00:15:00

CompTIA PenTest+ Practice Test (PT0-002)

Use the form below to configure your CompTIA PenTest+ Practice Test (PT0-002). The practice test can be configured to only include certain exam objectives and domains. You can choose between 5-90 questions and set a time limit.

Logo for CompTIA PenTest+ PT0-002
Questions
Number of questions in the practice test
Free users are limited to 20 questions, upgrade to unlimited
Seconds Per Question
Determines how long you have to finish the practice test
Exam Objectives
Which exam objectives should be included in the practice test

CompTIA PenTest+ PT0-002 Information

CompTIA PenTest+ (PT0-002) Exam

The CompTIA PenTest+ (PT0-002) certification is designed for cybersecurity professionals who specialize in penetration testing and vulnerability assessment. It validates hands-on skills in planning, conducting, and reporting penetration tests for organizations. This certification is vendor-neutral and focuses on real-world scenarios, making it relevant for security professionals working with various technologies and environments.

Exam Overview

The PT0-002 exam consists of a maximum of 85 questions, including multiple-choice and performance-based questions. Candidates have 165 minutes to complete the test. The exam costs $392 USD. A passing score is 750 on a scale of 100 to 900. The certification is valid for three years and can be renewed through CompTIA’s continuing education program.

Exam Content

The PT0-002 exam covers five main domains: planning and scoping, information gathering and vulnerability scanning, attacks and exploits, reporting and communication, and tools and code analysis. Planning and scoping include engagement rules, compliance, and risk assessment. Information gathering and vulnerability scanning focus on reconnaissance, fingerprinting, and scanning techniques. Attacks and exploits test knowledge of network, web, wireless, and physical attacks. Reporting and communication cover documentation, remediation, and risk communication. Tools and code analysis assess scripting, automation, and exploit development.

Who Should Take This Exam?

The CompTIA PenTest+ certification is ideal for cybersecurity professionals working as penetration testers, security analysts, vulnerability assessment analysts, or red team members. It is recommended for individuals with at least three to four years of hands-on cybersecurity experience. The certification is also useful for IT professionals who want to advance their careers in offensive security.

How to Prepare

Candidates should review the official CompTIA PenTest+ Exam Objectives and study materials provided by CompTIA. Practical experience with penetration testing tools such as Metasploit, Nmap, and Burp Suite is essential. Practice exams can help assess readiness and identify weak areas. Hands-on labs and ethical hacking courses can further strengthen skills.

Summary

The CompTIA PenTest+ (PT0-002) certification is a valuable credential for cybersecurity professionals specializing in penetration testing and vulnerability assessment. It validates hands-on skills in ethical hacking, exploit development, and security testing. This certification is ideal for those pursuing careers in offensive security and ethical hacking.

Free CompTIA PenTest+ PT0-002 Practice Test

Press start when you are ready, or press Change to modify any settings for the practice test.

  • Questions: 15
  • Time: Unlimited
  • Included Topics:
    Planning and Scoping
    Information Gathering and Vulnerability Scanning
    Attacks and Exploits
    Reporting and Communication
    Tools and Code Analysis
Question 1 of 15

As a penetration tester, you are contracted to assess the security of a multinational corporation's internal network. The corporation has multiple interconnected sites and relies heavily on cloud services. Which of the following is the most important initial step to ensure that your testing does not impact systems outside of the agreed scope?

  • Begin testing on the client’s production cloud services to expose as many vulnerabilities as possible regardless of the scope to showcase due diligence.

  • Define and discuss a detailed target list with the client, including IP ranges, domains, and specified cloud services that are to be included in the assessment.

  • Assume all interconnected sites are in scope unless otherwise informed by the client in order to conduct a thorough test of the network.

  • Start with an immediate vulnerability assessment of the IP ranges connected to their primary data center to look for potential entry points.

Question 2 of 15

During a penetration testing engagement, what type of restriction might limit the testing techniques or tools that a penetration tester is permitted to use?

  • Tool usage and testing technique restrictions

  • Client communication protocols

  • Engagement result reporting timeline

  • Mandatory use of company-issue devices

  • Target asset classification guidelines

Question 3 of 15

During a penetration test, you have successfully exploited a vulnerability on a Windows server and have gained access to the cmd.exe command shell. You want to upgrade this shell to have enhanced capabilities, including the ability to transfer files securely and manipulate the Windows Registry from your attack platform. Which of the following actions would BEST accomplish this?

  • Generate a Meterpreter payload and execute it on the target system to upgrade the shell

  • Initiate an SSH connection to the server to enable secure file transfers

  • Open a PowerShell session to utilize its native features

  • Use the cmd.exe shell to manually transfer files using FTP

  • Connect to the server with a Telnet client to achieve persistent access

  • Deploy an additional cmd.exe shell for registry manipulation

Question 4 of 15

Lack of best practices is often a root cause of widespread vulnerabilities within an organization's IT infrastructure.

