CompTIA PenTest+ Practice Test (PT0-002)
Use the form below to configure your CompTIA PenTest+ Practice Test (PT0-002). The practice test can be configured to only include certain exam objectives and domains. You can choose between 5-90 questions and set a time limit.

CompTIA PenTest+ PT0-002 Information
CompTIA PenTest+ (PT0-002) Exam
The CompTIA PenTest+ (PT0-002) certification is designed for cybersecurity professionals who specialize in penetration testing and vulnerability assessment. It validates hands-on skills in planning, conducting, and reporting penetration tests for organizations. This certification is vendor-neutral and focuses on real-world scenarios, making it relevant for security professionals working with various technologies and environments.
Exam Overview
The PT0-002 exam consists of a maximum of 85 questions, including multiple-choice and performance-based questions. Candidates have 165 minutes to complete the test. The exam costs $392 USD. A passing score is 750 on a scale of 100 to 900. The certification is valid for three years and can be renewed through CompTIA’s continuing education program.
Exam Content
The PT0-002 exam covers five main domains: planning and scoping, information gathering and vulnerability scanning, attacks and exploits, reporting and communication, and tools and code analysis. Planning and scoping include engagement rules, compliance, and risk assessment. Information gathering and vulnerability scanning focus on reconnaissance, fingerprinting, and scanning techniques. Attacks and exploits test knowledge of network, web, wireless, and physical attacks. Reporting and communication cover documentation, remediation, and risk communication. Tools and code analysis assess scripting, automation, and exploit development.
Who Should Take This Exam?
The CompTIA PenTest+ certification is ideal for cybersecurity professionals working as penetration testers, security analysts, vulnerability assessment analysts, or red team members. It is recommended for individuals with at least three to four years of hands-on cybersecurity experience. The certification is also useful for IT professionals who want to advance their careers in offensive security.
How to Prepare
Candidates should review the official CompTIA PenTest+ Exam Objectives and study materials provided by CompTIA. Practical experience with penetration testing tools such as Metasploit, Nmap, and Burp Suite is essential. Practice exams can help assess readiness and identify weak areas. Hands-on labs and ethical hacking courses can further strengthen skills.
Summary
The CompTIA PenTest+ (PT0-002) certification is a valuable credential for cybersecurity professionals specializing in penetration testing and vulnerability assessment. It validates hands-on skills in ethical hacking, exploit development, and security testing. This certification is ideal for those pursuing careers in offensive security and ethical hacking.
Scroll down to see your responses and detailed results
Free CompTIA PenTest+ PT0-002 Practice Test
Press start when you are ready, or press Change to modify any settings for the practice test.
- Questions: 15
- Time: Unlimited
- Included Topics:Planning and ScopingInformation Gathering and Vulnerability ScanningAttacks and ExploitsReporting and CommunicationTools and Code Analysis
As a penetration tester, you are contracted to assess the security of a multinational corporation's internal network. The corporation has multiple interconnected sites and relies heavily on cloud services. Which of the following is the most important initial step to ensure that your testing does not impact systems outside of the agreed scope?
Begin testing on the client’s production cloud services to expose as many vulnerabilities as possible regardless of the scope to showcase due diligence.
Define and discuss a detailed target list with the client, including IP ranges, domains, and specified cloud services that are to be included in the assessment.
Assume all interconnected sites are in scope unless otherwise informed by the client in order to conduct a thorough test of the network.
Start with an immediate vulnerability assessment of the IP ranges connected to their primary data center to look for potential entry points.
Answer Description
Defining a comprehensive target list that specifies in-scope assets such as IP ranges, domains, and which cloud services are included in the test is crucial for ensuring that the penetration test is contained within the agreed scope. Testing beyond the specified target list could lead to unauthorized access and potential legal issues. Answers that suggest starting the test immediately or bypassing the scope with the excuse of finding additional vulnerabilities neglect the need for a structured approach and undermine the importance of prior agreement on the engagement scope.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is defining a target list important in penetration testing?
What are the risks of testing outside the agreed scope?
What should be included in a detailed target list for a penetration test?
During a penetration testing engagement, what type of restriction might limit the testing techniques or tools that a penetration tester is permitted to use?
Tool usage and testing technique restrictions
Client communication protocols
Engagement result reporting timeline
Mandatory use of company-issue devices
Target asset classification guidelines
Answer Description
The correct answer is 'Tool usage and testing technique restrictions.' These are common types of other restrictions that can be specified in the rules of engagement, limiting the types of tools and methods a penetration tester can use during an engagement. These restrictions are often imposed due to potential risks to the target environment, such as causing service disruption, or due to legal and compliance reasons. Tool restrictions may bar the use of certain aggressive or intrusive tools, while technique restrictions might limit actions like social engineering or physical security bypassing.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are some examples of tool usage restrictions in penetration testing?
