Free Top CompTIA Pentest+ PT0-003 Actual Exam Questions - Question 15 Discussion
SIMULATION
-
A penetration tester has been provided with only the public domain name and must enumerate additional information for the public-facing assets.
INSTRUCTIONS
-
Select the appropriate answer(s), given the output from each section.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button. 
Option D shows actual web services running, making it more useful than just DNS entries.
Option C confirms live services on specific ports, more reliable than DNS lists.
I’m thinking A might be less reliable since the DNS entries could be wildcard and not actual hosts. B and C provide more concrete info like subdomains and open ports, which are way more actionable here.
Option B shows subdomains but could include false positives due to wildcard DNS.
C stands out because it confirms active HTTP and HTTPS ports, which means you can directly test web services running on those ports. Without these open ports, web-based enumeration wouldn’t be possible.
D shows server details, which helps confirm the tech stack behind the public assets.
I noticed that option D highlights the presence of a web server with specific technologies visible from the headers, which could help in fingerprinting the target further. Also, since B shows subdomains found through DNS enumeration, cross-checking with D’s service info might confirm live hosts. I’d avoid answers focusing only on generic port scans without context because they don’t add much detail here. So, combining DNS and HTTP header data seems the best move to piece together public-facing assets.
B too, shows subdomains and related hostnames from the DNS data.
C, looks like port 80 and 443 are open with web services running.