Cisco®
Oracle
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
SAP
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
All Vendors
  2. Home
  3. Exams
  4. CompTIA
  5. PT0-003

Free CompTIA PT0-003 Exam Braindumps

[Attacks and Exploits]
A penetration tester is working on a security assessment of a mobile application that was developed in-house for local use by a hospital. The hospital and its customers are very concerned about disclosure of information.
Which of the following tasks should the penetration tester do first?

  1. Set up Drozer in order to manipulate and scan the application.
  2. Run the application through the mobile application security framework.
  3. Connect Frida to analyze the application at runtime to look for data leaks.
  4. Load the application on client-owned devices for testing.

Answer(s): B

Explanation:

When performing a security assessment on a mobile application, especially one concerned with information disclosure, it is crucial to follow a structured approach to identify vulnerabilities comprehensively. Here's why option B is correct:
Mobile Application Security Framework: This framework provides a structured methodology for assessing the security of mobile applications. It includes various tests such as static analysis, dynamic analysis, and reverse engineering, which are essential for identifying vulnerabilities related to information disclosure.
Initial Steps: Running the application through a security framework allows the tester to identify a broad range of potential issues systematically. This initial step ensures that all aspects of the application's security are covered before delving into more specific tools like Drozer or Frida.
Reference from Pentest:
Writeup HTB: Demonstrates the use of structured methodologies to ensure comprehensive coverage of security assessments.
Horizontall HTB: Emphasizes the importance of following a structured approach to identify and address security issues.



[Tools and Code Analysis]
Before starting an assessment, a penetration tester needs to scan a Class B IPv4 network for open ports in a short amount of time.
Which of the following is the best tool for this task?

  1. Burp Suite
  2. masscan
  3. Nmap
  4. hping

Answer(s): B

Explanation:

When needing to scan a large network for open ports quickly, the choice of tool is critical. Here's why option B is correct:
masscan: This tool is designed for high-speed port scanning and can scan entire networks much faster than traditional tools like Nmap. It can handle large ranges of IP addresses and ports with high efficiency.
Nmap: While powerful and versatile, Nmap is generally slower than masscan for scanning very large networks, especially when speed is crucial.
Burp Suite: This tool is primarily for web application security testing and not optimized for network- wide port scanning.

hping: This is a network tool used for packet crafting and network testing, but it is not designed for high-speed network port scanning.
Reference from Pentest:
Luke HTB: Highlights the use of efficient tools for large-scale network scanning to identify open ports quickly.
Anubis HTB: Demonstrates scenarios where high-speed scanning tools like masscan are essential for large network assessments.



[Attacks and Exploits]

A penetration tester is performing an authorized physical assessment. During the test, the tester observes an access control vestibule and on-site security guards near the entry door in the lobby.
Which of the following is the best attack plan for the tester to use in order to gain access to the facility?

  1. Clone badge information in public areas of the facility to gain access to restricted areas.
  2. Tailgate into the facility during a very busy time to gain initial access.
  3. Pick the lock on the rear entrance to gain access to the facility and try to gain access.
  4. Drop USB devices with malware outside of the facility in order to gain access to internal machines.

Answer(s): B

Explanation:

In an authorized physical assessment, the goal is to test physical security controls. Tailgating is a common and effective technique in such scenarios. Here's why option B is correct:
Tailgating: This involves following an authorized person into a secure area without proper credentials. During busy times, it's easier to blend in and gain access without being noticed. It tests the effectiveness of physical access controls and security personnel. Cloning Badge Information: This can be effective but requires proximity to employees and specialized equipment, making it more complex and time-consuming.
Picking Locks: This is a more invasive technique that carries higher risk and is less stealthy compared to tailgating.
Dropping USB Devices: This tests employee awareness and response to malicious devices but does not directly test physical access controls.
Reference from Pentest:
Writeup HTB: Demonstrates the effectiveness of social engineering and tailgating techniques in bypassing physical security measures.
Forge HTB: Highlights the use of non-invasive methods like tailgating to test physical security without causing damage or raising alarms.
Conclusion:
Option B, tailgating into the facility during a busy time, is the best attack plan to gain access to the facility in an authorized physical assessment.



[Attacks and Exploits]
During a web application assessment, a penetration tester identifies an input field that allows JavaScript injection. The tester inserts a line of JavaScript that results in a prompt, presenting a text box when browsing to the page going forward.
Which of the following types of attacks is this an example of?

  1. SQL injection
  2. SSRF
  3. XSS
  4. Server-side template injection

Answer(s): C

Explanation:

Cross-Site Scripting (XSS) is an attack that involves injecting malicious scripts into web pages viewed by other users. Here's why option C is correct:
XSS (Cross-Site Scripting): This attack involves injecting JavaScript into a web application, which is then executed by the user's browser. The scenario describes injecting a JavaScript prompt, which is a typical XSS payload.
SQL Injection: This involves injecting SQL commands to manipulate the database and does not relate to JavaScript injection.
SSRF (Server-Side Request Forgery): This attack tricks the server into making requests to unintended locations, which is not related to client-side JavaScript execution. Server-Side Template Injection: This involves injecting code into server-side templates, not JavaScript that executes in the user's browser.
Reference from Pentest:
Horizontall HTB: Demonstrates identifying and exploiting XSS vulnerabilities in web applications. Luke HTB: Highlights the process of testing for XSS by injecting scripts and observing their execution in the browser.



Viewing page 10 of 61
Viewing questions 37 - 40 out of 188 questions



Post your Comments and Discuss CompTIA PT0-003 exam prep with other Community members:

PT0-003 Exam Discussions & Posts