Comptia certification-questions online Pt0-003 Questions Video by Dean q60 vce pdf

Page: 14 / 24

Exam Name:	CompTIA PenTest+ Exam
Exam Code:	PT0-003 Dumps
Vendor:	CompTIA	Certification:	PenTest+
Questions:	330 Q&A's	Shared By:	dean

Question 56

A penetration tester receives the following output when enumerating a local user:

User compromised_user may run the following commands on localhost:

root (NO PASSWD): /bin/vim

The tester suspects that another host on the same subnet is also vulnerable. Which of the following is the best method to validate whether the other host is vulnerable?

Options:

ssh compromised_user@victimhost " vim; echo $? "

ssh compromised_user@victimhost " sudo -l "

ssh compromised_user@victimhost " bash -c vim "

ssh compromised_user@victimhost " ls -lah /bin/vim "

Discussion

Question 57

During a vulnerability assessment, a penetration tester configures the scanner sensor and performs the initial vulnerability scanning under the client ' s internal network. The tester later discusses the results with the client, but the client does not accept the results. The client indicates the host and assets that were within scope are not included in the vulnerability scan results. Which of the following should the tester have done?

Options:

Rechecked the scanner configuration.

Performed a discovery scan.

Used a different scan engine.

Configured all the TCP ports on the scan.

Discussion

Question 58

During a penetration test, the tester gains full access to the application ' s source code. The application repository includes thousands of code files. Given that the assessment timeline is very short, which of the following approaches would allow the tester to identify hard-coded credentials most effectively?

Options:

Run TruffleHog against a local clone of the application

Scan the live web application using Nikto

Perform a manual code review of the Git repository

Use SCA software to scan the application source code

Discussion

Answer:

Explanation:

Given a short assessment timeline and the need to identify hard-coded credentials in a large codebase, using an automated tool designed for this specific purpose is the most effective approach. Here’s an explanation of each option:

Run TruffleHog against a local clone of the application (Answer: A):

TruffleHog is a specialized tool that scans for hard-coded secrets such as passwords, API keys, and other sensitive data within the code repositories.

Effectiveness: It quickly and automatically identifies potential credentials and other sensitive information across thousands of files, making it the most efficient choice under time constraints.

[References:, TruffleHog is widely recognized for its ability to uncover hidden secrets in code repositories, making it a valuable tool for penetration testers., Scan the live web application using Nikto (Option B):, Explanation: Nikto is a web server scanner that identifies vulnerabilities in web applications., Drawbacks: It is not designed to scan source code for hard-coded credentials. Instead, it focuses on web application vulnerabilities such as outdated software and misconfigurations., Perform a manual code review of the Git repository (Option C):, Explanation: Manually reviewing code can be thorough but is extremely time-consuming, especially with thousands of files., Drawbacks: Given the short timeline, this approach is impractical and inefficient for identifying hard-coded credentials quickly., Use SCA software to scan the application source code (Option D):, Explanation: Software Composition Analysis (SCA) tools are used to analyze open source and third-party components within the code for vulnerabilities and license compliance., Drawbacks: While SCA tools are useful for dependency analysis, they are not specifically tailored for finding hard-coded credentials., Conclusion: Running TruffleHog against a local clone of the application is the most effective approach for quickly identifying hard-coded credentials in a large codebase within a limited timeframe., , , , , , , ]

Freddy

I passed my exam with flying colors and I'm confident who will try it surely ace the exam.

Aleksander Apr 20, 2026

Thanks for the recommendation! I'll check it out.

Alessia

Amazing Dumps. Found almost all questions in actual exam whih I prepared from these valuable dumps. Recommended!!!!

Belle Apr 23, 2026

That's impressive. I've been struggling with finding good study material for my certification. Maybe I should give Cramkey Dumps a try.

Victoria

Hey, guess what? I passed the certification exam! I couldn't have done it without Cramkey Dumps.

Isabel Apr 9, 2026

Same here! I was so surprised when I saw that almost all the questions on the exam were exactly what I found in their study materials.

Erik

Hey, I have passed my exam using Cramkey Dumps?

Freyja Apr 5, 2026

Really, what are they? All come in your pool? Please give me more details, I am going to have access their subscription. Please brother, give me more details.

Inaya

Passed the exam. questions are valid. The customer support is top-notch. They were quick to respond to any questions I had and provided me with all the information I needed.

Cillian Apr 17, 2026

That's a big plus. I've used other dump providers in the past and the customer support was often lacking.

Question 59

A penetration tester completed OSINT work and needs to identify all subdomains for mydomain.com. Which of the following is the best command for the tester to use?

Options:

nslookup mydomain.com » /path/to/results.txt

crunch 1 2 | xargs -n 1 -I ' X ' nslookup X.mydomain.com

dig @8.8.8.8 mydomain.com ANY » /path/to/results.txt

cat wordlist.txt | xargs -n 1 -I ' X ' dig X.mydomain.com