00:15:00

CompTIA PenTest+ Practice Test (PT0-002)

Use the form below to configure your CompTIA PenTest+ Practice Test (PT0-002). The practice test can be configured to only include certain exam objectives and domains. You can choose between 5-100 questions and set a time limit.

Logo for CompTIA PenTest+ PT0-002
Questions
Number of questions in the practice test
Free users are limited to 20 questions, upgrade to unlimited
Seconds Per Question
Determines how long you have to finish the practice test
Exam Objectives
Which exam objectives should be included in the practice test

CompTIA PenTest+ PT0-002 Information

CompTIA PenTest+ (PT0-002) Exam

The CompTIA PenTest+ (PT0-002) certification is designed for cybersecurity professionals who specialize in penetration testing and vulnerability assessment. It validates hands-on skills in planning, conducting, and reporting penetration tests for organizations. This certification is vendor-neutral and focuses on real-world scenarios, making it relevant for security professionals working with various technologies and environments.

Exam Overview

The PT0-002 exam consists of a maximum of 85 questions, including multiple-choice and performance-based questions. Candidates have 165 minutes to complete the test. The exam costs $392 USD. A passing score is 750 on a scale of 100 to 900. The certification is valid for three years and can be renewed through CompTIA’s continuing education program.

Exam Content

The PT0-002 exam covers five main domains: planning and scoping, information gathering and vulnerability scanning, attacks and exploits, reporting and communication, and tools and code analysis. Planning and scoping include engagement rules, compliance, and risk assessment. Information gathering and vulnerability scanning focus on reconnaissance, fingerprinting, and scanning techniques. Attacks and exploits test knowledge of network, web, wireless, and physical attacks. Reporting and communication cover documentation, remediation, and risk communication. Tools and code analysis assess scripting, automation, and exploit development.

Who Should Take This Exam?

The CompTIA PenTest+ certification is ideal for cybersecurity professionals working as penetration testers, security analysts, vulnerability assessment analysts, or red team members. It is recommended for individuals with at least three to four years of hands-on cybersecurity experience. The certification is also useful for IT professionals who want to advance their careers in offensive security.

How to Prepare

Candidates should review the official CompTIA PenTest+ Exam Objectives and study materials provided by CompTIA. Practical experience with penetration testing tools such as Metasploit, Nmap, and Burp Suite is essential. Practice exams can help assess readiness and identify weak areas. Hands-on labs and ethical hacking courses can further strengthen skills.

Summary

The CompTIA PenTest+ (PT0-002) certification is a valuable credential for cybersecurity professionals specializing in penetration testing and vulnerability assessment. It validates hands-on skills in ethical hacking, exploit development, and security testing. This certification is ideal for those pursuing careers in offensive security and ethical hacking.

Free CompTIA PenTest+ PT0-002 Practice Test

Press start when you are ready, or press Change to modify any settings for the practice test.

  • Questions: 15
  • Time: Unlimited
  • Included Topics:
    Planning and Scoping
    Information Gathering and Vulnerability Scanning
    Attacks and Exploits
    Reporting and Communication
    Tools and Code Analysis
Question 1 of 15

As a penetration tester, you have uncovered several security flaws within your client's network infrastructure. In order to systematically convey the severity of each finding in your report, you must adhere to an industry-standard risk rating framework. Which of the following would best allow for a consistent and quantitative expression of vulnerability severity that can be understood by both technical and non-technical stakeholders?

  • You selected this option

    Calculating severity based on the average cost of incidents associated with similar vulnerabilities in the past year

  • You selected this option

    Relying on the Common Weakness Scoring System (CWSS) to measure the risk level of each weakness without factoring in environmental metrics

  • You selected this option

    Developing an algorithmic risk matrix that combines asset value, threat capability, and vulnerability severity tailored to the client

  • You selected this option

    Employing the Common Vulnerability Scoring System (CVSS) to apply a numerical and qualitative severity level to each vulnerability

Question 2 of 15

Your penetration testing firm has been contracted to conduct a security assessment of a web application. The client has specified the use of recognized industry standards. As part of your scoping document, you decide to incorporate the OWASP Top 10 to structure the testing methodology. Which of the following best describes the relevance of including the OWASP Top 10 in your scoping document?

  • You selected this option

    It helps prioritize the focus of the penetration test on common web application vulnerabilities recognized as significant industry-wide.

  • You selected this option

    It provides a complete list of all possible vulnerabilities in any given web application, ensuring a penetration test will cover every known vulnerability.

  • You selected this option

    It mandates a mandatory checklist that the client must resolve before a penetration test can be considered valid.

  • You selected this option

    It sets the legal framework for conducting penetration tests, ensuring compliance with international laws and regulations.

Question 3 of 15

When conducting a security assessment of a web application, you discover that the application fails to properly restrict URL access to a function that should only be accessible to users with administrative privileges. Through this functionality, non-admin users can perform sensitive operations which poses a significant security risk. Based on the OWASP Top 10 list, which vulnerability category does this scenario BEST align with?

  • You selected this option

    A01:2021-Broken Access Control

  • You selected this option

    A03:2021-Injection

  • You selected this option

    A04:2021-Insecure Direct Object References (IDOR)

  • You selected this option

    A10:2021-Insufficient Logging & Monitoring

Question 4 of 15

When attempting to reverse engineer an executable file to uncover potential vulnerabilities, which technique is MOST effective for understanding the high-level logic and control flow without executing the code?

