Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Free Resources

Difficulty IndexLearn — Free ChaptersIT GlossaryFree Tools & LabsStudy GuidesCareer RoadmapsBrowse by VendorCisco Command ReferenceCCNA Scenarios

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsPT0-002DomainsPlanning and Scoping
PT0-002Free — No Signup

Planning and Scoping

Practice PT0-002 Planning and Scoping questions with full explanations on every answer.

74questions

Start practicing

Planning and Scoping — choose a session length

10 questions~10 min20 questions~20 min30 questions~30 min50 questions~50 min

Free · No account required

PT0-002 Domains

Information Gathering and Vulnerability ScanningPlanning and ScopingReporting and CommunicationAttacks and ExploitsTools and Code Analysis

Practice Planning and Scoping questions

10Q20Q30Q50Q

All PT0-002 Planning and Scoping questions (74)

Start session

Click any question to see the full explanation and answer options, or start a focused practice session above.

1

A penetration tester is hired to assess the security of a company's internal network. The tester is given full network diagrams, credentials, and source code. Which type of penetration test is being performed?

2

During a pre-engagement meeting, the client states that no testing is allowed on the wireless network or on any cloud-based services hosted by third parties. Which part of the engagement documentation would specify these restrictions?

3

A penetration testing company is contracted to perform a social engineering engagement. The client requests that only employees in the finance department be targeted. Which scoping consideration is most relevant?

4

A penetration tester discovers evidence of ongoing criminal activity, such as a data breach by an internal employee, during a white box penetration test. The client's legal team has not provided specific instructions on handling such discoveries. According to best practices and legal considerations, what should the tester do first?

5

Which penetration testing standard provides a structured methodology for conducting penetration tests, including pre-engagement, reconnaissance, and reporting phases?

6

A company wants to simulate a real-world attack scenario where the penetration tester has no prior knowledge of the environment and must act as an external threat actor. However, the tester is allowed to use social engineering to gain initial access. Which type of engagement is most appropriate?

7

A penetration tester is conducting a grey box test on a web application. During the test, the tester discovers that the application is hosted on a cloud infrastructure that belongs to a third-party provider. The client did not mention this provider in the scope. What is the best course of action regarding testing this infrastructure?

8

Which legal framework in the United States prohibits unauthorized access to computer systems and is commonly referenced in penetration testing authorization documents?

9

A penetration tester is preparing a deliverable for a client. Which of the following should be included in the final report?

10

A penetration tester is planning a test that involves scanning for vulnerabilities across a large IP range. The client has provided a list of IPs that are in-scope, but the tester notices that some IPs belong to a third-party company hosting a client application. What should the tester do?

11

A penetration tester is conducting a wireless penetration test. The client's rules of engagement state that testing must not disrupt production services. During the test, the tester's de-authentication attack causes the company's guest Wi-Fi to go offline. What should the tester do?

12

Which of the following is the primary purpose of a get-out-of-jail letter in a penetration testing engagement?

13

A penetration testing company is scoping a test for a client. The client wants to ensure that testing does not impact production systems. Which TWO of the following are appropriate scoping considerations? (Select TWO.)

14

A penetration tester is preparing a post-engagement deliverable. Which THREE of the following should be included in the final report? (Select THREE.)

15

Which TWO of the following are types of penetration testing based on the level of knowledge provided to the tester? (Select TWO.)

16

A penetration tester is hired to perform an assessment where the tester is provided with network diagrams, source code, and administrative credentials. Which type of penetration test is this?

17

Which document defines the IP ranges that are in scope, testing windows, and emergency stop criteria for a penetration test?

18

A penetration tester is planning a social engineering engagement targeting employees of a client. The client requests that only non-managerial staff be tested. Which scoping consideration is most directly affected by this request?

19

During a penetration test, the tester discovers evidence of an ongoing data breach that appears to involve criminal activity unrelated to the test scope. What is the tester's primary responsibility regarding this discovery?

20

A penetration tester is engaged to test a web application that uses a third-party payment gateway. The client has not obtained permission from the payment gateway provider. Which of the following is the best course of action?

21

Which of the following penetration testing standards includes detailed guidelines for pre-engagement interactions, intelligence gathering, threat modeling, vulnerability analysis, exploitation, post-exploitation, and reporting?

22

A company hires a penetration testing firm to simulate the tactics, techniques, and procedures of a real adversary. The engagement includes attempting to achieve specific objectives without being detected. This type of engagement is best described as:

23

During pre-engagement, a client insists that the penetration testers sign a non-disclosure agreement (NDA). However, the client refuses to provide a 'get-out-of-jail' letter. What risk does this pose to the penetration testers?

