- Home
- CompTIA
- CompTIA PenTest+ Exam
- CompTIA.PT0-003.v2025-12-26.q113
- Question 106
Valid PT0-003 Dumps shared by ExamDiscuss.com for Helping Passing PT0-003 Exam! ExamDiscuss.com now offer the newest PT0-003 exam dumps, the ExamDiscuss.com PT0-003 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com PT0-003 dumps with Test Engine here:
Access PT0-003 Dumps Premium Version
(274 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 106/113
A penetration tester is performing a cloud-based penetration test against a company. Stakeholders have indicated the priority is to see if the tester can get into privileged systems that are not directly accessible from the internet. Given the following scanner information:
Server-side request forgery (SSRF) vulnerability in test.comptia.org
Reflected cross-site scripting (XSS) vulnerability in test2.comptia.org Publicly accessible storage system named static_comptia_assets SSH port 22 open to the internet on test3.comptia.org Open redirect vulnerability in test4.comptia.org Which of the following attack paths should the tester prioritize first?
Server-side request forgery (SSRF) vulnerability in test.comptia.org
Reflected cross-site scripting (XSS) vulnerability in test2.comptia.org Publicly accessible storage system named static_comptia_assets SSH port 22 open to the internet on test3.comptia.org Open redirect vulnerability in test4.comptia.org Which of the following attack paths should the tester prioritize first?
Correct Answer: E
Leverage SSRF for Metadata Access:
Server-side request forgery (SSRF) vulnerabilities allow attackers to force a server to send requests to internal resources. In cloud environments, SSRF can often be used to access the metadata service (e.g., AWS EC2 metadata) to retrieve credentials for cloud services.
Once credentials are obtained, they can be used to access privileged systems that are not directly accessible from the internet.
Why Not Other Options?
A (Public bucket): Analyzing the bucket for sensitive data is useful but does not directly lead to privileged system access.
B (Pacu): Pacu is used for AWS exploitation but requires credentials or misconfigured roles. SSRF can provide the credentials needed to run Pacu effectively.
C (SSH brute force): Brute-forcing SSH is noisy and inefficient. Privileged systems are likely better protected than SSH open to the internet.
D (Phishing via XSS): This is a longer-term attack and less direct compared to leveraging SSRF.
CompTIA Pentest+ References:
Domain 3.0 (Attacks and Exploits)
SSRF Exploitation and Cloud Metadata Access Techniques
Server-side request forgery (SSRF) vulnerabilities allow attackers to force a server to send requests to internal resources. In cloud environments, SSRF can often be used to access the metadata service (e.g., AWS EC2 metadata) to retrieve credentials for cloud services.
Once credentials are obtained, they can be used to access privileged systems that are not directly accessible from the internet.
Why Not Other Options?
A (Public bucket): Analyzing the bucket for sensitive data is useful but does not directly lead to privileged system access.
B (Pacu): Pacu is used for AWS exploitation but requires credentials or misconfigured roles. SSRF can provide the credentials needed to run Pacu effectively.
C (SSH brute force): Brute-forcing SSH is noisy and inefficient. Privileged systems are likely better protected than SSH open to the internet.
D (Phishing via XSS): This is a longer-term attack and less direct compared to leveraging SSRF.
CompTIA Pentest+ References:
Domain 3.0 (Attacks and Exploits)
SSRF Exploitation and Cloud Metadata Access Techniques
- Question List (113q)
- Question 1: Given the following script: $1 = [System.Security.Principal....
- Question 2: Which of the following is most important when communicating ...
- Question 3: During a security assessment, a penetration tester uses a to...
- Question 4: During an engagement, a penetration tester wants to enumerat...
- Question 5: A penetration tester currently conducts phishing reconnaissa...
- Question 6: A penetration tester successfully gained access to manage re...
- Question 7: A penetration tester wants to use PowerView in an AD environ...
- Question 8: Which of the following is within the scope of proper handlin...
- Question 9: During a penetration test, you gain access to a system with ...
- Question 10: Which of the following is the most efficient way to infiltra...
- Question 11: During a testing engagement, a penetration tester compromise...
- Question 12: A penetration tester needs to confirm the version number of ...
- Question 13: During an assessment, a penetration tester obtains access to...
- Question 14: A penetration tester needs to obtain sensitive data from sev...
- Question 15: A penetration tester creates a list of target domains that r...
- Question 16: A penetration tester is enumerating a Linux system. The goal...
- Question 17: A penetration tester needs to evaluate the order in which th...
- Question 18: A penetration tester needs to exploit a vulnerability in a w...
- Question 19: During a pre-engagement activity with a new customer, a pene...
- Question 20: A penetration tester is testing a power plant's network and ...
- Question 21: During an assessment, a penetration tester sends the followi...
- Question 22: A penetration tester is authorized to perform a DoS attack a...
- Question 23: During a vulnerability assessment, a penetration tester conf...
- Question 24: During a penetration test, the tester identifies several unu...
- Question 25: During a penetration test, a tester captures information abo...
- Question 26: During an assessment, a penetration tester exploits an SQLi ...
- Question 27: While conducting an assessment, a penetration tester identif...
- Question 28: A penetration tester needs to help create a threat model of ...
- Question 29: A penetration tester runs a network scan but has some issues...
- Question 30: During an assessment, a penetration tester runs the followin...
- Question 31: Which of the following could be used to enhance the quality ...
