.


NEW QUESTION # 75
A penetration tester needs to identify all vulnerable input fields on a customer website. Which of the following tools would be best suited to complete this request?

  • A. DAST
  • B. SCA
  • C. IAST
  • D. SAST

Answer: A

Explanation:
Dynamic Application Security Testing (DAST):
DAST tools interact with the running application from the outside, simulating attacks to identify security vulnerabilities.
They are particularly effective in identifying issues like SQL injection, XSS, CSRF, and other vulnerabilities in web applications.
DAST tools do not require access to the source code, making them suitable for black-box testing.
Advantages of DAST:
Real-World Testing: DAST simulates real-world attacks by interacting with the application in the same way a user would.
Comprehensive Coverage: Can identify vulnerabilities in all parts of the web application, including input fields, forms, and user interactions.
Automated Scanning: Automates the process of testing and identifying vulnerabilities, providing detailed reports on discovered issues.
Examples of DAST Tools:
OWASP ZAP (Zed Attack Proxy): An open-source DAST tool widely used for web application security testing.
Burp Suite: A popular commercial DAST tool that provides comprehensive scanning and testing capabilities.
Pentest Reference:
Web Application Testing: Understanding the importance of testing web applications for security vulnerabilities and the role of different testing methodologies.
Security Testing Tools: Familiarity with various security testing tools and their applications in penetration testing.
DAST vs. SAST: Knowing the difference between DAST (dynamic testing) and SAST (static testing) and when to use each method.
By using a DAST tool, the penetration tester can effectively identify all vulnerable input fields on the customer website, ensuring a thorough assessment of the application's security.


NEW QUESTION # 76
A consultant starts a network penetration test. The consultant uses a laptop that is hardwired to the network to try to assess the network with the appropriate tools. Which of the following should the consultant engage first?

  • A. DNS enumeration
  • B. Host discovery
  • C. OS fingerprinting
  • D. Service discovery

Answer: B

Explanation:
In network penetration testing, the initial steps involve gathering information to build an understanding of the network's structure, devices, and potential entry points. The process generally follows a structured approach, starting from broad discovery methods to more specific identification techniques. Here's a comprehensive breakdown of the steps:
Host Discovery (answer: C):
Objective: Identify live hosts on the network.
Tools & Techniques:
Ping Sweep: Using tools like nmap with the -sn option (ping scan) to check for live hosts by sending ICMP Echo requests.
ARP Scan: Useful in local networks, arp-scan can help identify all devices on the local subnet by broadcasting ARP requests.
nmap -sn 192.168.1.0/24
* Reference:
The GoBox HTB write-up emphasizes the importance of identifying hosts before moving to service enumeration.
The Forge HTB write-up also highlights using Nmap for initial host discovery in its enumeration phase.
* Service Discovery (Option A):
Objective: After identifying live hosts, determine the services running on them.
Tools & Techniques:
Nmap: Often used with options like -sV for version detection to identify services.
nmap -sV 192.168.1.100
* Reference:
As seen in multiple write-ups (e.g., Anubis HTB and Bolt HTB), service discovery follows host identification to understand the services available for potential exploitation.
* OS Fingerprinting (Option B):
Objective: Determine the operating system of the identified hosts.
Tools & Techniques:
Nmap: With the -O option for OS detection.
nmap -O 192.168.1.100
* Reference:
Accurate OS fingerprinting helps tailor subsequent attacks and is often performed after host and service discovery, as highlighted in the write-ups.
* DNS Enumeration (Option D):
Objective: Identify DNS records and gather subdomains related to the target domain.
Tools & Techniques:
dnsenum, dnsrecon, and dig.
dnsenum example.com
Reference:
DNS enumeration is crucial for identifying additional attack surfaces, such as subdomains and related services. This step is typically part of the reconnaissance phase but follows host discovery and sometimes service identification.
Conclusion: The initial engagement in a network penetration test is to identify the live hosts on the network (Host Discovery). This foundational step allows the penetration tester to map out active devices before delving into more specific enumeration tasks like service discovery, OS fingerprinting, and DNS enumeration. This structured approach ensures that the tester maximizes their understanding of the network environment efficiently and systematically.


NEW QUESTION # 77
A company has hired a penetration tester to deploy and set up a rogue access point on the network.
Which of the following is the BEST tool to use to accomplish this goal?

