00:15:00

CompTIA PenTest+ Practice Test (PT0-002)

Use the form below to configure your CompTIA PenTest+ Practice Test (PT0-002). The practice test can be configured to only include certain exam objectives and domains. You can choose between 5-100 questions and set a time limit.

Logo for CompTIA PenTest+ PT0-002
Questions
Number of questions in the practice test
Free users are limited to 20 questions, upgrade to unlimited
Seconds Per Question
Determines how long you have to finish the practice test
Exam Objectives
Which exam objectives should be included in the practice test

CompTIA PenTest+ PT0-002 Information

CompTIA PenTest+ (PT0-002) Exam

The CompTIA PenTest+ (PT0-002) certification is designed for cybersecurity professionals who specialize in penetration testing and vulnerability assessment. It validates hands-on skills in planning, conducting, and reporting penetration tests for organizations. This certification is vendor-neutral and focuses on real-world scenarios, making it relevant for security professionals working with various technologies and environments.

Exam Overview

The PT0-002 exam consists of a maximum of 85 questions, including multiple-choice and performance-based questions. Candidates have 165 minutes to complete the test. The exam costs $392 USD. A passing score is 750 on a scale of 100 to 900. The certification is valid for three years and can be renewed through CompTIA’s continuing education program.

Exam Content

The PT0-002 exam covers five main domains: planning and scoping, information gathering and vulnerability scanning, attacks and exploits, reporting and communication, and tools and code analysis. Planning and scoping include engagement rules, compliance, and risk assessment. Information gathering and vulnerability scanning focus on reconnaissance, fingerprinting, and scanning techniques. Attacks and exploits test knowledge of network, web, wireless, and physical attacks. Reporting and communication cover documentation, remediation, and risk communication. Tools and code analysis assess scripting, automation, and exploit development.

Who Should Take This Exam?

The CompTIA PenTest+ certification is ideal for cybersecurity professionals working as penetration testers, security analysts, vulnerability assessment analysts, or red team members. It is recommended for individuals with at least three to four years of hands-on cybersecurity experience. The certification is also useful for IT professionals who want to advance their careers in offensive security.

How to Prepare

Candidates should review the official CompTIA PenTest+ Exam Objectives and study materials provided by CompTIA. Practical experience with penetration testing tools such as Metasploit, Nmap, and Burp Suite is essential. Practice exams can help assess readiness and identify weak areas. Hands-on labs and ethical hacking courses can further strengthen skills.

Summary

The CompTIA PenTest+ (PT0-002) certification is a valuable credential for cybersecurity professionals specializing in penetration testing and vulnerability assessment. It validates hands-on skills in ethical hacking, exploit development, and security testing. This certification is ideal for those pursuing careers in offensive security and ethical hacking.

Free CompTIA PenTest+ PT0-002 Practice Test

Press start when you are ready, or press Change to modify any settings for the practice test.

  • Questions: 15
  • Time: Unlimited
  • Included Topics:
    Planning and Scoping
    Information Gathering and Vulnerability Scanning
    Attacks and Exploits
    Reporting and Communication
    Tools and Code Analysis
Question 1 of 15

While performing a security assessment for a company's wireless network, you notice an unverified access point with a network name mimicking that of the organization's officially used names for Wi-Fi connections. What technique would be most effective in confirming whether this access point is unauthorized and set up with malicious intent?

  • You selected this option

    Review the list of devices connected to the sanctioned network points to see if the dubious device is listed as a client.

  • You selected this option

    Intercept and scrutinize the data packets from the network point in question for inconsistencies with the organization's wireless security protocols.

  • You selected this option

    Interview staff members to verify whether they recognize or have connected to this network point to collect data on its authenticity.

  • You selected this option

    Change the network names used by the organization's official Wi-Fi to determine if the questionable access point adapts its broadcasted name in response.

Question 2 of 15

During an active reconnaissance phase, a penetration tester is examining a web application's URLs. Which component of a URL should be scrutinized to identify possible injection points that could be manipulated for exploitation?

  • You selected this option

    Hostname

  • You selected this option

    Path directories

  • You selected this option

    Query parameters

  • You selected this option

    Protocol

Question 3 of 15

A penetration test that involves credit card data must adhere to the Health Insurance Portability and Accountability Act (HIPAA) to satisfy compliance requirements.

  • You selected this option

    True

  • You selected this option

    False

Question 4 of 15

In the context of network security, what is the primary purpose of using a tool that employs the technique known as 'sniffing'?

  • You selected this option

    Broadcasting service set identifiers (SSIDs)

  • You selected this option

    Decrypting SSL/TLS traffic

  • You selected this option

    Monitoring and capturing network traffic

  • You selected this option

    Injecting traffic into the network

Question 5 of 15

What is the primary purpose of using the Open Security Content Automation Protocol in the context of a penetration test?