Why do organizations impose testing technique restrictions during penetration testing?
How are tool usage and testing techniques documented in the rules of engagement?
During a penetration test, you have successfully exploited a vulnerability on a Windows server and have gained access to the cmd.exe command shell. You want to upgrade this shell to have enhanced capabilities, including the ability to transfer files securely and manipulate the Windows Registry from your attack platform. Which of the following actions would BEST accomplish this?
Generate a Meterpreter payload and execute it on the target system to upgrade the shell
Initiate an SSH connection to the server to enable secure file transfers
Open a PowerShell session to utilize its native features
Use the cmd.exe shell to manually transfer files using FTP
Connect to the server with a Telnet client to achieve persistent access
Deploy an additional cmd.exe shell for registry manipulation
Answer Description
Upgrading from a basic cmd.exe command shell to a Meterpreter shell would provide the most versatile and powerful functionalities for a penetration test. Meterpreter, as part of the Metasploit framework, offers enhanced features including the ability to upload/download files, manipulate the Windows Registry, interact with the file system, and use advanced pivoting techniques. Other types of shells or access methods, such as a simple SSH or Telnet connection, would not offer the same level of functionality and control over the Windows environment that the Meterpreter shell provides.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Meterpreter?
What does it mean to upgrade a shell in penetration testing?
What is the Metasploit framework?
Lack of best practices is often a root cause of widespread vulnerabilities within an organization's IT infrastructure.
False
True
Answer Description
The statement is correct because organizations failing to implement and follow industry best practices for security are likely to have more vulnerabilities. These can include widespread issues like insecure password policies, insufficient network segmentation, and the absence of regular patch management, all of which commonly result in security weaknesses exploitable by attackers.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are considered industry best practices for IT security?
What are common vulnerabilities that arise from not following best practices?
How does insufficient patch management create vulnerabilities?
After conducting a penetration test, you have identified several critical vulnerabilities due to outdated software on the client's assets. What is the BEST recommendation for remediation to include in the report?
Advise the client to manually apply updates to software when the organization deems it necessary.
Recommend implementing an automated patch management system that regularly updates software on all devices.
Suggest that all patches should be applied immediately upon release without reviewing for production readiness.
Instruct the client to conduct on-demand patch updates in response to reported vulnerabilities.
Answer Description
Regularly scheduled patch management processes are critical for ensuring that systems are kept up-to-date and protected against known vulnerabilities. By implementing an automated patch management system, an organization can ensure that patches are applied as soon as they become available, reducing the exploitation window for attackers. On-demand patch updates, while important to address urgent vulnerabilities, do not provide a consistent and proactive approach to vulnerability management. Having a manual review process prior to applying patches is an important best practice for ensuring compatibility and preventing potential issues, but it is not a substitution for a regularly scheduled patch management strategy. Simply applying patches without a well-defined process could lead to missed patches or inconsistent application, which is why it is not the best recommendation.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a patch management system?
What are the risks of outdated software due to lack of patch management?
What best practices should accompany an automated patch management system?
A penetration tester is reviewing the Statement of Work (SOW) before starting an engagement with a new client. The SOW outlines the objectives, deliverables, timelines, and milestones for the penetration test. Which of the following would MOST likely be specified in the SOW to define the extent of the penetration test?
The confidentiality agreements outlined in the non-disclosure agreement (NDA) prepared separately by legal teams.
The types of attacks the penetration tester is authorized to perform, such as social engineering or network scanning.
The risk assessment report template to be used for presenting findings to the client post engagement.
Service performance metrics that the penetration testing team must adhere to, as per the previously defined service-level agreement (SLA).
Answer Description
The SOW includes details of the tasks and responsibilities of the penetration testing team. Specifying the types of attacks allowed (e.g., social engineering, network scanning, etc.) is important to ensure both the client and the penetration tester understand the boundaries and methodologies that can be employed during the test. Conversely, an NDA relates to confidentiality agreements, an SLA to service performance metrics, and a risk assessment report to findings after an engagement, rather than the pre-defined tasks of the penetration test itself.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are the typical types of attacks specified in a SOW for penetration testing?
Why is it important to specify attack types in the SOW?
What is the significance of distinguishing between SOW, NDA, and SLA in a penetration testing context?
During a penetration test, you have identified multiple vulnerabilities within the client's network. Which of the following would be the BEST approach for highlighting these issues within the written report to ensure proper prioritization?
