Text preview & study summary
CompTIA PenTest+ PT0-003 - All Domains Penetration Testing Methodology
A free sample of 5 questions from this quiz, shown in full with answer choices and explanations. No interactivity — everything is visible on this page for study and review.
Want to test your knowledge? Launch the Interactive Exam Simulator
Question 1
A pentester discovers that an internal web application uses `http://app.internal/fetch?url=http://169.254.169.254/latest/meta-data/` and returns AWS instance metadata. What vulnerability is this?
Explanation
SSRF (Server-Side Request Forgery) occurs when an attacker can cause a server to make HTTP requests to arbitrary URLs. In cloud environments, this allows access to the instance metadata API (169.254.169.254) which can expose IAM credentials, allowing full cloud account compromise.
Question 2
A pentester obtains an NTLM hash for a domain user from a compromised workstation. Without cracking the hash, they use it to authenticate to other systems. What technique is this?
Explanation
Pass-the-Hash (PtH) uses an NTLM hash directly for authentication without knowing the plaintext password. Tools like Mimikatz, Impacket's wmiexec/psexec, and CrackMapExec support PtH attacks against Windows systems, enabling lateral movement without password cracking.
Question 3
After completing a penetration test, the tester must restore all systems to their original state. Which of the following actions would be REQUIRED during cleanup?
Explanation
Pentest cleanup (as defined in the ROE) requires: removing all backdoors, tools, test accounts, and files placed during the test; restoring any modified system configurations; and documenting everything removed. Leaving backdoors is unethical and potentially illegal.
Question 4
During a pentest, a tester uses `msfvenom` to create a reverse shell payload. They embed it in a document. What type of payload delivery is this?
Explanation
Client-side attacks deliver malicious payloads (macros, JavaScript, PDF exploits) embedded in documents that execute when a user opens them. This tests user security awareness and email filtering controls. `msfvenom` generates shellcode/payloads for various delivery mechanisms.
Question 5
During a web application test, a pentester injects `' OR '1'='1` into a login form's username field. The application returns "Welcome, admin!" without requiring a password. What vulnerability has been exploited?
Explanation
The payload `' OR '1'='1` terminates the username string and adds a condition that is always true, bypassing the SQL WHERE clause that checks credentials. The resulting query becomes `WHERE username='' OR '1'='1' AND password='...'`, authenticating without valid credentials.
