FreeQAs
 Request Exam  Contact
  • Home
  • View All Exams
  • New QA's
  • Upload
PRACTICE EXAMS:
  • Oracle
  • Fortinet
  • Juniper
  • Microsoft
  • Cisco
  • Citrix
  • CompTIA
  • VMware
  • ISC
  • SAP
  • EMC
  • PMI
  • HP
  • Salesforce
  • Other
  • Oracle
    Oracle
  • Fortinet
    Fortinet
  • Juniper
    Juniper
  • Microsoft
    Microsoft
  • Cisco
    Cisco
  • Citrix
    Citrix
  • CompTIA
    CompTIA
  • VMware
    VMware
  • ISC
    ISC
  • SAP
    SAP
  • EMC
    EMC
  • PMI
    PMI
  • HP
    HP
  • Salesforce
    Salesforce
  1. Home
  2. CompTIA Certification
  3. PT0-003 Exam
  4. CompTIA.PT0-003.v2026-01-26.q136 Dumps
  • ««
  • «
  • …
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • …
  • »
  • »»
Download Now

Question 96

Which of the following documents describes activities that are prohibited during a scheduled penetration test?

Correct Answer: C
The document that describes activities that are prohibited during a scheduled penetration test is ROE, which stands for rules of engagement. ROE is a document that defines the scope, objectives, methods, limitations, and expectations of a penetration test. ROE can specify what activities are allowed or prohibited during the penetration test, such as which targets, systems, networks, or services can be tested or attacked, which tools, techniques, or exploits can be used or avoided, which times or dates can be scheduled or excluded, or which impacts or risks can be accepted or mitigated. ROE can help ensure that the penetration test is conducted in a legal, ethical, and professional manner, and that it does not cause any harm or damage to the client or third parties. The other options are not documents that describe activities that are prohibited during a scheduled penetration test. MSA stands for master service agreement, which is a document that defines the general terms and conditions of a contractual relationship between two parties, such as the scope of work, payment terms, warranties, liabilities, or dispute resolution. NDA stands for non-disclosure agreement, which is a document that defines the confidential information that is shared between two parties during a business relationship, such as trade secrets, intellectual property, or customer data. SLA stands for service level agreement, which is a document that defines the quality and performance standards of a service provided by one party to another party, such as availability, reliability, responsiveness, or security.
insert code

Question 97

A tester wants to pivot from a compromised host to another network with encryption and the least amount of interaction with the compromised host. Which of the following is the best way to accomplish this objective?

Correct Answer: A
Pivoting allows attackers to use a compromised host as a gateway to access internal resources.
* Create an SSH tunnel using sshuttle (Option A):
* sshuttle creates a transparent VPN-like connection over SSH, allowing the tester to forward traffic securely.
* Advantages:
* Provides encryption, preventing IDS/IPS detection.
* Requires minimal interaction with the compromised host.
insert code

Question 98

A company recruited a penetration tester to configure wireless IDS over the network. Which of the following tools would BEST test the effectiveness of the wireless IDS solutions?

Correct Answer: A
Aircrack-ng is a suite of tools that allows the penetration tester to test the effectiveness of the wireless IDS solutions by performing various attacks on wireless networks, such as cracking WEP and WPA keys, capturing and injecting packets, deauthenticating clients, or creating fake access points. Aircrack-ng can also generate different types of traffic and signatures that can trigger the wireless IDS alerts or responses, such as ARP requests, EAPOL frames, or beacon frames.
Reference: https://purplesec.us/perform-wireless-penetration-test/
insert code

Question 99

A penetration tester launches an attack against company employees. The tester clones the company's intranet login page and sends the link via email to all employees.
Which of the following best describes the objective and tool selected by the tester to perform this activity?

Correct Answer: C
The tester is conducting a phishing attack by cloning the company's login page to steal employee credentials.
* Option A (BeEF) #: BeEF is used for browser exploitation, not phishing.
* Option B (theHarvester) #: Used for OSINT, gathering emails, but does not conduct phishing attacks.
* Option C (SET - Social Engineering Toolkit) #: Correct.
* SET allows testers to clone web pages and perform phishing attacks.
* Option D (GoPhish) #: GoPhish is a phishing simulation tool, but SET is specifically designed for credential harvesting.
# Reference: CompTIA PenTest+ PT0-003 Official Guide - Social Engineering & Phishing Attacks
insert code

Question 100

During a security assessment, a penetration tester captures plaintext login credentials on the communication between a user and an authentication system. The tester wants to use this information for further unauthorized access.
Which of the following tools is the tester using?

Correct Answer: B
Capturing plaintext credentials in network traffic is done using packet sniffing. Wireshark is the best tool for this task.
* Option A (Burp Suite) #: Used for web application testing and intercepting HTTPS traffic, but not general network sniffing.
* Option B (Wireshark) #: Correct.
* Wireshark is a packet analysis tool that captures unencrypted network traffic, including plaintext credentials.
* Option C (ZAP - Zed Attack Proxy) #: Similar to Burp Suite, but focused on web application security, not network packet capture.
* Option D (Metasploit) #: Metasploit is used for exploitation rather than capturing traffic.
# Reference: CompTIA PenTest+ PT0-003 Official Guide - Packet Sniffing & Network Traffic Analysis
insert code
  • ««
  • «
  • …
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • …
  • »
  • »»
[×]

Download PDF File

Enter your email address to download CompTIA.PT0-003.v2026-01-26.q136 Dumps

Email:

FreeQAs

Our website provides the Largest and the most Latest vendors Certification Exam materials around the world.

Using dumps we provide to Pass the Exam, we has the Valid Dumps with passing guranteed just which you need.

  • DMCA
  • About
  • Contact Us
  • Privacy Policy
  • Terms & Conditions
©2026 FreeQAs

www.freeqas.com materials do not contain actual questions and answers from Cisco's certification exams.