Provide a detailed technical description for each discovered issue
Categorize each vulnerability by its risk rating referencing a recognized framework
List the vulnerabilities in alphabetical order
Suggest immediate system downtime for all identified vulnerabilities
Answer Description
The correct answer is 'Categorize each vulnerability by its risk rating referencing a recognized framework.' This is essential because utilizing a standardized risk rating framework facilitates a clear, objective, and consistent analysis of the vulnerabilities. This enables stakeholders to understand the severity and potential impact of each issue on the business, prioritizing remediation efforts accordingly. Answer 'Provide a detailed technical description for each discovered issue' is not the best option because it only communicates the technical details without prioritization. While 'Suggest immediate system downtime for all identified vulnerabilities' may be appropriate in some critical circumstances, it is not a recommended general approach as it lacks an assessment of the individual risks and impacts. 'List the vulnerabilities in alphabetical order' does not provide any indication of their importance or potential impact, thus this is not an effective way to convey criticality to the report audience.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are some recognized frameworks for categorizing vulnerabilities?
Why is it important to prioritize vulnerabilities during a penetration test report?
What are the potential consequences of not categorizing vulnerabilities properly?
During an internal penetration test, you have gained a shell on a Windows server. Now, you aim to perform enumeration to identify domain users for potential lateral movement. What command should you use to list all users in the domain?
net user /domain
Get-LocalUser
netstat -an
dsquery
Answer Description
The net user /domain command is used to enumerate all user accounts in the domain from a Windows command line. In the context of a penetration test, after gaining a shell on a Windows server, if the server is a part of a domain, this command can be utilized to gather information about the users in that domain. This knowledge could then be leveraged to attempt lateral movement. dsquery is indeed used to query the directory service for various types of objects, but it requires specifying the object type, which is not reflected in the provided answer options. Get-LocalUser is a PowerShell cmdlet to retrieve local user accounts, not domain users. netstat displays network statistics and is unrelated to user enumeration.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is lateral movement in cybersecurity?
What does the command 'net user /domain' do?
What are the differences between 'dsquery' and 'net user /domain'?
What practice should a penetration tester implement to uphold the security principle of confidentiality when handling data acquired during an engagement?
Discuss project details with peers in public areas to obtain their input on potential findings.
Encrypt all sensitive data acquired during testing and use responsible discretion when handling this information.
Leave computers with sensitive data unlocked when not in use to enable efficient access for authorized team members.
Regularly post updates on social media platforms to establish transparency with the security community.
Answer Description
Using responsible discretion when handling the data refers to being cautious about how and where the data is stored, who has access to it, and ensuring that it is not disclosed to unauthorized parties. This is the core principle of maintaining the confidentiality of data. Encrypting the data provides an additional layer of security by rendering the data unreadable should it fall into the wrong hands, which adheres to the practice of maintaining confidentiality. Discussing project details in public undermines confidentiality, as it can lead to unauthorized disclosure of sensitive information. Failing to lock computers leaves data exposed to unauthorized access, also breaching confidentiality.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is data encryption and why is it important for confidentiality?
What are some best practices for responsibly handling sensitive data?
What are the potential consequences of failing to maintain confidentiality?
What is the primary function of theHarvester when conducting open-source intelligence during a penetration test?
Assessing the security of wireless networks by capturing and analyzing wireless traffic.
Gathering publicly accessible information such as email addresses, domain names, and hostnames from various sources like search engines and social media.
Conducting automated penetration testing and vulnerability scanning of networked systems.
Decrypting password hashes retrieved from compromised systems or data breaches.
Answer Description
The correct answer highlights theHarvester's primary function as an OSINT tool, which is to gather publicly accessible information such as email addresses, domain names, and hostnames from search engine results, as well as other public sources such as social media and websites. This functions as part of the reconnaissance phase to collect data that could be used to identify potential attack vectors. The incorrect answers do not describe the primary function of theHarvester.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does OSINT stand for and why is it important in penetration testing?
Can you give examples of tools similar to theHarvester used for information gathering?
How does theHarvester gather information from social media?
As a penetration tester, you have uncovered several security flaws within your client's network infrastructure. In order to systematically convey the severity of each finding in your report, you must adhere to an industry-standard risk rating framework. Which of the following would best allow for a consistent and quantitative expression of vulnerability severity that can be understood by both technical and non-technical stakeholders?