  • A. Wifite
  • B. Wireshark
  • C. Aircrack-ng
  • D. Kismet

Answer: C

Explanation:
Reference:
https://null-byte.wonderhowto.com/how-to/hack-wi-fi-stealing-wi-fi-passwords-with-evil-twin-attack-0183880/
https://thecybersecurityman.com/2018/08/11/creating-an-evil-twin-or-fake-access-point-using-aircrack-ng-and-


NEW QUESTION # 78
During a vulnerability scan a penetration tester enters the following Nmap command against all of the non-Windows clients:
nmap -sX -T4 -p 21-25, 67, 80, 139, 8080 192.168.11.191
The penetration tester reviews the packet capture in Wireshark and notices that the target responds with an RST packet flag set for all of the targeted ports. Which of the following does this information most likely indicate?

  • A. All of the ports in the target range are closed.
  • B. All of the ports in the target range are open
  • C. The ports in the target range cannot be scanned because they are common UDP ports.
  • D. Nmap needs more time to scan the ports in the target range.

Answer: A

Explanation:
The Nmap command uses the Xmas scan technique, which sends packets with the FIN, PSH, and URG flags set. This is an attempt to bypass firewall rules and elicit a response from open ports. However, if the target responds with an RST packet, it means that the port is closed. Open ports will either ignore the Xmas scan packets or send back an ACK packet. Therefore, the information most likely indicates that all of the ports in the target range are closed. References: [Nmap Scan Types], [Nmap Port Scanning Techniques], [CompTIA PenTest+ Study Guide: Exam PT0-002, Chapter 4: Conducting Passive Reconnaissance, page 127]


NEW QUESTION # 79
Which of the following provides an exploitation suite with payload modules that cover the broadest range of target system types?

  • A. Nessus
  • B. Burp Suite
  • C. Metasploit
  • D. Ethercap

Answer: C


NEW QUESTION # 80
A penetration tester runs the following command:
l.comptia.local axfr comptia.local
which of the following types of information would be provided?

  • A. The DNSSEC certificate and CA
  • B. The OS and version of the DNS server
  • C. The hostnames and IP addresses of internal systems
  • D. The DHCP scopes and ranges used on the network

Answer: C

Explanation:
The command dig @ns1.comptia.local axfr comptia.local is a command that performs a DNS zone transfer, which is a process of copying the entire DNS database or zone file from a primary DNS server to a secondary DNS server. A DNS zone file contains records that map domain names to IP addresses and other information, such as mail servers, name servers, or aliases. A DNS zone transfer can provide useful information for enumeration, such as the hostnames and IP addresses of internal systems, which can help identify potential targets or vulnerabilities. A DNS zone transfer can be performed by using tools such as dig, which is a tool that can query DNS servers and obtain information about domain names, such as IP addresses, mail servers, name servers, or other records1. The other options are not types of information that would be provided by a DNS zone transfer. The DNSSEC certificate and CA are not part of the DNS zone file, but rather part of the DNSSEC protocol, which is an extension of the DNS protocol that provides authentication and integrity for DNS data. The DHCP scopes and ranges used on the network are not part of the DNS zone file, but rather part of the DHCP protocol, which is a protocol that assigns dynamic IP addresses and other configuration parameters to devices on a network. The OS and version of the DNS server are not part of the DNS zone file, but rather part of the OS fingerprinting technique, which is a technique that identifies the OS and version of a remote system by analyzing its responses to network probes.


NEW QUESTION # 81
A new security firm is onboarding its first client. The client only allowed testing over the weekend and needed the results Monday morning. However, the assessment team was not able to access the environment as expected until Monday. Which of the following should the security company have acquired BEFORE the start of the assessment?

  • A. A signed statement of work
  • B. The correct user accounts and associated passwords
  • C. The proper emergency contacts for the client
  • D. The expected time frame of the assessment