  • False

  • True

Question 5 of 15

After conducting a penetration test, you have identified several critical vulnerabilities due to outdated software on the client's assets. What is the BEST recommendation for remediation to include in the report?

  • Advise the client to manually apply updates to software when the organization deems it necessary.

  • Recommend implementing an automated patch management system that regularly updates software on all devices.

  • Suggest that all patches should be applied immediately upon release without reviewing for production readiness.

  • Instruct the client to conduct on-demand patch updates in response to reported vulnerabilities.

Question 6 of 15

A penetration tester is reviewing the Statement of Work (SOW) before starting an engagement with a new client. The SOW outlines the objectives, deliverables, timelines, and milestones for the penetration test. Which of the following would MOST likely be specified in the SOW to define the extent of the penetration test?

  • The confidentiality agreements outlined in the non-disclosure agreement (NDA) prepared separately by legal teams.

  • The types of attacks the penetration tester is authorized to perform, such as social engineering or network scanning.

  • The risk assessment report template to be used for presenting findings to the client post engagement.

  • Service performance metrics that the penetration testing team must adhere to, as per the previously defined service-level agreement (SLA).

Question 7 of 15

During a penetration test, you have identified multiple vulnerabilities within the client's network. Which of the following would be the BEST approach for highlighting these issues within the written report to ensure proper prioritization?

  • Provide a detailed technical description for each discovered issue

  • Categorize each vulnerability by its risk rating referencing a recognized framework

  • List the vulnerabilities in alphabetical order

  • Suggest immediate system downtime for all identified vulnerabilities

Question 8 of 15

During an internal penetration test, you have gained a shell on a Windows server. Now, you aim to perform enumeration to identify domain users for potential lateral movement. What command should you use to list all users in the domain?

  • net user /domain

  • Get-LocalUser

  • netstat -an

  • dsquery

Question 9 of 15

What practice should a penetration tester implement to uphold the security principle of confidentiality when handling data acquired during an engagement?

  • Discuss project details with peers in public areas to obtain their input on potential findings.

  • Encrypt all sensitive data acquired during testing and use responsible discretion when handling this information.

  • Leave computers with sensitive data unlocked when not in use to enable efficient access for authorized team members.

  • Regularly post updates on social media platforms to establish transparency with the security community.

Question 10 of 15

What is the primary function of theHarvester when conducting open-source intelligence during a penetration test?

  • Assessing the security of wireless networks by capturing and analyzing wireless traffic.

  • Gathering publicly accessible information such as email addresses, domain names, and hostnames from various sources like search engines and social media.

  • Conducting automated penetration testing and vulnerability scanning of networked systems.

  • Decrypting password hashes retrieved from compromised systems or data breaches.

Question 11 of 15

As a penetration tester, you have uncovered several security flaws within your client's network infrastructure. In order to systematically convey the severity of each finding in your report, you must adhere to an industry-standard risk rating framework. Which of the following would best allow for a consistent and quantitative expression of vulnerability severity that can be understood by both technical and non-technical stakeholders?

  • Employing the Common Vulnerability Scoring System (CVSS) to apply a numerical and qualitative severity level to each vulnerability

  • Developing an algorithmic risk matrix that combines asset value, threat capability, and vulnerability severity tailored to the client

  • Relying on the Common Weakness Scoring System (CWSS) to measure the risk level of each weakness without factoring in environmental metrics

  • Calculating severity based on the average cost of incidents associated with similar vulnerabilities in the past year

Question 12 of 15

What is the primary purpose of using mdk4 during a wireless penetration test?

  • Executing denial-of-service attacks on a Wi-Fi network

  • Conducting penetration tests on web applications

  • Cracking Wi-Fi network passwords

  • Searching for hidden Wi-Fi networks

Question 13 of 15

What is the primary purpose of performing a deauthentication attack in a wireless network security analysis?

  • To provide a client with unauthorized access to network resources

  • To increase the signal strength of a wireless access point

  • To encrypt the communication between a client and the wireless access point

  • To disconnect clients from a wireless network

Question 14 of 15

During a penetration test, you discovered that an organization's server room is protected by a single door requiring a proximity card for entry. During your assessment, you noted several instances where unauthorized personnel could follow authorized personnel through the door without presenting a proximity card (tailgating). Which recommendation would best enhance physical security to mitigate this issue in the future?

  • Issue additional proximity cards to all personnel to ensure everyone has their own means of access.

  • Install an access control vestibule that requires authentication before entry to the secure area.

  • Set up a man trap with biometric security features at the server room entrance.

  • Increase the frequency of security guard patrols in the area of the server room door.

Question 15 of 15

What type of control is implemented when using a fingerprint scanner to restrict access to a secure data center?

  • Time-of-day restriction

  • Mandatory vacation

  • Biometric control

  • Network segmentation

  • Role-based access control

  • Encryption control