24

A penetration tester is contracted to perform a grey box test of a company's internal network. The client provides a VPN account for remote access but does not disclose that the account has been used by a former employee. The tester connects and is immediately locked out. Which pre-engagement document should have addressed this scenario?

25

After completing a penetration test, the tester must deliver a report. According to standard practices, which of the following is a required component of the deliverables?

26

A penetration tester is performing a wireless penetration test. The RoE states that testing is only allowed between 8 PM and 6 AM. At 7:30 PM, the tester begins active scanning. At 8:15 PM, a client employee calls emergency contact to report suspicious activity. According to the RoE, which of the following is the most likely reason for the call?

27

Which of the following best describes the primary purpose of a 'get-out-of-jail' letter in a penetration testing engagement?

28

A penetration tester is scoping a web application penetration test. The client wants to include a third-party API that processes payments. Which TWO are appropriate considerations?

29

During post-engagement, a penetration tester needs to ensure proper data handling. Which THREE actions should the tester take?

30

A company is planning a social engineering engagement. Which TWO items should be included in the pre-engagement documentation?

31

Which type of penetration test provides the tester with full knowledge of the target environment, including network diagrams, source code, and administrative credentials?

32

A penetration tester is about to start an engagement. Which document outlines the IP ranges that are in scope, the testing window, and the emergency stop criteria?

33

During an external penetration test, the tester discovers that a critical web application is hosted on a third-party cloud provider. The SOW did not mention this provider. What should the tester do before proceeding with testing against that provider's infrastructure?

34

A penetration tester is engaged to perform a social engineering assessment targeting the sales department. The RoE specifies that testing is allowed only during business hours. Which of the following actions would be most appropriate when planning the engagement?

35

Which document, often signed before a penetration test, protects the tester from legal liability if the tester's actions are perceived as malicious by third parties?

36

A penetration tester is planning a web application test. The client wants to minimize risk to production data. Which environment should the tester recommend for testing?

37

Which legal framework in the United States makes it a crime to access a computer system without authorization, and is a key consideration when obtaining permission for penetration testing?

38

During a red team exercise, the tester successfully gains access to an internal server and finds evidence of ongoing criminal activity unrelated to the client. According to best practices for handling discovered criminal activity, what should the tester do first?

39

Which of the following best describes the purpose of a vulnerability disclosure policy in the context of a penetration test?

40

Which penetration testing standard provides a methodology that includes pre-engagement interactions, intelligence gathering, threat modeling, vulnerability analysis, exploitation, post-exploitation, and reporting?

41

A penetration tester is scoping a test for a client that uses a SaaS application for customer relationship management. The client wants the tester to assess the application's security. What is the most important consideration regarding this SaaS application?

42

Which of the following is typically included in the final deliverables of a penetration test?

43

A penetration tester is planning a red team exercise for a client. Which TWO of the following should be included in the rules of engagement (RoE)?

44

A penetration tester is conducting a social engineering engagement targeting the finance department. Which THREE of the following actions are most appropriate to include in the scope of the engagement?

45

After completing a penetration test, the tester must handle test artifacts appropriately. Which TWO of the following are best practices for data handling and destruction?

46

A penetration tester is hired to perform a test with no prior knowledge of the target environment. The tester is given only the company name and must gather all necessary information from public sources. Which type of penetration test is this?

47

During the pre-engagement phase, which document defines the IP ranges, test windows, and emergency stop criteria for a penetration test?

48

A penetration tester is planning an engagement that includes testing a web application hosted on a third-party cloud provider. The client has provided credentials for the application but not for the underlying infrastructure. Which of the following should the tester do before proceeding?

49

The penetration tester identifies that a web application is hosted on a server that also contains sensitive customer data unrelated to the test. The SOW clearly states that only the web application is in scope. The tester accidentally accesses the customer data. What should the tester do immediately?

50

A penetration testing engagement requires testing a production environment during business hours. The client is concerned about potential service disruption. Which document should specify the conditions under which the test must be halted?

51

During a social engineering engagement, a tester is authorized to target employees via email phishing. However, the tester accidentally sends a phishing email to a contractor who is not listed in the personnel scope. The contractor reports the email to the client's security team, causing an internal investigation. Which of the following best describes the tester's mistake?

52

A penetration tester is conducting a red team exercise. The goal is to simulate an advanced persistent threat (APT) and test the organization's detection and response capabilities. Which of the following engagement types best describes this scenario?

53

Which of the following is the primary purpose of a get-out-of-jail letter?

54

A client requests a penetration test that includes testing of both internal network devices and a public-facing web application. The tester is provided with a VPN account for internal access but no credentials for the web application. Which type of penetration test is this?

