Question 2 - Top CompTIA Pentest+ PT0-003 Real Exam Questions [March 2026 Update]

Q: 2

[Information Gathering and Vulnerability Scanning] A penetration tester is configuring a vulnerability management solution to perform credentialed scans of an Active Directory server. Which of the following account types should the tester provide to the scanner?

Options

Discussion

Mia T. Feb 13, 2026 9:50 pm

I thought A (read-only) since it's credentialed, and usually you want least privilege for scans. Not totally sure though.

Karan I. Feb 21, 2026 10:56 pm

B, is what you need for full credentialed scans on AD. Saw something similar in a practice test.

Kevin O. Feb 25, 2026 3:22 pm

I think A works for most scans, since read-only should let the scanner pull config info without major risks. B seems like overkill and a big privilege escalation threat if creds leak. Anyone else see similar questions suggest A as a safer trap pick?

Logan U. Feb 12, 2026 10:42 pm

saw pretty similar problem in my exam. in practice sets, they wanted B since domain admin has the creds to pull all system and registry info needed for a real credentialed scan. Not 100 percent but feels like classic CompTIA logic. Agree?

Cameron Z. Feb 15, 2026 11:55 pm

If AD had LAPS enforced, wouldn't A work? A

Casey H. Mar 1, 2026 8:23 pm

Maybe B . Similar questions in practice tests say domain admin is needed for deep credentialed scans on AD servers.

ChloeI Mar 3, 2026 5:39 pm

Why not just use A here? Isn't B a privilege escalation risk for the scan?

Luke D. Feb 12, 2026 9:13 pm

A or B? I went A because scanners usually just need to read config info, but maybe that's not enough for AD. Am I missing something?

Alex Mar 3, 2026 4:36 am

I get why most say B, but I went for A since a read-only account still lets the scanner authenticate and pull info without extra risk. Some scanners just need read access for basic checks. Maybe not full depth but seemed safer.

Jordan Feb 13, 2026 10:07 am

B imo. For a credentialed scan on an AD server, you really need domain admin creds so the scanner can hit all the services, reg keys, and configs. Lower rights like read-only or local user can't access everything needed for a full assessment. That's what most official practice tests say too. Could be overkill in real life but CompTIA loves max privileges here. Disagree?

Be respectful. No spam.

Correct Answer:

Explanation

A credentialed vulnerability scan requires authenticated access to the target system to perform a comprehensive analysis of patch levels, local configurations, file permissions, and registry settings. For an Active Directory domain controller, the scanner needs high-level privileges to access protected system resources. A Domain Administrator account has the necessary permissions to read all required configuration details on a domain controller, ensuring the scan is thorough and accurate. While the principle of least privilege is a critical security concept, in this context, administrative-level access is required for the tool to function effectively.

Why Incorrect

A. Read-only: A read-only account would lack the necessary permissions to access critical system areas like the Windows registry, security logs, or protected system files, leading to an incomplete and inaccurate scan.

C. Local user: A local user account on a domain controller has insufficient privileges for a system-wide assessment and is not the standard account type used for administrative tasks on such a server.

D. Root: The "root" account is the superuser for Unix/Linux-based operating systems and is not an applicable account type for a Windows Active Directory server.

---

References

1. National Institute of Standards and Technology (NIST). (2008). Technical Guide to Information Security Testing and Assessment (NIST Special Publication 800-115). Section 4.3.2

"Vulnerability Scanning

" p. 4-10.

The document states

"...administrative or root-level access may be needed to perform a complete scan of all system software and settings." This supports the necessity of high-level privileges for a comprehensive assessment.

2. Microsoft. (2021). Securing a Remote WMI Connection. Microsoft Docs.

Official documentation for Windows Management Instrumentation (WMI)

a technology heavily used by scanners

specifies that access to many administrative and security-related WMI namespaces requires the user to be a member of the Administrators group. This confirms that administrative privileges are a technical requirement for deep system inspection.

3. Karlsson

& Shahmehri

N. (2011). A Study on the Effectiveness of Vulnerability Scanners. University of Skövde

School of Technology and Society. DIVA-2011:151

p. 15.

In this academic study on vulnerability scanning

the methodology section notes: "The authenticated scans were performed by providing the scanners with administrator credentials for the Windows machine..." This highlights the standard academic and research practice of using administrative credentials for effective authenticated scanning.

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE