Page |1
CompTIA PenTest+ (PT0-003) Full Course
& Practice Exam Questions and Correct
Answers/ Latest Update / Already Graded
Which document should be signed before a penetration test to ensure
the client's sensitive information remains confidential?
Rules of Engagement (RoE)
Non-Disclosure Agreement (NDA)
Statement of Work (SOW)
Service Level Agreement (SLA)
Ans: An NDA is a legal document that ensures any sensitive
information accessed by the penetration tester during the
engagement remains confidential. RoE defines the testing
boundaries and acceptable methods, while the SOW outlines
the specific tasks and deliverables. The SLA pertains to service
performance and uptime.
Which technique uses detailed information about a company's publicly
available systems and services without interacting with them directly?
Ans: WHOIS Lookup
Which of the following tools is commonly used to automate exploit
development and execution against a vulnerable target system?
All rights reserved © 2025/ 2026 |
, Page |2
Hydra
John the Ripper
Metasploit
sqlmap
Ans: Metasploit
Which of the following techniques is the best to maintain access to a
compromised system after a reboot or if the initial exploit is closed?
Clear system logs
Schedule a cron job
Escalate privileges
Use PsExec for lateral movement
Ans: Schedule a cron job
In which section of a penetration test report should a non-technical
summary of key findings and their business impact be included?
Scope and Methodology
Findings and Evidence
Executive Summary
Remediation Recommendations
All rights reserved © 2025/ 2026 |
, Page |3
Ans: Executive Summary
Which regulation enforces strict rules on data protection within the EU,
including requirements like obtaining permission for data processing
and performing data impact assessments?
Ans: GDPR
Why is it important for penetration testers to understand and operate
within regulations such as GDPR and GLBA?
Ans: To ensure legal compliance and protect sensitive data
Which type of assessment focuses on evaluating the security of
wireless networks, identifying vulnerabilities like weak encryption and
rogue access points?
Ans: Wireless assessment
What term describes specific areas or elements that are off-limits
during a penetration test, often to avoid business disruption or
exposing sensitive data?
Ans: Exclusions
All rights reserved © 2025/ 2026 |
, Page |4
In the Shared Responsibility Model, which party is responsible for
securing the operating system and applications in a cloud
environment?
Ans: Customer
Which of the following categories in the MITRE ATT&CK framework
focuses on techniques used to maintain access in a target system?
Ans: Persistence
Which of the following OWASP Top 10 vulnerabilities involves
improper enforcement of user permissions, allowing unauthorized
individuals from seeing data or altering functionality?
Ans: Broken Access Control
Which control group in the OWASP MASVS ensures the security of
data in transit and at rest using cryptographic methods?
Ans: MASVS-CRYPTO
Which phase of the PTES framework involves gaining knowledge
about the target system using both passive and active techniques?
Ans: Information Gathering
All rights reserved © 2025/ 2026 |
CompTIA PenTest+ (PT0-003) Full Course
& Practice Exam Questions and Correct
Answers/ Latest Update / Already Graded
Which document should be signed before a penetration test to ensure
the client's sensitive information remains confidential?
Rules of Engagement (RoE)
Non-Disclosure Agreement (NDA)
Statement of Work (SOW)
Service Level Agreement (SLA)
Ans: An NDA is a legal document that ensures any sensitive
information accessed by the penetration tester during the
engagement remains confidential. RoE defines the testing
boundaries and acceptable methods, while the SOW outlines
the specific tasks and deliverables. The SLA pertains to service
performance and uptime.
Which technique uses detailed information about a company's publicly
available systems and services without interacting with them directly?
Ans: WHOIS Lookup
Which of the following tools is commonly used to automate exploit
development and execution against a vulnerable target system?
All rights reserved © 2025/ 2026 |
, Page |2
Hydra
John the Ripper
Metasploit
sqlmap
Ans: Metasploit
Which of the following techniques is the best to maintain access to a
compromised system after a reboot or if the initial exploit is closed?
Clear system logs
Schedule a cron job
Escalate privileges
Use PsExec for lateral movement
Ans: Schedule a cron job
In which section of a penetration test report should a non-technical
summary of key findings and their business impact be included?
Scope and Methodology
Findings and Evidence
Executive Summary
Remediation Recommendations
All rights reserved © 2025/ 2026 |
, Page |3
Ans: Executive Summary
Which regulation enforces strict rules on data protection within the EU,
including requirements like obtaining permission for data processing
and performing data impact assessments?
Ans: GDPR
Why is it important for penetration testers to understand and operate
within regulations such as GDPR and GLBA?
Ans: To ensure legal compliance and protect sensitive data
Which type of assessment focuses on evaluating the security of
wireless networks, identifying vulnerabilities like weak encryption and
rogue access points?
Ans: Wireless assessment
What term describes specific areas or elements that are off-limits
during a penetration test, often to avoid business disruption or
exposing sensitive data?
Ans: Exclusions
All rights reserved © 2025/ 2026 |
, Page |4
In the Shared Responsibility Model, which party is responsible for
securing the operating system and applications in a cloud
environment?
Ans: Customer
Which of the following categories in the MITRE ATT&CK framework
focuses on techniques used to maintain access in a target system?
Ans: Persistence
Which of the following OWASP Top 10 vulnerabilities involves
improper enforcement of user permissions, allowing unauthorized
individuals from seeing data or altering functionality?
Ans: Broken Access Control
Which control group in the OWASP MASVS ensures the security of
data in transit and at rest using cryptographic methods?
Ans: MASVS-CRYPTO
Which phase of the PTES framework involves gaining knowledge
about the target system using both passive and active techniques?
Ans: Information Gathering
All rights reserved © 2025/ 2026 |
