Question 1 - Top CompTIA Pentest+ PT0-003 Real Exam Questions [Jan 2026 Update]

Q: 1

[Attacks and Exploits] A penetration tester wants to use the following Bash script to identify active servers on a network:

1 network_addr="192.168.1" 2 for h in {1..254}; do 3 ping -c 1 -W 1 $network_addr.$h > /dev/null 4 if [ $? -eq 0 ]; then 5 echo "Host $h is up" 6 else 7 echo "Host $h is down" 8 fi 9 done

Which of the following should the tester do to modify the script?

Options

Correct Answer:

Explanation

The script uses brace expansion ({1..254}), a feature specific to the Bash shell. A fundamental best practice for penetration testers is to write tools and scripts that are portable and can run on a wide variety of systems, which may not have Bash as the default shell (e.g., using sh, dash, or ksh). The seq command is a standard utility found in GNU Coreutils and is available on most Unix-like systems. Modifying the loop to for h in $(seq 1 254) replaces the "bashism" with a more portable construct, ensuring the script's reliability across different environments.

Why Incorrect

A. The condition [ $? -eq 0 ] correctly checks the exit status of the ping command. An exit code of 0 indicates a successful reply, so this logic is correct for identifying an active host.

B. Adding 2>&1 would redirect standard error to standard output, which is then discarded to /dev/null. This is a minor refinement to silence error messages but is not a necessary functional change.

D. Using ${h} instead of $h is syntactically redundant in this context. The curly brace syntax is only required to disambiguate a variable name from adjacent characters, which is not an issue here.

References

1. GNU Bash Manual

Section 3.5.1 Brace Expansion: The official Bash manual describes brace expansion as a feature of the Bash shell. Scripts relying on such features are inherently tied to Bash and are not portable to other shells that adhere strictly to POSIX standards.

2. Robbins

& Beebe

N. H. F. (2005). Classic Shell Scripting. O'Reilly Media. Chapter 1

Section 1.3

"Portability": This academic-level text on shell scripting emphasizes writing portable scripts. It advises against using features specific to one shell (like Bash's brace expansion) if the script is intended to be widely usable

recommending standard utilities instead.

3. Linux ping(8) man page: "If ping does not receive any reply packets at all it will exit with code 1... Otherwise it exits with code 0. This makes it possible to use the exit code to check if a host is alive." This documentation confirms that checking for an exit code of 0 (as done in line 4) is the correct method.

4. Google Shell Style Guide: This guide

used for developing software in a professional environment

recommends using for i in $(seq 1 10) over Bash-specific loops for better portability and compatibility with Google's shell standards

which prioritize POSIX compliance. (Reference: https://google.github.io/styleguide/shellguide.html#loops)

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE