Comptia certification-questions online Pt0-003 Questions Video by Dean q60 vce pdf

Page: 14 / 24

Exam Name:	CompTIA PenTest+ Exam
Exam Code:	PT0-003 Dumps
Vendor:	CompTIA	Certification:	PenTest+
Questions:	330 Q&A's	Shared By:	dean

Question 56

A penetration tester receives the following output when enumerating a local user:

User compromised_user may run the following commands on localhost:

root (NO PASSWD): /bin/vim

The tester suspects that another host on the same subnet is also vulnerable. Which of the following is the best method to validate whether the other host is vulnerable?

Options:

ssh compromised_user@victimhost " vim; echo $? "

ssh compromised_user@victimhost " sudo -l "

ssh compromised_user@victimhost " bash -c vim "

ssh compromised_user@victimhost " ls -lah /bin/vim "

Discussion

Question 57

During a vulnerability assessment, a penetration tester configures the scanner sensor and performs the initial vulnerability scanning under the client ' s internal network. The tester later discusses the results with the client, but the client does not accept the results. The client indicates the host and assets that were within scope are not included in the vulnerability scan results. Which of the following should the tester have done?

Options:

Rechecked the scanner configuration.

Performed a discovery scan.

Used a different scan engine.

Configured all the TCP ports on the scan.

Discussion

Question 58

During a penetration test, the tester gains full access to the application ' s source code. The application repository includes thousands of code files. Given that the assessment timeline is very short, which of the following approaches would allow the tester to identify hard-coded credentials most effectively?

Options:

Run TruffleHog against a local clone of the application

Scan the live web application using Nikto

Perform a manual code review of the Git repository

Use SCA software to scan the application source code

Discussion

Answer:

Explanation:

Given a short assessment timeline and the need to identify hard-coded credentials in a large codebase, using an automated tool designed for this specific purpose is the most effective approach. Here’s an explanation of each option:

Run TruffleHog against a local clone of the application (Answer: A):

TruffleHog is a specialized tool that scans for hard-coded secrets such as passwords, API keys, and other sensitive data within the code repositories.

Effectiveness: It quickly and automatically identifies potential credentials and other sensitive information across thousands of files, making it the most efficient choice under time constraints.

[References:, TruffleHog is widely recognized for its ability to uncover hidden secrets in code repositories, making it a valuable tool for penetration testers., Scan the live web application using Nikto (Option B):, Explanation: Nikto is a web server scanner that identifies vulnerabilities in web applications., Drawbacks: It is not designed to scan source code for hard-coded credentials. Instead, it focuses on web application vulnerabilities such as outdated software and misconfigurations., Perform a manual code review of the Git repository (Option C):, Explanation: Manually reviewing code can be thorough but is extremely time-consuming, especially with thousands of files., Drawbacks: Given the short timeline, this approach is impractical and inefficient for identifying hard-coded credentials quickly., Use SCA software to scan the application source code (Option D):, Explanation: Software Composition Analysis (SCA) tools are used to analyze open source and third-party components within the code for vulnerabilities and license compliance., Drawbacks: While SCA tools are useful for dependency analysis, they are not specifically tailored for finding hard-coded credentials., Conclusion: Running TruffleHog against a local clone of the application is the most effective approach for quickly identifying hard-coded credentials in a large codebase within a limited timeframe., , , , , , , ]

Sarah

Yeah, I was so relieved when I saw that the question appeared in the exam were similar to their exam dumps. It made the exam a lot easier and I felt confident going into it.

Aaliyah Apr 18, 2026

Same here. I've heard mixed reviews about using exam dumps, but for us, it definitely paid off.

Syeda

I passed, Thank you Cramkey for your precious Dumps.

Stella Apr 12, 2026

That's great. I think I'll give Cramkey Dumps a try.

Nia

Why are these Dumps so important for students these days?

Mary Apr 18, 2026

With the constantly changing technology and advancements in the industry, it's important for students to have access to accurate and valid study material. Cramkey Dumps provide just that. They are constantly updated to reflect the latest changes and ensure that the information is up-to-date.

Kylo

What makes Cramkey Dumps so reliable? Please guide.

Sami Apr 1, 2026

Well, for starters, they have a team of experts who are constantly updating their material to reflect the latest changes in the industry. Plus, they have a huge database of questions and answers, which makes it easy to study and prepare for the exam.

Question 59

A penetration tester completed OSINT work and needs to identify all subdomains for mydomain.com. Which of the following is the best command for the tester to use?

Options:

nslookup mydomain.com » /path/to/results.txt

crunch 1 2 | xargs -n 1 -I ' X ' nslookup X.mydomain.com

dig @8.8.8.8 mydomain.com ANY » /path/to/results.txt

cat wordlist.txt | xargs -n 1 -I ' X ' dig X.mydomain.com