Employing the Common Vulnerability Scoring System (CVSS) to apply a numerical and qualitative severity level to each vulnerability
Developing an algorithmic risk matrix that combines asset value, threat capability, and vulnerability severity tailored to the client
Relying on the Common Weakness Scoring System (CWSS) to measure the risk level of each weakness without factoring in environmental metrics
Calculating severity based on the average cost of incidents associated with similar vulnerabilities in the past year
Answer Description
The Common Vulnerability Scoring System (CVSS) offers a way to rate the severity of vulnerabilities in a standardized manner, providing scores that correspond to a qualitative severity ranking. By applying CVSS, you are able to communicate the severity of vulnerabilities in a uniform way that is independent of proprietary methodologies or the potentially subjective measure of impact to the specific organization. This is the accepted industry practice for reporting severity in penetration testing and is expected knowledge for professionals. Other methods may not provide the standardization needed or could introduce confusion if the stakeholders are not familiar with a custom scoring system.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the Common Vulnerability Scoring System (CVSS)?
Why is it important to have a standardized method like CVSS for reporting vulnerabilities?
What are some limitations of other scoring systems, like the Common Weakness Scoring System (CWSS)?
What is the primary purpose of using mdk4 during a wireless penetration test?
Executing denial-of-service attacks on a Wi-Fi network
Conducting penetration tests on web applications
Cracking Wi-Fi network passwords
Searching for hidden Wi-Fi networks
Answer Description
The correct answer is that mdk4 is a tool used in wireless penetration testing to perform denial-of-service attacks against Wi-Fi networks by utilizing methods such as deauthentication and disassociation frames. This disrupts the communications between Wi-Fi clients and Access Points (APs), making it a valuable tool for testing network resilience and the effectiveness of wireless intrusion detection/prevention systems. Answer B, "Searching for hidden networks", is incorrect as this activity is typically performed by tools designed to analyze beacon frames and probe responses, such as Kismet. Answer C, "Conducting penetration tests on web applications", is obviously incorrect because mdk4 is specifically tailored for wireless network attacks rather than web application testing. Answer D, "Cracking Wi-Fi network passwords", is also incorrect, as mdk4 does not crack passwords but instead disrupts network communications.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are deauthentication and disassociation frames?
What is the significance of testing network resilience?
What other tools can be used for wireless penetration testing?
What is the primary purpose of performing a deauthentication attack in a wireless network security analysis?
To provide a client with unauthorized access to network resources
To increase the signal strength of a wireless access point
To encrypt the communication between a client and the wireless access point
To disconnect clients from a wireless network
Answer Description
A deauthentication attack is primarily used to forcibly disconnect clients from a wireless network. This could allow an attacker to capture the handshake when the client reauthenticates, which is essential for cracking the wireless password. This type of attack disrupts the normal operation and communication by sending deauthentication frames from an access point to the client or vice versa.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are deauthentication frames?
Why is capturing the handshake important in a deauthentication attack?
What are the ethical implications of performing a deauthentication attack?
During a penetration test, you discovered that an organization's server room is protected by a single door requiring a proximity card for entry. During your assessment, you noted several instances where unauthorized personnel could follow authorized personnel through the door without presenting a proximity card (tailgating). Which recommendation would best enhance physical security to mitigate this issue in the future?
Issue additional proximity cards to all personnel to ensure everyone has their own means of access.
Install an access control vestibule that requires authentication before entry to the secure area.
Set up a man trap with biometric security features at the server room entrance.
Increase the frequency of security guard patrols in the area of the server room door.
Answer Description
The correct answer is to install an access control vestibule, as it is specifically designed to prevent tailgating by enforcing a single person entry. A vestibule often has two sets of doors with an authentication process in between, ensuring that only one person can enter after authentication. A man trap is also a valid physical security measure, but it generally implies a more restrictive environment that may not be suitable for all organizations. Additional proximity cards or more frequent guard patrols would not necessarily prevent tailgating, as they do not address the issue of single-entry authentication.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a proximity card and how does it work?
What is tailgating, and why is it a security concern?
What is an access control vestibule, and how does it enhance security?
What type of control is implemented when using a fingerprint scanner to restrict access to a secure data center?
Time-of-day restriction
Mandatory vacation
Biometric control
Network segmentation
Role-based access control
Encryption control
Answer Description
A fingerprint scanner is a type of biometric control because it uses unique biological characteristics of an individual, in this case their fingerprint, to authenticate and authorize access. It relies on physical traits, which are difficult to forge or duplicate, thus providing a strong linkage between the individual and the access control system.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are biometric controls and how do they work?
What makes biometric authentication more secure than traditional methods?
Are there any limitations or challenges related to biometric controls?
That's It!
Looks like that's it! You can go back and review your answers or click the button below to grade your test.