Answer: A

Explanation:
According to the CompTIA PenTest+ Study Guide, Exam PT0-0021, a statement of work (SOW) is a document that defines the scope, objectives, deliverables, and terms of a penetration testing project. It is a formal agreement between the service provider and the client that specifies what is expected from both parties, including the timeline, budget, resources, and responsibilities. A SOW is essential for any penetration testing engagement, as it helps to avoid misunderstandings, conflicts, and legal issues.
The CompTIA PenTest+ Study Guide also provides an example of a SOW template that covers the following sections1:
Project overview: A brief summary of the project's purpose, scope, objectives, and deliverables.
Project scope: A detailed description of the target system, network, or application that will be tested, including the boundaries, exclusions, and assumptions.
Project objectives: A clear statement of the expected outcomes and benefits of the project, such as identifying vulnerabilities, improving security posture, or complying with regulations.
Project deliverables: A list of the tangible products or services that will be provided by the service provider to the client, such as reports, recommendations, or remediation plans.
Project timeline: A schedule of the project's milestones and deadlines, such as kickoff meeting, testing phase, reporting phase, or closure meeting.
Project budget: A breakdown of the project's costs and expenses, such as labor hours, travel expenses, tools, or licenses.
Project resources: A specification of the project's human and technical resources, such as team members, roles, responsibilities, skills, or equipment.
Project terms and conditions: A statement of the project's legal and contractual aspects, such as confidentiality, liability, warranty, or dispute resolution.
The CompTIA PenTest+ Study Guide also explains why having a SOW is important before starting an assessment1:
It establishes a clear and mutual understanding of the project's scope and expectations between the service provider and the client.
It provides a basis for measuring the project's progress and performance against the agreed-upon objectives and deliverables.
It protects both parties from potential risks or disputes that may arise during or after the project.


NEW QUESTION # 82
A penetration tester is testing a new API for the company's existing services and is preparing the following script:

Which of the following would the test discover?

  • A. Listening web servers in a domain
  • B. Open web ports on a host
  • C. Default web configurations
  • D. Supported HTTP methods

Answer: D

Explanation:
The script is using the requests library to send an OPTIONS request to the API endpoint, which returns a list of supported HTTP methods for that resource. This can help the penetration tester to identify potential attack vectors or vulnerabilities based on the methods allowed.


NEW QUESTION # 83
A penetration tester is testing a company's public API and discovers that specific input allows the execution of arbitrary commands on the base operating system. Which of the following actions should the penetration tester take next?

  • A. Notify the client immediately.
  • B. Use this feature to further compromise the server.
  • C. Document which commands can be executed.
  • D. Include the findings in the final report.

Answer: A

Explanation:
The Nmap command uses the Xmas scan technique, which sends packets with the FIN, PSH, and URG flags set. This is an attempt to bypass firewall rules and elicit a response from open ports. However, if the target responds with an RST packet, it means that the port is closed. Open ports will either ignore the Xmas scan packets or send back an ACK packet. Therefore, the information most likely indicates that all of the ports in the target range are closed. References: [Nmap Scan Types], [Nmap Port Scanning Techniques], [CompTIA PenTest+ Study Guide: Exam PT0-002, Chapter 4: Conducting Passive Reconnaissance, page 127]


NEW QUESTION # 84
A penetration tester is conducting a vulnerability scan. The tester wants to see any vulnerabilities that may be visible from outside of the organization. Which of the following scans should the penetration tester perform?

  • A. Unauthenticated
  • B. Host-based
  • C. SAST
  • D. Sidecar

Answer: A

Explanation:
To see any vulnerabilities that may be visible from outside of the organization, the penetration tester should perform an unauthenticated scan.
Unauthenticated Scan:
Definition: An unauthenticated scan is conducted without providing any credentials to the scanning tool. It simulates the perspective of an external attacker who does not have any prior access to the system.
Purpose: Identifies vulnerabilities that are exposed to the public and can be exploited without authentication. This includes open ports, outdated software, and misconfigurations visible to the outside world.
Comparison with Other Scans:
SAST (Static Application Security Testing): Analyzes source code for vulnerabilities, typically used during the development phase and not suitable for external vulnerability scanning.
Sidecar: This term is generally associated with microservices architecture and is not relevant to the context of vulnerability scanning.
Host-based: Involves scanning from within the network and often requires authenticated access to the host to identify vulnerabilities. It is not suitable for determining external vulnerabilities.
Pentest Reference:
External Vulnerability Assessment: Conducting unauthenticated scans helps identify the attack surface exposed to external threats and prioritizes vulnerabilities that are accessible from the internet.
Tools: Common tools for unauthenticated scanning include Nessus, OpenVAS, and Nmap.
By performing an unauthenticated scan, the penetration tester can identify vulnerabilities that an external attacker could exploit without needing any credentials or internal access.


NEW QUESTION # 85
In a cloud environment, a security team discovers that an attacker accessed confidential information that was used to configure virtual machines during their initialization. Through which of the following features could this information have been accessed?

