Courseiva
Back to certifications

CompTIA certification practice

PT0-002 CompTIA PenTest+ PT0-002 practice test

Use this page to practise PT0-002 CompTIA PenTest+ PT0-002 practice test. The goal is not to memorise dumps, but to understand the concept, review the explanation and improve your exam readiness. CompTIA exams reward broad practical understanding. Courseiva helps you practise IT support, networking, security and troubleshooting concepts with realistic questions and clear answer explanations.

Start practiceBrowse exam questions
300
practice questions
Mapped
exam topics
PT0-002
exam code
CompTIA
vendor
Last reviewed: May 2026 · aligned to official blueprint

Exam guide

How to use this PT0-002 practice test

Start with a short practice session, review each missed answer, then return to the topics that caused mistakes.

Quick answer

CompTIA PenTest+ PT0-002 questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Related practice questions

Focused PT0-002 topic practice pages

Use these internal links to move from the exam guide into focused topic practice pages.

PT0-002 fundamentals practice questions

Practise PT0-002 questions linked to PT0-002 fundamentals.

PT0-002 scenario practice questions

Practise PT0-002 questions linked to PT0-002 scenario.

PT0-002 troubleshooting practice questions

Practise PT0-002 questions linked to PT0-002 troubleshooting.

Sample questions from this exam

Question 1hardmultiple choice
Full question →

A penetration tester discovers a remote command injection vulnerability in a Java-based web application on a Windows server. The tester wants to execute a PowerShell reverse shell. Which encoding technique is most effective to avoid filter restrictions on special characters?

Full question →
Question 2easymultiple choice
Full question →

A penetration tester is analyzing a Bash script that contains the following line: 'for ip in $(cat ip_list.txt); do nc -zv $ip 22; done'. What is the primary purpose of this script?

Full question →
Question 3mediummultiple choice
Full question →

A penetration tester discovers a Java application that deserializes user-controlled data without validation. The tester crafts a malicious serialized object that executes a command upon deserialization. The application runs on a Linux server with a standard Java runtime. Which of the following is the most likely outcome if the malicious object is accepted?

Full question →
Question 4mediummultiple choice
Full question →

A penetration tester is writing the executive summary for a report. The client's CEO needs to understand the business impact of a critical SQL injection vulnerability. Which of the following should the tester include?

Full question →
Question 5mediummultiple choice
Full question →

A penetration tester has gained a low-privileged shell on a Linux server. During enumeration, the tester discovers a binary with the SUID bit set that belongs to root and is known to have a buffer overflow vulnerability. What is the MOST effective next step to escalate privileges?

Full question →
Question 6hardmultiple choice
Full question →

A penetration tester has obtained a TGT from a domain controller by cracking the krbtgt hash. Which attack can the tester now perform to gain persistent administrative access to any resource in the domain?

Full question →
Free PT0-002 CompTIA PenTest+ PT0-002 Practice Test | Courseiva | Courseiva