FreeQAs
 Request Exam  Contact
  • Home
  • View All Exams
  • New QA's
  • Upload
PRACTICE EXAMS:
  • Oracle
  • Fortinet
  • Juniper
  • Microsoft
  • Cisco
  • Citrix
  • CompTIA
  • VMware
  • ISC
  • SAP
  • EMC
  • PMI
  • HP
  • Salesforce
  • Other
  • Oracle
    Oracle
  • Fortinet
    Fortinet
  • Juniper
    Juniper
  • Microsoft
    Microsoft
  • Cisco
    Cisco
  • Citrix
    Citrix
  • CompTIA
    CompTIA
  • VMware
    VMware
  • ISC
    ISC
  • SAP
    SAP
  • EMC
    EMC
  • PMI
    PMI
  • HP
    HP
  • Salesforce
    Salesforce
  1. Home
  2. CompTIA Certification
  3. PT0-003 Exam
  4. CompTIA.PT0-003.v2026-01-26.q136 Dumps
  • ««
  • «
  • …
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • …
  • »
  • »»
Download Now

Question 36

A penetration tester sets up a C2 (Command and Control) server to manage and control payloads deployed in the target network. Which of the following tools is the most suitable for establishing a robust and stealthy connection?

Correct Answer: B
C2 servers are used to remotely control compromised systems while avoiding detection.
Covenant (Option B):
Covenant is an advanced C2 framework designed for stealthy post-exploitation in red team operations.
Supports encrypted communication, privilege escalation, and evasion techniques.
Reference: CompTIA PenTest+ PT0-003 Official Study Guide - "C2 Frameworks in Post-Exploitation" Incorrect options:
Option A (ProxyChains): Used for proxying connections, but not a C2 framework.
Option C (PsExec): A Windows command-line tool for remote execution, but not a C2 tool.
Option D (sshuttle): Used for network tunneling, not full C2.
insert code

Question 37

A company hires a penetration tester to test the security of its wireless networks. The main goal is to intercept and access sensitive data.
Which of the following tools should the security professional use to best accomplish this task?

Correct Answer: B
WiFi-Pumpkin is used for man-in-the-middle (MitM) attacks on Wi-Fi networks, making it ideal for intercepting and accessing data.
* Option A (Metasploit) #: Good for exploitation, but not specialized for Wi-Fi attacks.
* Option B (WiFi-Pumpkin) #: Correct.
* Creates fake Wi-Fi access points.
* Intercepts network traffic (SSL stripping, DNS spoofing).
* Option C (SET - Social Engineering Toolkit) #: Focuses on phishing, not Wi-Fi attacks.
* Option D (theHarvester) #: Used for OSINT, not Wi-Fi exploitation.
* Option E (WiGLE.net) #: Maps Wi-Fi networks, but does not capture sensitive data.
# Reference: CompTIA PenTest+ PT0-003 Official Guide - Wireless Attacks & Fake APs
insert code

Question 38

A penetration tester obtains password dumps associated with the target and identifies strict lockout policies.
The tester does not want to lock out accounts when attempting access. Which of the following techniques should the tester use?

Correct Answer: A
To avoid locking out accounts while attempting access, the penetration tester should use credential stuffing.
* Credential Stuffing:
* Definition: An attack method where attackers use a list of known username and password pairs, typically obtained from previous data breaches, to gain unauthorized access to accounts.
* Advantages: Unlike brute-force attacks, credential stuffing uses already known credentials, which reduces the number of attempts per account and minimizes the risk of triggering account lockout mechanisms.
* Tool: Tools like Sentry MBA, Snipr, and others are commonly used for credential stuffing attacks.
* Other Techniques:
* MFA Fatigue: A social engineering tactic to exhaust users into accepting multi-factor authentication requests, not applicable for avoiding lockouts in this context.
* Dictionary Attack: Similar to brute-force but uses a list of likely passwords; still risks lockout due to multiple attempts.
* Brute-force Attack: Systematically attempts all possible password combinations, likely to trigger account lockouts due to high number of failed attempts.
Pentest References:
* Password Attacks: Understanding different types of password attacks and their implications on account security.
* Account Lockout Policies: Awareness of how lockout mechanisms work and strategies to avoid triggering them during penetration tests.
By using credential stuffing, the penetration tester can attempt to gain access using known credentials without triggering account lockout policies, ensuring a stealthier approach to password attacks.
insert code

Question 39

A penetration tester gains access to a domain server and wants to enumerate the systems within the domain.
Which of the following tools would provide the best oversight of domains?

Correct Answer: C
* Installation:
* Nmap can be installed on various operating systems. For example, on a Debian-based system:
sudo apt-get install nmap
* Basic Network Scanning:
* To scan a range of IP addresses in the network:
nmap -sP 192.168.1.0/24
* Service and Version Detection:
* To scan for open ports and detect the service versions running on a specific host:
nmap -sV 192.168.1.10
* Enumerating Domain Systems:
* Use Nmap with additional scripts to enumerate domain systems. For example, using the --script option:
nmap -p 445 --script=smb-enum-domains 192.168.1.10
* Advanced Scanning Options:
* Stealth Scan: Use the -sS option to perform a stealth scan:
nmap -sS 192.168.1.10
* Aggressive Scan: Use the -A option to enable OS detection, version detection, script scanning, and traceroute:
nmap -A 192.168.1.10
* Real-World Example:
* A penetration tester uses Nmap to enumerate the systems within a domain by scanning the network for live hosts and identifying the services running on each host. This information helps in identifying potential vulnerabilities and entry points for further exploitation.
* References from Pentesting Literature:
* In "Penetration Testing - A Hands-on Introduction to Hacking," Nmap is extensively discussed for various stages of the penetration testing process, from reconnaissance to vulnerability assessment.
* HTB write-ups often illustrate the use of Nmap for network enumeration and discovering potential attack vectors.
References:
* Penetration Testing - A Hands-on Introduction to Hacking
* HTB Official Writeups
insert code

Question 40

A penetration tester is configuring a vulnerability management solution to perform credentialed scans of an Active Directory server. Which of the following account types should the tester provide to the scanner?

Correct Answer: B
To perform credentialed scans on an Active Directory (AD) server, the scanner requires high-level access to retrieve system configuration, patch levels, and user rights. A Domain Administrator account ensures full visibility into domain resources and permissions, which is essential for a complete vulnerability assessment.
From the CompTIA PenTest+ PT0-003 Objectives - Domain 2.0: Information Gathering and Vulnerability Identification:
"Credentialed scans require administrative-level access on target systems to provide detailed insights into software versions, missing patches, and security settings."
insert code
  • ««
  • «
  • …
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • …
  • »
  • »»
[×]

Download PDF File

Enter your email address to download CompTIA.PT0-003.v2026-01-26.q136 Dumps

Email:

FreeQAs

Our website provides the Largest and the most Latest vendors Certification Exam materials around the world.

Using dumps we provide to Pass the Exam, we has the Valid Dumps with passing guranteed just which you need.

  • DMCA
  • About
  • Contact Us
  • Privacy Policy
  • Terms & Conditions
©2026 FreeQAs

www.freeqas.com materials do not contain actual questions and answers from Cisco's certification exams.