Comptia certification-questions online Pt0-003 Questions Video by Dean q60 vce pdf

Page: 14 / 24

Exam Name:	CompTIA PenTest+ Exam
Exam Code:	PT0-003 Dumps
Vendor:	CompTIA	Certification:	PenTest+
Questions:	330 Q&A's	Shared By:	dean

Question 56

A penetration tester receives the following output when enumerating a local user:

User compromised_user may run the following commands on localhost:

root (NO PASSWD): /bin/vim

The tester suspects that another host on the same subnet is also vulnerable. Which of the following is the best method to validate whether the other host is vulnerable?

Options:

ssh compromised_user@victimhost " vim; echo $? "

ssh compromised_user@victimhost " sudo -l "

ssh compromised_user@victimhost " bash -c vim "

ssh compromised_user@victimhost " ls -lah /bin/vim "

Discussion

Question 57

During a vulnerability assessment, a penetration tester configures the scanner sensor and performs the initial vulnerability scanning under the client ' s internal network. The tester later discusses the results with the client, but the client does not accept the results. The client indicates the host and assets that were within scope are not included in the vulnerability scan results. Which of the following should the tester have done?

Options:

Rechecked the scanner configuration.

Performed a discovery scan.

Used a different scan engine.

Configured all the TCP ports on the scan.

Discussion

Question 58

During a penetration test, the tester gains full access to the application ' s source code. The application repository includes thousands of code files. Given that the assessment timeline is very short, which of the following approaches would allow the tester to identify hard-coded credentials most effectively?

Options:

Run TruffleHog against a local clone of the application

Scan the live web application using Nikto

Perform a manual code review of the Git repository

Use SCA software to scan the application source code

Discussion

Answer:

Explanation:

Given a short assessment timeline and the need to identify hard-coded credentials in a large codebase, using an automated tool designed for this specific purpose is the most effective approach. Here’s an explanation of each option:

Run TruffleHog against a local clone of the application (Answer: A):

TruffleHog is a specialized tool that scans for hard-coded secrets such as passwords, API keys, and other sensitive data within the code repositories.

Effectiveness: It quickly and automatically identifies potential credentials and other sensitive information across thousands of files, making it the most efficient choice under time constraints.

[References:, TruffleHog is widely recognized for its ability to uncover hidden secrets in code repositories, making it a valuable tool for penetration testers., Scan the live web application using Nikto (Option B):, Explanation: Nikto is a web server scanner that identifies vulnerabilities in web applications., Drawbacks: It is not designed to scan source code for hard-coded credentials. Instead, it focuses on web application vulnerabilities such as outdated software and misconfigurations., Perform a manual code review of the Git repository (Option C):, Explanation: Manually reviewing code can be thorough but is extremely time-consuming, especially with thousands of files., Drawbacks: Given the short timeline, this approach is impractical and inefficient for identifying hard-coded credentials quickly., Use SCA software to scan the application source code (Option D):, Explanation: Software Composition Analysis (SCA) tools are used to analyze open source and third-party components within the code for vulnerabilities and license compliance., Drawbacks: While SCA tools are useful for dependency analysis, they are not specifically tailored for finding hard-coded credentials., Conclusion: Running TruffleHog against a local clone of the application is the most effective approach for quickly identifying hard-coded credentials in a large codebase within a limited timeframe., , , , , , , ]

Everleigh

I must say that they are updated regularly to reflect the latest exam content, so you can be sure that you are getting the most accurate information. Plus, they are easy to use and understand, so even new students can benefit from them.

Huxley May 9, 2026

That's great to know. So, you think new students should buy these dumps?

Hendrix

Great website with Great Exam Dumps. Just passed my exam today.

Luka May 1, 2026

Absolutely. Cramkey Dumps only provides the latest and most updated exam questions and answers.

Addison

Want to tell everybody through this platform that I passed my exam with excellent score. All credit goes to Cramkey Exam Dumps.

Libby May 15, 2026

That's good to know. I might check it out for my next IT certification exam. Thanks for the info.

Walter

Yayyy!!! I passed my exam with the help of Cramkey Dumps. Highly appreciated!!!!

Angus May 23, 2026

YES….. I saw the same questions in the exam.

Ernest

That's amazing. I think I'm going to give Cramkey Dumps a try for my next exam. Thanks for telling me about them! CramKey admin please share more questions……You guys are amazing.

Nate May 21, 2026

I failed last week, I never know this site , but amazed to see all these questions were in my exam week before. I feel bad now, why I didn’t bother this site. Thanks Cramkey, Excellent Job.

Question 59

A penetration tester completed OSINT work and needs to identify all subdomains for mydomain.com. Which of the following is the best command for the tester to use?

Options:

nslookup mydomain.com » /path/to/results.txt

crunch 1 2 | xargs -n 1 -I ' X ' nslookup X.mydomain.com

dig @8.8.8.8 mydomain.com ANY » /path/to/results.txt

cat wordlist.txt | xargs -n 1 -I ' X ' dig X.mydomain.com