CompTIA Study Materials
AWS Study Materials
AWS Certified Developer Associate AWS Certified Developer Associate
AWS Certified Developer Associate DVA-C02
AWS Certified Solutions Architect Associate AWS Certified Solutions Architect Associate
AWS Certified Solutions Architect Associate SAA-C03
AWS Cloud Practitioner AWS Cloud Practitioner
AWS Cloud Practitioner CLF-C02
Microsoft Study Materials
Microsoft Azure Fundamentals Microsoft Azure Fundamentals
Microsoft Azure Fundamentals AZ-900

Free CompTIA PenTest+ PT0-002 Practice Test

Prepare for the CompTIA PenTest+ PT0-002 exam with our free practice test. Randomly generated and customizable, this test allows you to choose the number of questions.

  • Questions: 15
  • Time: 15 minutes (60 seconds per question)
  • Included Objectives:
    • Reporting and Communication
    • Tools and Code Analysis
    • Information Gathering and Vulnerability Scanning
    • Planning and Scoping
    • Attacks and Exploits
Question 1 of 15

A penetration tester has been tasked with gathering information about a target company without directly interacting with the company's systems. Which of the following methods would be most effective and appropriate for the tester to utilize to obtain potential user names, technology stacks, and job roles within the company?

  • Using Shodan to scan for vulnerable company assets and extract employee information

  • Reviewing the company's open-source code contributions for potential user names and job roles

  • Social media scraping to review profiles and posts for key employee information

  • Performing DNS lookups to identify potential usernames and job roles

Question 2 of 15

Reviewing the DNS records of a target domain to determine associated subdomains and host records falls under passive reconnaissance.

  • True

  • False

Question 3 of 15

Which of the following databases is regularly updated with a list of known security vulnerabilities, and would be most useful for an aspiring penetration tester conducting OSINT?

  • Common Vulnerabilities and Exposures (CVE)

  • Public Key Infrastructure (PKI)

  • Information Assurance Vulnerability Alert (IAVA)

  • Global Information Grid (GIG)

Question 4 of 15

As a penetration tester preparing for a client engagement, you need to acquire the point of contact and registration tenure of a suspicious domain linked to your client's industry. Given the transient nature of domain registrations and the need for the most current data, which methodology would be MOST effective in obtaining the precise, real-time domain registration information?

  • Retrieving historical domain ownership information via the Internet Archive's Wayback Machine

  • Running a passive DNS analysis tool to deduce ownership based on DNS record patterns

  • Conducting a domain footprint using a search engine cache to potentially find recent contact information

  • Performing a direct WHOIS lookup using an updated WHOIS client or service

Question 5 of 15

Tokens issued by a server during a session can be scoped strictly enough to prevent interception and reuse by an unauthorized party.

  • False

  • True

Question 6 of 15

A penetration test that involves credit card data must adhere to the Health Insurance Portability and Accountability Act (HIPAA) to satisfy compliance requirements.

  • False

  • True

Question 7 of 15

A binary tree data structure can only have a maximum of two child nodes attached to each parent node.

  • Binary trees have a maximum of two child nodes per parent.

  • Binary trees can have multiple child nodes, more than two per parent.

Question 8 of 15

Repeated instances of unauthorized data exfiltration signify that user permissions are effectively governed.

  • False

  • True

Question 9 of 15

During a penetration test, you discover that an application is vulnerable to SQL injection attacks due to improperly sanitized user input. In your report, which remediation strategy would be the most effective to address this specific vulnerability?

  • Add an access control vestibule in front of the server room.

  • Enforce minimum password requirements for application users.

  • Parameterize queries to ensure user input is treated safely.

  • Implement mandatory vacations for the application development team.

Question 10 of 15

A penetration tester is crafting an email to impersonate a senior executive of a large corporation as part of a security assessment. The goal is to manipulate another high-ranking executive into disclosing sensitive company information. Which of the following tactics would be MOST effective for this scenario?

  • Initiate a generic email phishing campaign with a broad and common theme hoping to catch the executive among other employees.

  • Register a domain name that is a common misspelling of the company’s actual domain to send the email from, in the hopes that it goes unnoticed.

  • Impersonate a trusted co-worker in a department not usually interacting with the executive to increase the likelihood of the executive responding due to curiosity.

  • Craft the content to seem like an urgent issue unique to the company that requires immediate attention, using specific jargon and references known only to the executive team.

Question 11 of 15

During a penetration testing engagement, why is it important for penetration testers to limit the invasiveness of their activities?

  • To test as many systems as possible and find all vulnerabilities

  • To demonstrate the full capabilities of penetration testing tools without restriction

  • To speed up the penetration testing process and finish ahead of schedule

  • To prevent causing unintended outages or impact to out-of-scope systems

Question 12 of 15

As a penetration tester, you have identified a server that is running several unnecessary services which could potentially lead to increased attack vectors. What is the BEST course of action to take in order to improve the server's security?

  • Update all software on the server to the latest versions.

  • Install a firewall to control inbound and outbound traffic.

  • Enforce strong password policies for server access.

  • Disable all unnecessary services on the server.

Question 13 of 15

You are performing a penetration test on a web application that requires testing for Cross-Site Scripting (XSS) vulnerabilities. You need to select a tool that allows for both automated scanning and the ability to intercept and modify HTTP requests in real-time to test for reflected XSS. Which tool would be the best fit for this specific requirement?


  • Nikto

  • Gobuster

  • Burp Suite

Question 14 of 15

A penetration tester is conducting an assessment and has gained initial access to a target system. To maintain access without alerting the network-based intrusion detection system (IDS), they decide to exfiltrate sensitive data. Which of the following techniques would effectively obfuscate the data being exfiltrated and is less likely to trigger an IDS alert?

  • Encrypting the data using a symmetric encryption algorithm before transmission

  • Compressing the data into a ZIP file with password protection before transmission

  • Encoding the data with Base64 before transmission

  • Using steganography to embed the data within an image file

Question 15 of 15

Which data structure is non-linear and consists of nodes connected by edges, where nodes may have zero or more child nodes, typically used to represent hierarchical information?

  • List

  • Tree

  • Graph

  • Stack