Comptia certification-questions online Pt0-003 Questions Video by Dean q60 vce pdf

Page: 14 / 18

Exam Name:	CompTIA PenTest+ Exam
Exam Code:	PT0-003 Dumps
Vendor:	CompTIA	Certification:	PenTest+
Questions:	252 Q&A's	Shared By:	dean

Question 56

A penetration tester presents the following findings to stakeholders:

Control | Number of findings | Risk | Notes

Encryption | 1 | Low | Weak algorithm noted

Patching | 8 | Medium | Unsupported systems

System hardening | 2 | Low | Baseline drift observed

Secure SDLC | 10 | High | Libraries have vulnerabilities

Password policy | 0 | Low | No exceptions noted

Based on the findings, which of the following recommendations should the tester make? (Select two).

Options:

Develop a secure encryption algorithm.

Deploy an asset management system.

Write an SDLC policy.

Implement an SCA tool.

Obtain the latest library version.

Patch the libraries.

Discussion

Answer:

D, E

Explanation:

Based on the findings, the focus should be on addressing vulnerabilities in libraries and ensuring their security. Here’s why options D and E are correct:

Implement an SCA Tool:

SCA (Software Composition Analysis) tools are designed to analyze and manage open-source components in an application. Implementing an SCA tool would help in identifying and managing vulnerabilities in libraries, aligning with the finding of vulnerable libraries in the secure SDLC process.

This recommendation addresses the high-risk finding related to the Secure SDLC by providing a systematic approach to manage and mitigate vulnerabilities in software dependencies.

Obtain the Latest Library Version:

Keeping libraries up to date is a fundamental practice in maintaining the security of an application. Ensuring that the latest, most secure versions of libraries are used directly addresses the high-risk finding related to vulnerable libraries.

This recommendation is a direct and immediate action to mitigate the identified vulnerabilities.

Other Options Analysis:

Develop a Secure Encryption Algorithm: This is not practical or necessary given that the issue is with the use of a weak algorithm, not the need to develop a new one.

Deploy an Asset Management System: While useful, this is not directly related to the identified high-risk issue of vulnerable libraries.

Write an SDLC Policy: While helpful, the more immediate and effective actions involve implementing tools and processes to manage and update libraries.

References from Pentest:

Horizontall HTB: Demonstrates the importance of managing software dependencies and using tools to identify and mitigate vulnerabilities in libraries.

Writeup HTB: Highlights the need for keeping libraries updated to ensure application security and mitigate risks.

Conclusion:

Options D and E, implementing an SCA tool and obtaining the latest library version, are the most appropriate recommendations to address the high-risk finding related to vulnerable libraries in the Secure SDLC process.

=================

Question 57

A penetration tester runs a network scan but has some issues accurately enumerating the vulnerabilities due to the following error:

OS identification failed

Which of the following is most likely causing this error?

Options:

The scan did not reach the target because of a firewall block rule.

The scanner database is out of date.

The scan is reporting a false positive.

The scan cannot gather one or more fingerprints from the target.

Discussion

Question 58

Which of the following will reduce the possibility of introducing errors or bias in a penetration test report?

Options:

Secure distribution

Peer review

Use AI

Goal reprioritization

Discussion

Stefan

Thank you so much Cramkey I passed my exam today due to your highly up to date dumps.

Ocean Aug 24, 2025

Agree….Cramkey Dumps are constantly updated based on changes in the exams. They also have a team of experts who regularly review the materials to ensure their accuracy and relevance. This way, you can be sure you're studying the most up-to-date information available.

Nylah

I've been looking for good study material for my upcoming certification exam. Need help.

Dolly Aug 4, 2025

Then you should definitely give Cramkey Dumps a try. They have a huge database of questions and answers, making it easy to study and prepare for the exam. And the best part is, you can be sure the information is accurate and relevant.

Melody

My experience with Cramkey was great! I was surprised to see that many of the questions in my exam appeared in the Cramkey dumps.

Colby Aug 26, 2025

Yes, In fact, I got a score of above 85%. And I attribute a lot of my success to Cramkey's dumps.

Cody

I used Cramkey Dumps to prepare and a lot of the questions on the exam were exactly what I found in their study materials.

Eric Aug 26, 2025

Really? That's great to hear! I used Cramkey Dumps too and I had the same experience. The questions were almost identical.

Question 59

A penetration tester aims to exploit a vulnerability in a wireless network that lacks proper encryption. The lack of proper encryption allows malicious content to infiltrate the network. Which of the following techniques would most likely achieve the goal?

Options:

Packet injection

Bluejacking

Beacon flooding

Signal jamming