CompTIA PenTest+ Practice Test (PT0-003)

Steganography is the practice of concealing data within another file, such as an image. A common method, Least Significant Bit (LSB) steganography, involves altering the last bit of each pixel's color data to embed information, which matches the scenario. Alternate data streams attach hidden data to a file within the NTFS filesystem but do not alter the file's internal content. DNS tunneling exfiltrates data via DNS queries. Browser-based keylogging captures user input and is not a data hiding technique for files.

Kismet is a passive scanning system that does not inject traffic, minimizing exposure while collecting data across several channels. The other options involve access-point interactions such as deauthentication or connection attempts, which risk detection or miss dormant devices that do not respond to active scans.

This scenario is a relay attack (specifically NTLM relay). The attacker sits in the communication path and forwards an ongoing authentication handshake to another host in real time, allowing access without knowing the secret. Pass-the-hash reuses a previously obtained hash rather than a live handshake, a replay attack re-sends recorded packets at a later time, and a brute-force attack guesses many credential combinations instead of relaying legitimate ones.

The General Data Protection Regulation (GDPR) is an EU regulation with extraterritorial scope: organizations anywhere in the world that offer goods or services to, or monitor the behavior of, individuals in the EU/EEA must comply. It establishes strict rules on how personal data is collected, processed, and protected, directly safeguarding data-subject rights.

• NIST SP 800-53 provides security and privacy controls primarily for U.S. federal information systems, not a global privacy mandate.
• The Open Source Security Testing Methodology Manual (OSSTMM) is a penetration-testing methodology, not a regulatory requirement for individual rights.
• The Payment Card Industry Data Security Standard (PCI DSS) focuses on securing payment-card transactions, not on comprehensive personal-data rights.

Using specialized wiping utilities to perform repeated overwrites with random or fixed patterns purges residual magnetic traces on hard disks, meeting NIST SP 800-88 media-sanitization guidance. Simply detaching drives for storage, deleting partition metadata, or removing external labels does not eliminate the underlying data and therefore does not reliably prevent forensic recovery.

Following each discovered link allows an automated crawler to navigate through all connected pages, revealing elements that might otherwise be missed by incomplete manual checks. Parsing credentials or performing zone transfers do not uncover the site's internal content in a structured manner, and scanning random ports will not list pages that exist on those ports.

It is important to remove the credentials from the source files and prevent their presence in historical commits. Sensitive data should be stored outside of a tracked repository, such as in environment variables. Deleting or rewriting the old commits and utilizing environment variables means the credentials are not published in source history. Methods such as static key encryption and obfuscation make the strings harder to detect, but they do not address the fundamental issue of committing sensitive data, which can be retrieved from past commits. Storing credentials in a file on the same repository does not solve the underlying exposure.

Altering tokens to impersonate a real account exemplifies pretending to be a valid entity. That falls under one of the standard categories from the threat modeling perspective. Other choices involve issues such as modifying data at rest, taking advantage of unprotected communications, or preventing resource availability, which do not focus on masquerading as another user.

Scheduling a script that triggers at startup helps the consultant regain access whenever the system restarts. This is a common persistence technique that ensures a program, like a network listener, is launched automatically upon system boot. Removing firewall filters does not ensure sessions survive reboots. Changing user environment variables does not guarantee automatic connections on system start. Injecting code into memory is temporary for that session and does not persist through shutdowns.

When a service path is unquoted and contains spaces, the Windows operating system attempts to locate the executable by parsing the path from left to right, treating each space as a delimiter. For a path like "C:\Program Files\Example App\service.exe", Windows will first try to run "C:\Program.exe". An attacker can exploit this by placing a malicious executable with a name like "Program.exe" in a writable parent directory (such as C:). When the service starts, the operating system executes the attacker's file with the service's elevated privileges. The other options describe different privilege escalation or post-exploitation techniques that do not directly exploit the unquoted service path flaw.

Interactive Application Security Testing embeds instrumentation inside a running application. The agent watches real-time execution and data flow, combining static and dynamic insights. The other options describe static source review, patch/registry scanning, or external network enumeration, none of which instrument code at runtime.

Writing and running a short script that repeatedly sends crafted SQL-injection payloads allows the tester to observe error messages, time delays, or unexpected data in the responses-direct evidence that the endpoint is vulnerable. Reviewing old scan reports, vendor release notes, or assuming parity between two scanners does not actively prove exploitation in the current environment.

Using netcat in a persistent listening mode with logs provides feedback on every inbound connection and supports interactive communication. The scanning approach would discover reachable ports but not offer a continuous session. Sending data to a logger would collect records without giving a real-time shell. Broadcasting traffic is more suited to identifying available services rather than accepting inbound connections.

The matrix enumerates tactics, techniques, and procedures (TTPs), linking the discovered methods to known attacker behaviors. This approach reveals how actions were carried out and guides the investigation toward proper countermeasures. A guideline for coding does not classify attacker behaviors. A compliance resource for logging retention aims at legal and policy requirements rather than intrusion methods. A checklist for device settings focuses on misconfiguration issues without mapping to recognized tactics.

Under rigorous guidelines, skill assessments combined with a professional code strengthen both technical credibility and ethical conduct. Short reviews or basic annual quizzes do not guarantee thorough expertise. Narrowing the focus to local requirements may leave out key external best practices.

Placing a malicious file in the location that the operating system interprets first causes the service to run that file with elevated permissions. The other options do not rely on the missing quotes in the path to gain higher access and require changes that do not utilize the path's vulnerability.

Using parameterized calls and strict data handling keeps program instructions separate from the data that users supply. This reduces the chance of untrusted input triggering harmful commands. Generic client-side checks can be bypassed with manipulative techniques. Limiting access rights may slow an attacker but does not stop command-based exploits. Simple threat summaries do not fix major flaws, as unvalidated data can still lead to unauthorized commands.

Testing whether the flagged data can grant access or reveal sensitive resources shows its authenticity and risk level. Removing the data without any validation might overlook active tokens that attackers can exploit. Rejecting findings if the program stops showing them could skip crucial verification, and simply encrypting strings does not confirm whether they reveal anything vital. Confirming the validity of each string is key to understanding potential exposure.

This tool focuses on monitoring traffic and breaking Wi-Fi encryption by analyzing captured handshakes. This approach allows testers to assess configuration weaknesses in WEP and WPA networks. The other options describe unrelated activities, which do not fit the core purpose of this utility.

The correct option describes the DREAD (Damage, Reproducibility, Exploitability, Affected users, Discoverability) model, which uses a quantitative approach to rank threats by assigning numerical scores to various risk factors, allowing for clear prioritization of remediation efforts. The other options describe different frameworks: MITRE ATT&CK is a knowledge base of attacker behaviors, STRIDE is a model for categorizing threat types, and OCTAVE is a broader, asset-focused risk management process.