Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Free Resources

Difficulty IndexLearn — Free ChaptersIT GlossaryFree Tools & LabsStudy GuidesCareer RoadmapsBrowse by VendorCisco Command ReferenceCCNA Scenarios

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsPT0-002DomainsReporting and Communication
PT0-002Free — No Signup

Reporting and Communication

Practice PT0-002 Reporting and Communication questions with full explanations on every answer.

69questions

Start practicing

Reporting and Communication — choose a session length

10 questions~10 min20 questions~20 min30 questions~30 min50 questions~50 min

Free · No account required

PT0-002 Domains

Information Gathering and Vulnerability ScanningPlanning and ScopingReporting and CommunicationAttacks and ExploitsTools and Code Analysis

Practice Reporting and Communication questions

10Q20Q30Q50Q

All PT0-002 Reporting and Communication questions (69)

Start session

Click any question to see the full explanation and answer options, or start a focused practice session above.

1

During a penetration test, a penetration tester discovers a critical vulnerability that allows unauthenticated remote code execution on a public-facing web server. According to best practices for communication during a penetration test, what should the tester do next?

2

When writing the executive summary of a penetration test report, which of the following is the most appropriate language to use?

3

A penetration tester is preparing a remediation recommendation for a SQL injection vulnerability found in a legacy application. The development team cannot immediately update the framework due to compatibility issues. What should the tester recommend as a compensating control?

4

A penetration tester is calculating the severity of a vulnerability using the DREAD model. Which of the following factors is assessed under the 'Damage' category?

5

In a penetration test report, which section should contain detailed technical information such as affected systems, proof-of-concept code, and remediation steps?

6

During a penetration test, the tester discovers evidence of an ongoing cyber attack by an external threat actor on the client's network. What is the tester's responsibility?

7

A penetration tester is presenting findings to a mixed audience of technical staff and executives. The executives seem confused about the risk ratings. How should the tester adjust the presentation?

8

A penetration tester is prioritizing remediation recommendations in a report. Which of the following should be considered first?

9

In a penetration test report, the tester includes a screenshot of a successful exploit. What metadata should the screenshot include to ensure proper evidence documentation?

10

Which of the following is an example of a responsible remediation recommendation?

11

A penetration tester uses the CVSS base score to rate a vulnerability. The tester finds that the vulnerability has a high CVSS score but the affected system is isolated from the internet and has no sensitive data. Which approach should the tester take when assigning an overall severity rating?

12

A client requests that the penetration test report include raw output from the scanning tools used. Where should this output be placed in the report?

13

A penetration tester is preparing to present findings to the client's technical team. Which TWO practices are most effective for this audience?

14

During a penetration test, the tester encounters a situation where the scope of the test is ambiguous. Which TWO actions should the tester take to clarify the situation?

15

Which THREE items are typically included in the appendices of a penetration test report?

16

A penetration tester discovers a critical vulnerability on a client's web server and wants to communicate it immediately. Which of the following is the most appropriate action?

17

Which section of a penetration testing report should provide a high-level overview of the test results using business language and strategic recommendations?

18

During a penetration test, a tester discovers evidence of an ongoing live exploitation by an unknown third party. Which of the following should the tester do first?

19

A penetration tester is writing a report and needs to assign a severity rating to a vulnerability that has a CVSS base score of 7.5. According to CVSS v3.1, which severity level does this score correspond to?

20

A penetration tester is evaluating vulnerabilities using the DREAD model. For a specific vulnerability, the tester assigns the following scores: Damage=8, Reproducibility=7, Exploitability=9, Affected users=6, Discoverability=5. Which of the following is the overall DREAD risk rating?

21

Which of the following is the most appropriate evidence to include in a penetration testing report for a SQL injection vulnerability?

22

A penetration tester needs to provide remediation recommendations for a critical vulnerability found on a web server. Which of the following is the most appropriate recommendation?

23

During a penetration test, a client asks the tester to clarify the scope of the test. Which of the following is the best approach for the tester?

24

A penetration tester is presenting findings to a group of executives. Which of the following is the most effective way to communicate a critical vulnerability?

25

A penetration tester is preparing a report and wants to include proof-of-concept code to demonstrate a vulnerability. Which of the following is the best practice for including such code?

26

A penetration tester receives pushback from a client's technical team regarding a finding, claiming it is not exploitable. Which of the following is the best response?

27

Which of the following is an example of a custom severity rating based on business context?

28

A penetration tester is writing a report and wants to prioritize remediation recommendations. Which TWO factors should the tester consider when prioritizing? (Choose TWO.)

29

A penetration tester is presenting findings to a mixed audience of technical staff and executives. Which THREE of the following should the tester do to effectively communicate to both groups? (Choose THREE.)

30

A penetration tester discovers a vulnerability that cannot be immediately remediated. Which TWO compensating controls should the tester recommend? (Choose TWO.)

31

Which of the following is the primary audience for the executive summary of a penetration test report?

32

During a penetration test, a penetration tester discovers a critical vulnerability that could allow an attacker to gain administrative access to the client's payment processing server. According to best practices, what should the tester do?

33

A penetration tester uses the DREAD model to assess a vulnerability. The tester assigns the following scores: Damage=8, Reproducibility=10, Exploitability=9, Affected users=7, Discoverability=6. What is the overall DREAD risk rating?

34

Which section of a penetration test report contains detailed technical information such as the vulnerability description, evidence, affected systems, and remediation steps?

35

A penetration tester is writing a report and wants to provide a remediation recommendation for an outdated Apache server. Which of the following is the most specific and actionable recommendation?

