Halloween Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ac4s65

A penetration tester is performing a cloud-based penetration test against a company.

CompTIA PT0-003 Full Course Access
CompTIA PT0-003 View All Questions

A penetration tester is performing a cloud-based penetration test against a company. Stakeholders have indicated the priority is to see if the tester can get into privileged systems that are not directly accessible from the internet. Given the following scanner information:

Server-side request forgery (SSRF) vulnerability in test.comptia.org

Reflected cross-site scripting (XSS) vulnerability in test2.comptia.org

Publicly accessible storage system named static_comptia_assets

SSH port 22 open to the internet on test3.comptia.org

Open redirect vulnerability in test4.comptia.org

Which of the following attack paths should the tester prioritize first?

A.

Synchronize all the information from the public bucket and scan it with Trufflehog.

B.

Run Pacu to enumerate permissions and roles within the cloud-based systems.

C.

Perform a full dictionary brute-force attack against the open SSH service using Hydra.

D.

Use the reflected cross-site scripting attack within a phishing campaign to attack administrators.

E.

Leverage the SSRF to gain access to credentials from the metadata service.

PT0-003 PDF/Engine
  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions
buy now PT0-003 pdf
Get 65% Discount on All Products, Use Coupon: "ac4s65"
Next
Which of the following components should a penetration tester include in the final assessment report?
During a penetration test, you gain access to a system with a limited user interface.
Previous