55

During a penetration test, the tester discovers evidence of an ongoing criminal activity, such as unauthorized data exfiltration by an insider. The client's legal team has not provided specific guidance on handling such discoveries. According to best practices and legal considerations, what should the tester do first?

56

A penetration tester is preparing a proposal for a client. The client wants a test that includes a detailed technical report with remediation steps and an executive summary for management. Which standard or framework is most commonly used to structure the testing process from pre-engagement through post-engagement?

57

After completing a penetration test, the tester must submit deliverables and then destroy all test artifacts. Which legal or ethical consideration primarily drives the requirement to destroy test artifacts?

58

A penetration tester is scoping a network penetration test for a client that uses multiple third-party services. Which TWO of the following are correct actions regarding third-party services? (Select TWO.)

59

A penetration testing company is planning a social engineering engagement for a client. The engagement includes phishing and physical tailgating. Which THREE of the following should be clearly defined in the Rules of Engagement? (Select THREE.)

60

A penetration tester has completed a web application test and is preparing the final deliverables. According to best practices, which THREE components should be included in the deliverables? (Select THREE.)

61

A penetration tester is hired to assess the security of a company's internal network. The client provides the tester with full network diagrams, credentials, and source code. Which type of penetration test is being performed?

62

During the pre-engagement phase, a penetration tester and the client agree on the specific IP ranges to be tested, testing windows, and what constitutes an emergency stop condition. Which document typically contains these details?

63

A penetration tester is contracted to perform a web application test for a company that hosts its application on a third-party cloud provider. The tester discovers a critical vulnerability that could allow access to other customers' data on the same cloud platform. Which legal consideration is MOST important for the tester to address?

64

A penetration testing company is scoping a social engineering engagement for a client. The client wants to test employee awareness of phishing attempts. Which of the following should be included in the scope?

65

Which penetration testing standard provides a step-by-step methodology from pre-engagement through post-engagement activities, including intelligence gathering, vulnerability analysis, and exploitation?

66

A penetration tester is planning a red team exercise for a client. The client insists that the testing should not disrupt production systems and only target a replicated staging environment. However, the tester believes that testing the production environment is necessary for realistic adversary simulation. What is the MOST appropriate course of action?

67

After completing a penetration test, the tester is required to provide deliverables that include an executive summary, technical findings, and remediation guidance. However, the client also requests that all test artifacts, such as captured credentials and sample data, be securely destroyed after the report is delivered. Which standard or framework emphasizes the importance of data handling and destruction of test artifacts?

68

A penetration testing firm is scoping a network penetration test for a client. The client has provided a list of IP ranges and subnets. Which TWO of the following should the tester consider when defining the scope?

69

A penetration tester is preparing for a web application penetration test. The client application is hosted on a cloud platform that serves multiple tenants. Which THREE of the following are critical legal and scoping considerations?

70

During a social engineering engagement, a tester plans to use phishing emails targeting employees. Which TWO of the following should be included in the rules of engagement?

71

Which TWO of the following are typical deliverables of a penetration test?

72

A penetration tester discovers evidence of an ongoing criminal activity (e.g., data exfiltration by an insider) during a test. According to best practices and legal considerations, which THREE actions should the tester take?

73

In a red team exercise, the team wants to simulate a realistic adversary. Which TWO of the following are typically included in the scope of a red team engagement compared to a standard penetration test?

74

Which THREE of the following are common components of a pre-engagement agreement between a penetration tester and a client?

Practice all 74 Planning and Scoping questions

Other PT0-002 exam domains

Information Gathering and Vulnerability ScanningReporting and CommunicationAttacks and ExploitsTools and Code Analysis

Frequently asked questions

What does the Planning and Scoping domain cover on the PT0-002 exam?

The Planning and Scoping domain covers the key concepts tested in this area of the PT0-002 exam blueprint published by CompTIA. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all PT0-002 domains — no account required.

How many Planning and Scoping questions are in the PT0-002 question bank?

The Courseiva PT0-002 question bank contains 74 questions in the Planning and Scoping domain. Click any question to see the full explanation and answer breakdown.

What is the best way to practice Planning and Scoping for PT0-002?

Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.

Can I practice only Planning and Scoping questions for PT0-002?

Yes — the session launcher on this page draws questions exclusively from the Planning and Scoping domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.

Free forever · No credit card required

Track your PT0-002 domain progress

Save your results, see per-domain analytics, and get readiness scores — free, for every certification.

Sign Up Free

Free forever · Every certification included

Practice Session

10 questions20 questions30 questions50 questions

Study Resources

All DomainsPractice TestMock ExamFlashcardsStudy Guide

Related Exams

CS0-003SY0-701CEH