36

During a penetration test, a tester discovers evidence of an ongoing data exfiltration attack by an unknown third party. Which of the following should the tester do first?

37

A penetration tester is presenting findings to a mixed audience of executives and technical staff. For the executives, the tester should focus on:

38

Which of the following is the correct CVSS metric that describes the level of access an attacker needs to exploit a vulnerability?

39

A penetration tester has completed the test and is preparing the final report. The client asks the tester to include a section that describes the scope, methodology, and tools used. In which section should this information be placed?

40

A penetration tester uses a custom severity rating based on business context. The tester determines the likelihood of exploitation is high and the business impact is low. According to a standard risk matrix, what should the overall severity be?

41

A penetration tester is documenting evidence for a finding. Which of the following is the least appropriate type of evidence to include?

42

When a client disagrees with a finding's severity rating, what is the best approach for the penetration tester?

43

A penetration tester is creating a report and needs to include evidence of a cross-site scripting vulnerability. Which TWO of the following are appropriate types of evidence? (Choose two.)

44

During a penetration test, the tester discovers a critical SQL injection vulnerability. The client cannot deploy the full fix (parameterized queries) immediately due to legacy code. Which THREE actions should the tester recommend as compensating controls? (Choose three.)

45

A penetration tester is preparing the executive summary. Which THREE elements should be included? (Choose three.)

46

A penetration tester is writing a report and needs to assign a severity rating to a vulnerability. Which of the following scoring systems is specifically designed to consider Damage, Reproducibility, Exploitability, Affected users, and Discoverability?

47

During a penetration test, a tester discovers a critical vulnerability that could allow remote code execution on an internet-facing server. According to best practices, what is the most appropriate immediate action?

48

A penetration tester is compiling evidence for a critical-severity SQL injection vulnerability. Which of the following is the most important piece of evidence to include in the report to demonstrate exploitability while remaining responsible?

49

A penetration tester is writing the executive summary of a report. Which of the following best describes the appropriate language and content for this section?

50

A penetration tester is recommending remediation for a critical vulnerability. Which of the following is the best example of a specific, actionable remediation step?

51

A penetration tester is presenting findings to a group of IT administrators. One administrator questions the validity of a finding, claiming it is not exploitable. How should the tester respond?

52

During a penetration test, the tester discovers evidence of an ongoing ransomware attack on the client's network. Which of the following is the most appropriate action?

53

Which section of a penetration testing report should include screenshots, affected systems, and remediation steps?

54

A penetration tester is prioritizing remediation recommendations. Which approach is most aligned with industry best practices?

55

A penetration tester is writing a report and needs to assign a custom severity rating for a vulnerability that has high business impact but low likelihood of exploitation. Using a custom severity based on business context (impact + likelihood), which rating is most appropriate?

56

Which of the following should be included in the appendix section of a penetration testing report?

57

A penetration tester is documenting evidence for a finding and takes a screenshot. Which of the following is the most important metadata to include with the screenshot?

58

A penetration tester is preparing a presentation for both technical and executive audiences. Which TWO of the following are effective strategies for communicating findings to an executive audience?

59

A penetration tester discovers a critical vulnerability that cannot be fully remediated immediately. The client asks for recommendations. Which THREE of the following should the tester include?

60

A penetration tester is following responsible disclosure timelines. Which TWO of the following actions align with responsible disclosure practices?

61

A penetration tester discovers a critical vulnerability during an assessment. According to best practices, when should the tester communicate this finding to the client?

62

A penetration tester is writing the executive summary of a report. Which of the following is MOST important to include?

63

During a penetration test, the tester discovers evidence that an external attacker is actively exploiting a vulnerability in the client's environment. Which of the following is the MOST appropriate action?

64

A penetration tester needs to assign a severity rating to a vulnerability based on business context. Which model uses Impact and Likelihood to determine the risk?

65

A penetration tester is preparing a report that includes technical findings. Which TWO of the following should be included in each technical finding? (Select TWO.)

66

A penetration tester is presenting findings to a technical audience. Which THREE practices are MOST appropriate for this setting? (Select THREE.)

67

Which TWO of the following are components of the DREAD model for risk assessment? (Select TWO.)

68

A penetration tester is writing remediation recommendations. Which THREE practices should the tester follow? (Select THREE.)

69

A penetration tester is handling a client's pushback on a finding. Which THREE approaches are appropriate? (Select THREE.)

Practice all 69 Reporting and Communication questions

Other PT0-002 exam domains

Information Gathering and Vulnerability ScanningPlanning and ScopingAttacks and ExploitsTools and Code Analysis

Frequently asked questions

What does the Reporting and Communication domain cover on the PT0-002 exam?

The Reporting and Communication domain covers the key concepts tested in this area of the PT0-002 exam blueprint published by CompTIA. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all PT0-002 domains — no account required.

How many Reporting and Communication questions are in the PT0-002 question bank?

The Courseiva PT0-002 question bank contains 69 questions in the Reporting and Communication domain. Click any question to see the full explanation and answer breakdown.

What is the best way to practice Reporting and Communication for PT0-002?

Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.

Can I practice only Reporting and Communication questions for PT0-002?

Yes — the session launcher on this page draws questions exclusively from the Reporting and Communication domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.

Free forever · No credit card required

Track your PT0-002 domain progress

Save your results, see per-domain analytics, and get readiness scores — free, for every certification.

Sign Up Free

Free forever · Every certification included

Practice Session

10 questions20 questions30 questions50 questions

Study Resources

All DomainsPractice TestMock ExamFlashcardsStudy Guide

Related Exams

CS0-003SY0-701CEH