  • You selected this option

    Performing static analysis of the code

  • You selected this option

    Observing the behavior of the application through dynamic analysis

  • You selected this option

    Reviewing the application logs for error messages and system events

  • You selected this option

    Conducting a fuzz test to identify potential memory leaks or crashes

Question 5 of 15

During a passive reconnaissance mission, you discover that the secure communication certificate used by the target organization's web server has been invalidated. Which option should you choose to most authoritatively confirm the current status of this certificate?

  • You selected this option

    Employ an automated scanning tool to analyze the server's encryption protocols and identify any invalidations.

  • You selected this option

    Conduct a WHOIS domain lookup to see if there is any mention of certificate invalidation.

  • You selected this option

    Use the Online Certificate Status Protocol (OCSP) to verify the current status directly from the issuing authority.

  • You selected this option

    Inspect the browser's security panel while accessing the website for any security warnings.

Question 6 of 15

A penetration tester is conducting passive reconnaissance to gather information about the security posture of a company. Which source would provide the most comprehensive list of known vulnerabilities associated with the company's publicly acknowledged software?

  • You selected this option

    Job listings revealing the technology stack

  • You selected this option

    Common weakness enumeration (CWE) listings

  • You selected this option

    Strategic search engine analysis of the company

  • You selected this option

    Common vulnerabilities and exposures (CVE) listings

Question 7 of 15

A penetration tester has gained access to a network and would like to determine what other machines are active on the subnet. Which of the following techniques should the tester use to quickly and efficiently enumerate devices on the network without triggering potential intrusion detection systems?

  • You selected this option

    Service version scan

  • You selected this option

    ARP scan

  • You selected this option

    Port scan with SYN packets

  • You selected this option

    ICMP echo request

Question 8 of 15

What set of standards pertains specifically to the security of cardholder data and is critical for organizations that handle branded credit cards from the major card schemes?

  • You selected this option

    Payment Card Industry Data Security Standard (PCI DSS)

  • You selected this option

    General Data Protection Regulation (GDPR)

  • You selected this option

    Health Insurance Portability and Accountability Act (HIPAA)

  • You selected this option

    Federal Information Security Management Act (FISMA)

Question 9 of 15

Which type of control would include establishing a policy that mandates regular security awareness training for all employees?

  • You selected this option

    Operational control

  • You selected this option

    Administrative control

  • You selected this option

    Physical control

  • You selected this option

    Technical control

Question 10 of 15

During a penetration test, you’re tasked with analyzing a network’s organizational schema exported from an Active Directory environment. The schema is presented in a hierarchical JSON format that must be walked through to identify potential privileged users for further targeting. Which of the following data structures is most appropriate for representing and processing this hierarchical schema?

  • You selected this option

    Tree

  • You selected this option

    Hash table

  • You selected this option

    List

  • You selected this option

    Stack

Question 11 of 15

During a security assessment of a web application, you notice that carefully crafted inputs that should result in server-side errors do not produce discernible changes in the application's output. To confirm your suspicions of a potential back-end data store vulnerability, which technique would be most effective given the lack of informative responses?

  • You selected this option

    Input crafted payloads that result in immediate reflection in application output to validate execution against the server's data handler.

  • You selected this option

    Send an input that would typically generate an error and check for specific error messaging in the response.

  • You selected this option

    Rely on automated tools using common payloads that produce detailed error messages to identify potential data extraction points.

  • You selected this option

    Initiate a timing attack by sending a payload designed to trigger a delay in the application response indicative of successful execution on the data store.

Question 12 of 15

Running an ARP poisoning attack can allow an attacker to intercept and modify traffic between two other hosts on the same network segment without being detected by network intrusion detection systems.

  • You selected this option

    False

  • You selected this option

    True

Question 13 of 15

During the initial meeting with a client for a penetration testing project, the client specifies that they want a comprehensive assessment of their infrastructure within a strict timeline. However, the client has numerous third-party hosted services that are critical to their operations. As an ethical hacker, which of the following steps is MOST important to perform next?

  • You selected this option

    Assume responsibility for any legal issues with third-party vendors that might arise during the testing procedure.

  • You selected this option

    Advice the client that testing third-party services is not required since it is beyond the client's direct control.

  • You selected this option

    Validate the scope of engagement by questioning the client and reviewing the contracts pertaining to the third-party services.

  • You selected this option

    Immediately start testing the client's internal network to map out all accessible devices and services.

Question 14 of 15

When preparing for a penetration test, which strategy BEST aligns with the concept of unknown-environment testing?

  • You selected this option

    Comprehensive documentation review of the target's systems

  • You selected this option

    Utilizing findings from previous penetration tests conducted on the target

  • You selected this option

    Cursory reconnaissance to gather basic information on the target

  • You selected this option

    Intensive source code analysis of the target's applications

Question 15 of 15

A penetration tester is tasked with evaluating the security of a mobile application. The tester wants to analyze the behavior of the application in a controlled environment to observe how it interacts with system resources and other applications. Which of the following is the BEST method to accomplish this goal?

  • You selected this option

    Leveraging a mobile security framework for static code analysis

  • You selected this option

    Deploying the application on a segmented area of the production network

  • You selected this option

    Using a mobile device emulator

  • You selected this option

    Running the application on a jailbroken device with monitoring tools