CompTIA PenTest+ (PT0-003) Full Course & Practice Exam CompTIA PenTest+ (PT0-003) Full Course & Practice Exam 2/18/2026
Which document should be signed before a An NDA is a legal document that ensures any sensitive information
penetration test to ensure the client's sensitive accessed by the penetration tester during the engagement remains
information remains confidential? confidential. RoE defines the testing boundaries and acceptable
Rules of Engagement (RoE) methods, while the SOW outlines the specific tasks and deliverables.
Non-Disclosure Agreement (NDA) The SLA pertains to service performance and uptime.
Statement of Work (SOW)
Service Level Agreement (SLA)
Which technique uses detailed information WHOIS Lookup
about a company's publicly available systems
and services without interacting with them
directly?
Which of the following tools is commonly used Metasploit
to automate exploit development and execution
against a vulnerable target system?
Hydra
John the Ripper
Metasploit
sqlmap
Page 1 CompTIA PenTest+ (PT0-003) Full Course & Practice Exam.pdf
,CompTIA PenTest+ (PT0-003) Full Course & Practice Exam CompTIA PenTest+ (PT0-003) Full Course & Practice Exam 2/18/2026
Which of the following techniques is the best to Schedule a cron job
maintain access to a compromised system after
a reboot or if the initial exploit is closed?
Clear system logs
Schedule a cron job
Escalate privileges
Use PsExec for lateral movement
In which section of a penetration test report Executive Summary
should a non-technical summary of key findings
and their business impact be included?
Scope and Methodology
Findings and Evidence
Executive Summary
Remediation Recommendations
Which regulation enforces strict rules on data GDPR
protection within the EU, including requirements
like obtaining permission for data processing
and performing data impact assessments?
Why is it important for penetration testers to To ensure legal compliance and protect sensitive data
understand and operate within regulations such
as GDPR and GLBA?
Page 2 CompTIA PenTest+ (PT0-003) Full Course & Practice Exam.pdf
,CompTIA PenTest+ (PT0-003) Full Course & Practice Exam CompTIA PenTest+ (PT0-003) Full Course & Practice Exam 2/18/2026
Which type of assessment focuses on evaluating Wireless assessment
the security of wireless networks, identifying
vulnerabilities like weak encryption and rogue
access points?
What term describes specific areas or elements Exclusions
that are off-limits during a penetration test, often
to avoid business disruption or exposing
sensitive data?
In the Shared Responsibility Model, which party Customer
is responsible for securing the operating system
and applications in a cloud environment?
Which of the following categories in the MITRE Persistence
ATT&CK framework focuses on techniques used
to maintain access in a target system?
Which of the following OWASP Top 10 Broken Access Control
vulnerabilities involves improper enforcement of
user permissions, allowing unauthorized
individuals from seeing data or altering
functionality?
Page 3 CompTIA PenTest+ (PT0-003) Full Course & Practice Exam.pdf
, CompTIA PenTest+ (PT0-003) Full Course & Practice Exam CompTIA PenTest+ (PT0-003) Full Course & Practice Exam 2/18/2026
Which control group in the OWASP MASVS MASVS-CRYPTO
ensures the security of data in transit and at rest
using cryptographic methods?
Which phase of the PTES framework involves Information Gathering
gaining knowledge about the target system
using both passive and active techniques?
Which STRIDE element involves exploiting Spoofing
weaknesses in a system's authentication process
to assume another user's identity?
Which tool or method best allows testers to Wayback Machine
retrieve old versions of websites to gather
potentially sensitive information that may have
been removed from a current site?
Which tool is commonly used to analyze Wireshark
captured network packets and filter them based
on protocols, IP addresses, and port numbers?
Which technique involves sending requests to Banner Grabbing
open ports to retrieve information about the
software and version running on the system?
Page 4 CompTIA PenTest+ (PT0-003) Full Course & Practice Exam.pdf
Which document should be signed before a An NDA is a legal document that ensures any sensitive information
penetration test to ensure the client's sensitive accessed by the penetration tester during the engagement remains
information remains confidential? confidential. RoE defines the testing boundaries and acceptable
Rules of Engagement (RoE) methods, while the SOW outlines the specific tasks and deliverables.
Non-Disclosure Agreement (NDA) The SLA pertains to service performance and uptime.
Statement of Work (SOW)
Service Level Agreement (SLA)
Which technique uses detailed information WHOIS Lookup
about a company's publicly available systems
and services without interacting with them
directly?
Which of the following tools is commonly used Metasploit
to automate exploit development and execution
against a vulnerable target system?
Hydra
John the Ripper
Metasploit
sqlmap
Page 1 CompTIA PenTest+ (PT0-003) Full Course & Practice Exam.pdf
,CompTIA PenTest+ (PT0-003) Full Course & Practice Exam CompTIA PenTest+ (PT0-003) Full Course & Practice Exam 2/18/2026
Which of the following techniques is the best to Schedule a cron job
maintain access to a compromised system after
a reboot or if the initial exploit is closed?
Clear system logs
Schedule a cron job
Escalate privileges
Use PsExec for lateral movement
In which section of a penetration test report Executive Summary
should a non-technical summary of key findings
and their business impact be included?
Scope and Methodology
Findings and Evidence
Executive Summary
Remediation Recommendations
Which regulation enforces strict rules on data GDPR
protection within the EU, including requirements
like obtaining permission for data processing
and performing data impact assessments?
Why is it important for penetration testers to To ensure legal compliance and protect sensitive data
understand and operate within regulations such
as GDPR and GLBA?
Page 2 CompTIA PenTest+ (PT0-003) Full Course & Practice Exam.pdf
,CompTIA PenTest+ (PT0-003) Full Course & Practice Exam CompTIA PenTest+ (PT0-003) Full Course & Practice Exam 2/18/2026
Which type of assessment focuses on evaluating Wireless assessment
the security of wireless networks, identifying
vulnerabilities like weak encryption and rogue
access points?
What term describes specific areas or elements Exclusions
that are off-limits during a penetration test, often
to avoid business disruption or exposing
sensitive data?
In the Shared Responsibility Model, which party Customer
is responsible for securing the operating system
and applications in a cloud environment?
Which of the following categories in the MITRE Persistence
ATT&CK framework focuses on techniques used
to maintain access in a target system?
Which of the following OWASP Top 10 Broken Access Control
vulnerabilities involves improper enforcement of
user permissions, allowing unauthorized
individuals from seeing data or altering
functionality?
Page 3 CompTIA PenTest+ (PT0-003) Full Course & Practice Exam.pdf
, CompTIA PenTest+ (PT0-003) Full Course & Practice Exam CompTIA PenTest+ (PT0-003) Full Course & Practice Exam 2/18/2026
Which control group in the OWASP MASVS MASVS-CRYPTO
ensures the security of data in transit and at rest
using cryptographic methods?
Which phase of the PTES framework involves Information Gathering
gaining knowledge about the target system
using both passive and active techniques?
Which STRIDE element involves exploiting Spoofing
weaknesses in a system's authentication process
to assume another user's identity?
Which tool or method best allows testers to Wayback Machine
retrieve old versions of websites to gather
potentially sensitive information that may have
been removed from a current site?
Which tool is commonly used to analyze Wireshark
captured network packets and filter them based
on protocols, IP addresses, and port numbers?
Which technique involves sending requests to Banner Grabbing
open ports to retrieve information about the
software and version running on the system?
Page 4 CompTIA PenTest+ (PT0-003) Full Course & Practice Exam.pdf
