Big 11.11 Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: simple70

  1. Home
  2. Discussions
  3. CompTIA
  4. PenTest+
  5. PT0-003 Discussions
  6. PT0-003 Exam Topic 5 Question 47 Discussion

CompTIA PenTest+ Exam PT0-003 Question # 47 Topic 5 Discussion

 CompTIA Discussions      Browse All Questions      Go to Exam Detail      Get Premium Access
 Previous
Next  

CompTIA PenTest+ Exam PT0-003 Question # 47 Topic 5 Discussion

PT0-003 Exam Topic 5 Question 47 Discussion:
Question #: 47
Topic #: 5

A penetration tester is performing a cloud-based penetration test against a company. Stakeholders have indicated the priority is to see if the tester can get into privileged systems that are not directly accessible from the internet. Given the following scanner information:

Server-side request forgery (SSRF) vulnerability in test.comptia.org

Reflected cross-site scripting (XSS) vulnerability in test2.comptia.org

Publicly accessible storage system named static_comptia_assets

SSH port 22 open to the internet on test3.comptia.org

Open redirect vulnerability in test4.comptia.org

Which of the following attack paths should the tester prioritize first?
A.

Synchronize all the information from the public bucket and scan it with Trufflehog.

B.

Run Pacu to enumerate permissions and roles within the cloud-based systems.

C.

Perform a full dictionary brute-force attack against the open SSH service using Hydra.

D.

Use the reflected cross-site scripting attack within a phishing campaign to attack administrators.

E.

Leverage the SSRF to gain access to credentials from the metadata service.

Get Premium PT0-003 Questions
Actual exam question for CompTIA PT0-003 exam by Zyra46491 at Nov 12, 2025, 3:08:38 PM

Contribute your Thoughts:


Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Submit
 Previous
Next