Comptia certification-questions online Pt0-003 Questions Video by Dean q60 vce pdf

Page: 14 / 24

Exam Name:	CompTIA PenTest+ Exam
Exam Code:	PT0-003 Dumps
Vendor:	CompTIA	Certification:	PenTest+
Questions:	330 Q&A's	Shared By:	dean

Question 56

A penetration tester receives the following output when enumerating a local user:

User compromised_user may run the following commands on localhost:

root (NO PASSWD): /bin/vim

The tester suspects that another host on the same subnet is also vulnerable. Which of the following is the best method to validate whether the other host is vulnerable?

Options:

ssh compromised_user@victimhost " vim; echo $? "

ssh compromised_user@victimhost " sudo -l "

ssh compromised_user@victimhost " bash -c vim "

ssh compromised_user@victimhost " ls -lah /bin/vim "

Discussion

Question 57

During a vulnerability assessment, a penetration tester configures the scanner sensor and performs the initial vulnerability scanning under the client ' s internal network. The tester later discusses the results with the client, but the client does not accept the results. The client indicates the host and assets that were within scope are not included in the vulnerability scan results. Which of the following should the tester have done?

Options:

Rechecked the scanner configuration.

Performed a discovery scan.

Used a different scan engine.

Configured all the TCP ports on the scan.

Discussion

Question 58

During a penetration test, the tester gains full access to the application ' s source code. The application repository includes thousands of code files. Given that the assessment timeline is very short, which of the following approaches would allow the tester to identify hard-coded credentials most effectively?

Options:

Run TruffleHog against a local clone of the application

Scan the live web application using Nikto

Perform a manual code review of the Git repository

Use SCA software to scan the application source code

Discussion

Answer:

Explanation:

Given a short assessment timeline and the need to identify hard-coded credentials in a large codebase, using an automated tool designed for this specific purpose is the most effective approach. Here’s an explanation of each option:

Run TruffleHog against a local clone of the application (Answer: A):

TruffleHog is a specialized tool that scans for hard-coded secrets such as passwords, API keys, and other sensitive data within the code repositories.

Effectiveness: It quickly and automatically identifies potential credentials and other sensitive information across thousands of files, making it the most efficient choice under time constraints.

[References:, TruffleHog is widely recognized for its ability to uncover hidden secrets in code repositories, making it a valuable tool for penetration testers., Scan the live web application using Nikto (Option B):, Explanation: Nikto is a web server scanner that identifies vulnerabilities in web applications., Drawbacks: It is not designed to scan source code for hard-coded credentials. Instead, it focuses on web application vulnerabilities such as outdated software and misconfigurations., Perform a manual code review of the Git repository (Option C):, Explanation: Manually reviewing code can be thorough but is extremely time-consuming, especially with thousands of files., Drawbacks: Given the short timeline, this approach is impractical and inefficient for identifying hard-coded credentials quickly., Use SCA software to scan the application source code (Option D):, Explanation: Software Composition Analysis (SCA) tools are used to analyze open source and third-party components within the code for vulnerabilities and license compliance., Drawbacks: While SCA tools are useful for dependency analysis, they are not specifically tailored for finding hard-coded credentials., Conclusion: Running TruffleHog against a local clone of the application is the most effective approach for quickly identifying hard-coded credentials in a large codebase within a limited timeframe., , , , , , , ]

Ava-Rose

Yes! Cramkey Dumps are amazing I passed my exam…Same these questions were in exam asked.

Ismail Apr 7, 2026

Wow, that sounds really helpful. Thanks, I would definitely consider these dumps for my certification exam.

Rae

I tried using Cramkey dumps for my recent certification exam and I found them to be more accurate and up-to-date compared to other dumps I've seen. Passed the exam with wonderful score.

Rayyan Apr 18, 2026

I see your point. Thanks for sharing your thoughts. I might give it a try for my next certification exam.

Neve

Will I be able to achieve success after using these dumps?

Rohan Apr 22, 2026

Absolutely. It's a great way to increase your chances of success.

Addison

Want to tell everybody through this platform that I passed my exam with excellent score. All credit goes to Cramkey Exam Dumps.

Libby Apr 17, 2026

That's good to know. I might check it out for my next IT certification exam. Thanks for the info.

Victoria

Hey, guess what? I passed the certification exam! I couldn't have done it without Cramkey Dumps.

Isabel Apr 9, 2026

Same here! I was so surprised when I saw that almost all the questions on the exam were exactly what I found in their study materials.

Question 59

A penetration tester completed OSINT work and needs to identify all subdomains for mydomain.com. Which of the following is the best command for the tester to use?

Options:

nslookup mydomain.com » /path/to/results.txt

crunch 1 2 | xargs -n 1 -I ' X ' nslookup X.mydomain.com

dig @8.8.8.8 mydomain.com ANY » /path/to/results.txt

cat wordlist.txt | xargs -n 1 -I ' X ' dig X.mydomain.com