  • You selected this option

    To decode encrypted files

  • You selected this option

    To standardize the way security software communicates information about public vulnerabilities and configuration issues

  • You selected this option

    To crack passwords and hashes

  • You selected this option

    To perform social engineering attacks

Question 6 of 15

As a penetration tester, you have been tasked to assess the security of a company's wireless infrastructure. You decide to simulate an evil twin attack to test the network's resilience to credential theft. Which tool would you use to create a rogue access point that replicates the company's WPA2-Enterprise network in order to capture employee credentials?

  • You selected this option

    Implement Kismet for network detection and packet sniffing on the target wireless network.

  • You selected this option

    Deploy mdk4 to conduct a denial-of-service attack on the network, effectively disrupting the wireless services.

  • You selected this option

    Utilize Aircrack-ng to crack the WPA2 password and gain unauthorized access to sensitive information.

  • You selected this option

    Use EAPHammer to create the rogue access point and facilitate the attack to capture credentials.

Question 7 of 15

During a penetration test, you aim to demonstrate the impact of compromised data integrity on a network file system that contains critical operational data. Which attack method would BEST demonstrate the potential for data corruption in the network file system?

  • You selected this option

    Exploiting weak service configuration

  • You selected this option

    Implementing an ARP poisoning attack

  • You selected this option

    Overloading the system with excessive traffic

  • You selected this option

    Introducing malformed or non-standard data structures

Question 8 of 15

As a penetration tester, you are contracted to assess the security of a multinational corporation's internal network. The corporation has multiple interconnected sites and relies heavily on cloud services. Which of the following is the most important initial step to ensure that your testing does not impact systems outside of the agreed scope?

  • You selected this option

    Define and discuss a detailed target list with the client, including IP ranges, domains, and specified cloud services that are to be included in the assessment.

  • You selected this option

    Assume all interconnected sites are in scope unless otherwise informed by the client in order to conduct a thorough test of the network.

  • You selected this option

    Begin testing on the client’s production cloud services to expose as many vulnerabilities as possible regardless of the scope to showcase due diligence.

  • You selected this option

    Start with an immediate vulnerability assessment of the IP ranges connected to their primary data center to look for potential entry points.

Question 9 of 15

During a penetration test, you identify that a web application displays verbose error messages with stack traces when invalid input is submitted. What vulnerability does this improper error handling indicate?

  • You selected this option

    Information disclosure

  • You selected this option

    SQL injection

  • You selected this option

    Buffer overflow

  • You selected this option

    Input validation

Question 10 of 15

During a penetration test, you have successfully exploited a vulnerability on a Windows server and have gained access to the cmd.exe command shell. You want to upgrade this shell to have enhanced capabilities, including the ability to transfer files securely and manipulate the Windows Registry from your attack platform. Which of the following actions would BEST accomplish this?

  • You selected this option

    Initiate an SSH connection to the server to enable secure file transfers

  • You selected this option

    Deploy an additional cmd.exe shell for registry manipulation

  • You selected this option

    Use the cmd.exe shell to manually transfer files using FTP

  • You selected this option

    Generate a Meterpreter payload and execute it on the target system to upgrade the shell

  • You selected this option

    Open a PowerShell session to utilize its native features

  • You selected this option

    Connect to the server with a Telnet client to achieve persistent access

Question 11 of 15

When conducting a vulnerability assessment, which method would best assist a penetration tester in evading detection by a network-based anomaly detection system?

  • You selected this option

    Sending ICMP echo requests at regular intervals

  • You selected this option

    Performing a full connect scan with default settings

  • You selected this option

    Conducting a fragmented packet scan

  • You selected this option

    Scanning using only the most common ports

Question 12 of 15

During an active reconnaissance phase, a penetration tester is analyzing the URLs of a client's web application to determine entry points and possible vulnerabilities. Which of the following URL formats is MOST likely to be useful for identifying potential parameters for testing inputs or discovering hidden directories?

Question 13 of 15

What is the primary goal of utilizing the methodology outlined in the OSSTMM during a penetration testing engagement?

  • You selected this option

    To quantify the financial investment in security controls.

  • You selected this option

    To provide a scientific methodology for the accurate representation of operational security.

  • You selected this option

    To establish a comprehensive risk management framework.

  • You selected this option

    To facilitate the creation of new security technologies.

Question 14 of 15

Which principle of influence might an attacker leverage when they convince a victim that a limited number of security software licenses are available at a discount, prompting immediate action?

  • You selected this option

    Authority

  • You selected this option

    Scarcity

  • You selected this option

    Urgency

  • You selected this option

    Social proof

Question 15 of 15

During an internal security assessment, a penetration tester needs to identify live hosts without performing a full port scan, to reduce network congestion. Which of the following Nmap options would be most appropriate for the tester to use to simply ping the hosts?

  • You selected this option

    -sV

  • You selected this option

    -A

  • You selected this option

    -p

  • You selected this option

    -sn