CompTIA PenTest+ (PT0-003) — Question 91

During an external penetration test, a tester receives the following output from a tool:

test.comptia.org
info.comptia.org
vpn.comptia.org
exam.comptia.org

Which of the following commands did the tester most likely run to get these results?

Answer options

• A. nslookup -type=SOA comptia.org
• B. amass enum -passive -d comptia.org
• C. nmap -Pn -sV -vv -A comptia.org
• D. shodan host comptia.org

Correct answer: B

Explanation

The command 'amass enum -passive -d comptia.org' is designed for passive enumeration of subdomains, which is why the tester received a list of subdomains. The other options either do not focus on passive enumeration (A, C) or operate on a different type of data (D), which explains why they would not yield the same results.