Is this exam completely free?

Examcademy offers a free preview for every exam, covering around 20% of the total questions. Full access is available with a paid upgrade.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! Examcademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our mock exams are built and reviewed with the help of AI and community contributions, staying aligned with real-world exam objectives.

PT0-003Free trial

By comptia

Verified

25Q per page

Question 1

A penetration tester wants to send a specific network packet with custom flags and sequence numbers to a vulnerable target. Which of the following should the tester use?

A: tcprelay
B: Bluecrack
C: Scapy
D: tcpdump

—

Question 2

A penetration tester completed a report for a new client. Prior to sharing the report with the client, which of the following should the penetration tester request to complete a review?

A: A generative AI assistant
B: The customer's designated contact
C: A cybersecurity industry peer
D: A team member

—

Question 3

A tester gains initial access to a server and needs to enumerate all corporate domain DNS records. Which of the following commands should the tester use?

A: dig +short A AAAA local.domain
B: nslookup local.domain
C: dig afxr @local.dns.server
D: nslookup -server local.dns.server local.domain *

—

Question 4

A penetration tester is working on an engagement in which a main objective is to collect confidential information that could be used to exfiltrate data and perform a ransomware attack. During the engagement, the tester is able to obtain an internal foothold on the target network. Which of the following is the next task the tester should complete to accomplish the objective?

A: Initiate a social engineering campaign.
B: Perform credential dumping.
C: Compromise an endpoint.
D: Share enumeration.

—

Question 5

A penetration tester is performing network reconnaissance. The tester wants to gather information about the network without causing detection mechanisms to flag the reconnaissance activities. Which of the following techniques should the tester use?

A: Sniffing
B: Banner grabbing
C: TCP/UDP scanning
D: Ping sweeps

—

Question 6

A penetration tester reviews a SAST vulnerability scan report. The following lines of code have been reported as vulnerable:

Which of the following is the best method to remediate this vulnerability?

A: Implementing a logging framework
B: Removing the five code lines reported with issues
C: Initiating a secure coding-awareness program with all the developers
D: Documenting the vulnerability as a false positive

—

Question 7

During an assessment, a penetration tester plans to gather metadata from various online files, including pictures. Which of the following standards outlines the formats for pictures, audio, and additional tags that facilitate this type of reconnaissance?

A: EXIF
B: GIF
C: COFF
D: ELF

—

Question 8

A penetration tester needs to exploit a vulnerability in a wireless network that has weak encryption in order to perform traffic analysis and decrypt sensitive information. Which of the following techniques would best allow the penetration tester to have access to the sensitive information?

A: Bluejacking
B: SSID spoofing
C: Packet sniffing
D: ARP poisoning

—

Question 9

During a security assessment, a penetration tester uses a tool to capture plaintext log-in credentials on the communication between a user and an authentication system. The tester wants to use this information for further unauthorized access. Which of the following tools is the tester using?

A: Burp Suite
B: Wireshark
C: Zed Attack Proxy
D: Metasploit

—

Question 10

A penetration tester identifies the URL for an internal administration application while following DevOps team members on their commutes. Which of the following attacks did penetration tester most likely use?

A: Shoulder surfing
B: Dumpster diving
C: Spear phishing
D: Tailgating

—

Question 11

During an assessment, a penetration tester obtains access to an internal server and would like to perform further reconnaissance by capturing LLMNR traffic. Which of the following tools should the tester use?

A: Burp Suite
B: Netcat
C: Responder
D: Nmap

—

Question 12

A penetration tester established an initial compromise on a host. The tester wants to pivot to other targets and set up an appropriate relay. The tester needs to enumerate through the compromised host as a relay from the tester's machine. Which of the following commands should the tester use to do this task from the tester's host?

A: attacker_host$ nmap -sT <target_cidr> | nc -n <compromised_host> 22
B: attacker_host$ mknod backpipe p attacker_host$ nc -l -p 8000 | 0 <backpipe | nc <target_cidr> 80 | tee backpipe
C: attacker_host$ nc -nlp 8000 | nc -n <target_cidr> attacker_host$ nmap -sT 127.0.0.1 8000
D: attacker_host$ proxychains nmap -sT <target_cidr>

—

That’s the end of your free questions

You’ve reached the preview limit for PT0-003

Consider upgrading to gain full access!

Page 1 of 3 • Questions 1-25 of 57

1 2 3

→

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!