- Question 32: During an assessment, a penetration tester obtains a low-pri...
- Question 33: A penetration tester is getting ready to conduct a vulnerabi...
- Question 34: A penetration tester is performing a security review of a we...
- Question 35: A tester needs to begin capturing WLAN credentials for crack...
- Question 36: A penetration tester has discovered sensitive files on a sys...
- Question 37: A consultant starts a network penetration test. The consulta...
- Question 38: A penetration tester finished a security scan and uncovered ...
- Question 39: A company hires a penetration tester to perform an external ...
- Question 40: A penetration tester is performing an authorized physical as...
- Question 41: A tester is working on an engagement that has evasion and st...
- Question 42: A penetration tester wants to maintain access to a compromis...
- Question 43: A penetration tester successfully clones a source code repos...
- Question 44: Which of the following is within the scope of proper handlin...
- Question 45: A penetration tester performs a service enumeration process ...
- Question 46: A penetration tester must identify vulnerabilities within an...
- Question 47: During a red-team exercise, a penetration tester obtains an ...
- Question 48: During a pre-engagement activity with a new customer, a pene...
- Question 49: During a security assessment, a penetration tester gains acc...
- Question 50: A penetration tester is performing an assessment focused on ...
- Question 51: A penetration tester wants to create a malicious QR code to ...
- Question 52: Which of the following techniques is the best way to avoid d...
- Question 53: A penetration testing team wants to conduct DNS lookups for ...
- Question 54: You are a security analyst tasked with hardening a web serve...
- Question 55: During a red-team exercise, a penetration tester obtains an ...
- Question 56: A penetration tester finishes a security scan and uncovers n...
- Question 57: A penetration tester is searching for vulnerabilities or mis...
- Question 58: A penetration tester reviews a SAST vulnerability scan repor...
- Question 59: Which of the following elements in a lock should be aligned ...
- Question 60: A penetration tester gains initial access to a target system...
- Question 61: Which of the following elements of a penetration test report...
- Question 62: While conducting OSINT, a penetration tester discovers the c...
- Question 63: A penetration tester finished a security scan and uncovered ...
- Question 64: During an assessment, a penetration tester runs the followin...
- Question 65: A penetration tester cannot complete a full vulnerability sc...
- Question 66: A penetration tester needs to evaluate the order in which th...
- Question 67: Which of the following explains the reason a tester would op...
- Question 68: A penetration tester is developing the rules of engagement f...
- Question 69: A penetration tester wants to send a specific network packet...
- Question 70: A penetration tester is researching a path to escalate privi...
- Question 71: A penetration tester attempts unauthorized entry to the comp...
- Question 72: A penetration tester identifies the URL for an internal admi...
- Question 73: A penetration tester observes the following output from an N...
- Question 74: A previous penetration test report identified a host with vu...
- Question 75: With one day left to complete the testing phase of an engage...
- Question 76: A penetration tester completes a scan and sees the following...
- Question 77: A penetration tester is attempting to discover vulnerabiliti...
- Question 78: During host discovery, a security analyst wants to obtain Ge...
- Question 79: A penetration tester gains access to a domain server and wan...
- Question 80: During a routine penetration test, the client's security tea...
- Question 81: A penetration tester needs to scan a remote infrastructure w...
- Question 82: A penetration tester needs to complete cleanup activities fr...
- Question 83: During an assessment, a penetration tester gains a low-privi...
- Question 84: A penetration tester writes the following script to enumerat...
- Question 85: During an engagement, a penetration tester found some weakne...
- Question 86: A penetration tester performs a service enumeration process ...
- Question 87: A penetration tester gains initial access to an endpoint and...
- Question 88: A tester performs a vulnerability scan and identifies severa...
- Question 89: A penetration tester performs several Nmap scans against the...
- Question 90: During an assessment, a penetration tester obtains access to...
- Question 91: A penetration tester sets up a C2 (Command and Control) serv...
- Question 92: A penetration tester is configuring a vulnerability manageme...
- Question 93: A penetration tester gains access to a Windows machine and w...
- Question 94: A penetration tester is working on an engagement in which a ...
- Question 95: A penetration tester is evaluating a SCADA system. The teste...
- Question 96: A penetration tester cannot find information on the target c...
- Question 97: A penetration tester is getting ready to conduct a vulnerabi...
- Question 98: A client recently hired a penetration testing firm to conduc...
- Question 99: A penetration tester runs a vulnerability scan that identifi...
- Question 100: After a recent penetration test was conducted by the company...
- Question 101: A penetration tester is conducting reconnaissance on a targe...
- Question 102: A penetration tester wants to check the security awareness o...
- Question 103: A penetration testing team needs to determine whether it is ...
- Question 104: A penetration tester is conducting an assessment of a web ap...
- Question 105: While performing a penetration test, a tester executes the f...
- Question 106: A penetration tester is performing a cloud-based penetration...
- Question 107: A penetration tester writes a Bash script to automate the ex...
- Question 108: A penetration tester discovers data to stage and exfiltrate....
- Question 109: During a penetration testing exercise, a team decides to use...
- Question 110: While performing reconnaissance, a penetration tester attemp...
- Question 111: During a security assessment of an e-commerce website, a pen...
- Question 112: A penetration tester is compiling the final report for a rec...
- Question 113: A penetration tester gains access to a host but does not hav...