  • A. Virtual private cloud
  • B. Metadata services
  • C. IAM
  • D. Block storage

Answer: B

Explanation:
In a cloud environment, the information used to configure virtual machines during their initialization could have been accessed through metadata services.
Metadata Services:
Definition: Cloud service providers offer metadata services that provide information about the running instance, such as instance ID, hostname, network configurations, and user data.
Access: These services are accessible from within the virtual machine and often include sensitive information used during the initialization and configuration of the VM.
Other Features:
IAM (Identity and Access Management): Manages permissions and access to resources but does not directly expose initialization data.
Block Storage: Provides persistent storage but does not directly expose initialization data.
Virtual Private Cloud (VPC): Provides network isolation for cloud resources but does not directly expose initialization data.
Pentest Reference:
Cloud Security: Understanding how metadata services work and the potential risks associated with them is crucial for securing cloud environments.
Exploitation: Metadata services can be exploited to retrieve sensitive data if not properly secured.
By accessing metadata services, an attacker can retrieve sensitive configuration information used during VM initialization, which can lead to further exploitation.


NEW QUESTION # 86
During an assessment, a penetration tester found a suspicious script that could indicate a prior compromise.
While reading the script, the penetration tester noticed the following lines of code:

Which of the following was the script author trying to do?

  • A. Disable NIC.
  • B. Spawn a local shell.
  • C. List processes.
  • D. Change the MAC address

Answer: B

Explanation:
The script author was trying to spawn a local shell by using the os.system() function, which executes a command in a subshell. The command being executed is "/bin/bash", which is the path to the bash shell, a common shell program on Linux systems. The script author may have wanted to spawn a local shell to gain more control or access over the compromised system, or to execute other commands that are not possible in the original shell. The other options are not plausible explanations for what the script author was trying to do.


NEW QUESTION # 87
A penetration tester approaches a company employee in the smoking area and starts a conversation about the company's recent social event. After a few minutes, the employee holds the badge-protected door open for the penetration tester and both enter the company's building. Which of the following attacks did the penetration tester perform?

  • A. Badge cloning
  • B. Phishing
  • C. Dumpster diving
  • D. Tailgating

Answer: D

Explanation:
In this scenario, the penetration tester performed a "Tailgating" attack (D), where the tester follows closely behind a legitimate employee to gain unauthorized access to a secure area without being noticed. This social engineering technique relies on exploiting human tendencies to be polite or avoid confrontation, rather than using technical hacking methods. The tester engaged the employee in casual conversation to appear less suspicious and took advantage of the situation when the employee, perhaps distracted or feeling socially obliged, held the door open for them.


NEW QUESTION # 88
Given the following code:

Which of the following data structures is systems?

  • A. A tree
  • B. A tuple
  • C. A dictionary
  • D. An array

Answer: C

Explanation:
A dictionary is a data structure in Python that stores key-value pairs, where each key is associated with a value. A dictionary is created by enclosing the key-value pairs in curly braces and separating them by commas. A dictionary can be accessed by using the keys as indexes or by using methods such as keys(), values(), or items(). In the code, systems is a dictionary that has four key-value pairs, each representing an IP address and its corresponding operating system. A tuple is a data structure in Python that stores an ordered sequence of immutable values, enclosed in parentheses and separated by commas. A tree is a data structure that consists of nodes connected by edges, forming a hierarchical structure with a root node and leaf nodes.
An array is a data structure that stores a collection of elements of the same type in a contiguous memory location.


NEW QUESTION # 89
Which of the following describe the GREATEST concerns about using third-party open-source libraries in application code? (Choose two.)

  • A. The licensing of software is ambiguous
  • B. The libraries' code bases could be read by anyone
  • C. The libraries may be vulnerable
  • D. The libraries may be unsupported
  • E. The provenance of code is unknown
  • F. The libraries may break the application

Answer: C,E

Explanation:
A: The libraries may be vulnerable to security bugs or exploits that can compromise the application or the data. According to the web search results, open-source libraries often have vulnerabilities that can be exploited by attackers, such as Heartbleed, Shellshock, DROWN, or npm left-pad1234. These vulnerabilities can allow attackers to extract sensitive data, execute arbitrary commands, decrypt encrypted traffic, or break the functionality of the application. Therefore, using third-party open-source libraries in application code poses a significant security risk.
D: The provenance of code is unknown, meaning that the origin and history of the code are not verified or documented. According to the web search results, open-source libraries and client projects are developed and continuously evolving in an asynchronous way, which makes it difficult to track the changes and updates of the code2. Moreover, open-source libraries may have dependencies on other libraries, which can introduce additional risks or vulnerabilities1. Therefore, using third-party open-source libraries in application code poses a significant quality risk.


