Weekend Special Sale - 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: best70

Page: 1 / 10
Total 100 questions
Exam Code: PT0-003                Update: Jul 18, 2026
Exam Name: CompTIA PenTest+ Exam

CompTIA CompTIA PenTest+ Exam PT0-003 Exam Dumps: Updated Questions & Answers (July 2026)

Question # 1

A client recently hired a penetration testing firm to conduct an assessment of their consumer-facing web application. Several days into the assessment, the client’s networking team observes a substantial increase in DNS traffic. Which of the following would most likely explain the increase in DNS traffic?

A.

Covert data exfiltration

B.

URL spidering

C.

HTML scraping

D.

DoS attack

Question # 2

A company wants to perform a BAS (Breach and Attack Simu-lation) to measure the efficiency of the corporate security controls. Which of the following would most likely help the tester with simple command examples?

A.

Infection Monkey

B.

Exploit-DB

C.

Atomic Red Team

D.

Mimikatz

Question # 3

During an assessment, a penetration tester obtains access to a Microsoft SQL server using sqlmap and runs the following command:

sql > xp_cmdshell whoami /all

Which of the following is the tester trying to do?

A.

List database tables

B.

Show logged-in database users

C.

Enumerate privileges

D.

Display available SQL commands

Question # 4

A penetration tester is researching a path to escalate privileges. While enumerating current user privileges, the tester observes the following output:

mathematica

Copy code

SeAssignPrimaryTokenPrivilege Disabled

SeIncreaseQuotaPrivilege Disabled

SeChangeNotifyPrivilege Enabled

SeManageVolumePrivilege Enabled

SeImpersonatePrivilege Enabled

SeCreateGlobalPrivilege Enabled

SeIncreaseWorkingSetPrivilege Disabled

Which of the following privileges should the tester use to achieve the goal?

A.

SeImpersonatePrivilege

B.

SeCreateGlobalPrivilege

C.

SeChangeNotifyPrivilege

D.

SeManageVolumePrivilege

Question # 5

A penetration tester launches an attack against company employees. The tester clones the company ' s intranet login page and sends the link via email to all employees.

Which of the following best describes the objective and tool selected by the tester to perform this activity?

A.

Gaining remote access using BeEF

B.

Obtaining the list of email addresses using theHarvester

C.

Harvesting credentials using SET

D.

Launching a phishing campaign using GoPhish

Question # 6

A penetration tester completes a scan and sees the following Nmap output on a host:

Nmap scan report for victim (10.10.10.10)

Host is up (0.0001s latency)

PORT STATE SERVICE

161/udp open snmp

445/tcp open microsoft-ds

3389/tcp open ms-wbt-server

Running Microsoft Windows 7

OS CPE: cpe:/o:microsoft:windows_7::sp0

The tester wants to obtain shell access. Which of the following related exploits should the tester try first?

A.

exploit/windows/smb/psexec

B.

exploit/windows/smb/ms08_067_netapi

C.

exploit/windows/smb/ms17_010_eternalblue

D.

auxiliary/scanner/snmp/snmp_login

Question # 7

A penetration tester is attempting to exfiltrate sensitive data from a client environment without alerting the client ' s blue team. Which of the following exfiltration methods most likely remain undetected?

A.

Cloud storage

B.

Email

C.

Domain Name System

D.

Test storage sites

Question # 8

During an assessment on a client that uses virtual desktop infrastructure in the cloud, a penetration tester gains access to a host and runs commands. The penetration tester receives the following output:

-rw-r--r-- 1 comptiauser comptiauser 807 Apr 6 05:32 .profile

drwxr-xr-x 2 comptiauser comptiauser 4096 Apr 6 05:32 .ssh

-rw-r--r-- 1 comptiauser comptiauser 3526 Apr 6 05:32 .bashrc

drwxr-xr-x 4 comptiauser comptiauser 4096 May 12 11:05 .aws

-rw-r--r-- 1 comptiauser comptiauser 1325 Aug 21 19:54 .zsh_history

drwxr-xr-x 12 comptiauser comptiauser 4096 Aug 27 14:10 Documents

drwxr-xr-x 16 comptiauser comptiauser 4096 Aug 27 14:10 Desktop

drwxr-xr-x 2 comptiauser comptiauser 4096 Aug 27 14:10 Downloads

Which of the following should the penetration tester investigate first?

A.

Documents

B.

.zsh_history

C.

.aws

D.

.ssh

Question # 9

A penetration tester finds it is possible to downgrade a web application ' s HTTPS connections to HTTP while performing on-path attacks on the local network. The tester reviews the output of the server response to:

curl -s -i https://internalapp/

HTTP/2 302

date: Thu, 11 Jan 2024 15:56:24 GMT

content-type: text/html; charset=iso-8659-1

location: /login

x-content-type-options: nosniff

server: Prod

Which of the following recommendations should the penetration tester include in the report?

A.

Add the HSTS header to the server.

B.

Attach the httponly flag to cookies.

C.

Front the web application with a firewall rule to block access to port 80.

D.

Remove the x-content-type-options header.

Question # 10

During a red-team exercise, a penetration tester obtains an employee ' s access badge. The tester uses the badge ' s information to create a duplicate for unauthorized entry. Which of the following best describes this action?

A.

Smurfing

B.

Credential stuffing

C.

RFID cloning

D.

Card skimming

Page: 1 / 10
Total 100 questions

Most Popular Certification Exams

Payment

       

Contact us

Site Secure

mcafee secure

TESTED 18 Jul 2026