NEW QUESTION # 90
Within a Python script, a line that states print (var) outputs the following:
[{'1' : 'CentOS', '2' : 'Ubuntu'), {'1' : 'Windows 10', '2' : 'Windows Server 2016'}] Which of the following objects or data structures is var ?

  • A. A list
  • B. A class
  • C. A dictionary
  • D. An array

Answer: A

Explanation:
A list is a data structure in Python that can store multiple values of different types in a sequential order. A list is created by enclosing the values in square brackets [ ] and separating them by commas. A list can also contain other lists as its elements, creating a nested or multidimensional list. The output of the print (var) statement shows that var is a list that contains two elements, each of which is another list with two key-value pairs. The key-value pairs are enclosed in curly braces { }, which indicate that they are dictionaries, another data structure in Python that maps keys to values. Therefore, var is a list of dictionaries. References:
* 5.Data Structures - Python 3.12.1 documentation1, section 5.1. More on Lists
*Python Data Structures - GeeksforGeeks2, section Lists in Python
*Common Python Data Structures (Guide) - Real Python3, section Lists


NEW QUESTION # 91
A penetration tester is conducting an unknown environment test and gathering additional information that can be used for later stages of an assessment. Which of the following would most likely produce useful information for additional testing?

  • A. Searching for code repositories target company's organization
  • B. Searching for code repositories associated with the target company's organization
  • C. Searching for code repositories associated with a developer who previously worked for the target company
  • D. Searching for code repositories associated with a developer who previously worked for the target company code repositories associated with the

Answer: A

Explanation:
Code repositories are online platforms that store and manage source code and other files related to software development projects. Code repositories can contain useful information for additional testing, such as application names, versions, features, functions, vulnerabilities, dependencies, credentials, comments, or documentation. Searching for code repositories associated with the target company's organization would most likely produce useful information for additional testing, as it would reveal the software projects that the target company is working on or using, and potentially expose some weaknesses or flaws that can be exploited. Code repositories can be searched by using tools such as GitHub, GitLab, Bitbucket, or SourceForge1. The other options are not as likely to produce useful information for additional testing, as they are not directly related to the target company's software development activities. Searching for code repositories associated with a developer who previously worked for the target company may not yield any relevant or current information, as the developer may have deleted, moved, or updated their code repositories after leaving the company. Searching for code repositories associated with the target company's competitors or customers may not yield any useful or accessible information, as they may have different or unrelated software projects, or they may have restricted or protected their code repositories from public view.


NEW QUESTION # 92
During a client engagement, a penetration tester runs the following Nmap command and obtains the following output:
nmap -sV -- script ssl-enum-ciphers -p 443 remotehost
| TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
| TLS_ECDHE_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_SHA (rsa 2048)
TLS_RSA_WITH_RC4_128_MD5 (rsa 2048)
Which of the following should the penetration tester include in the report?

  • A. 2,048-bit symmetric keys are incompatible with MD5.
  • B. The 3DES algorithm should be deprecated.
  • C. Old, insecure ciphers are in use.
  • D. This server should be upgraded to TLS 1.2.

Answer: C

Explanation:
The output of the Nmap command shows that the remote host supports RC4 ciphers, which are considered weak and vulnerable to several attacks, such as the BEAST and the RC4 NOMORE attacks. RC4 ciphers should not be used in modern TLS implementations, and they are not supported by TLS 1.3. Therefore, the penetration tester should include this finding in the report and recommend disabling RC4 ciphers on the server. References:
*The Official CompTIA PenTest+ Study Guide (Exam PT0-002), Chapter 5: Attacks and Exploits, page 259.
*Nmap ssl-enum-ciphers NSE Script - InfosecMatter1
*How do I list the SSL/TLS cipher suites a particular website offers?


NEW QUESTION # 93
......

Updated PDF (New 2024) Actual CompTIA PT0-003 Exam Questions: https://www.actualcollection.com/PT0-003-exam-questions.html

Dumps Moneyack Guarantee - PT0-003 Dumps Approved Dumps: https://drive.google.com/open?id=1OxtmPU8T1dLvatMR6lslPHNtRqV3JrKA

Related Articles

more
CompTIA PT0-003 Certification Practice Exam

Copyright © 2026 ActualCollection NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy