Practice PT0-002 Tools and Code Analysis questions with full explanations on every answer.
Start practicing
Tools and Code Analysis — choose a session length
Free · No account required
Click any question to see the full explanation and answer options, or start a focused practice session above.
During a penetration test, you are asked to identify all live hosts on a subnet. Which Nmap scan type is most likely to evade firewalls and determine if a host is up without completing the TCP handshake?
2A penetration tester wants to exploit a vulnerable service on a target using a known module. Which framework provides a large database of exploit modules, payloads, and post-exploitation tools?
3During a web application test, a penetration tester needs to modify an HTTP request in real-time, send it repeatedly with different parameter values, and analyze the responses. Which Burp Suite tool is best suited for this task?
4After gaining initial access to a Windows domain controller, a tester wants to extract password hashes from the SAM database and domain account hashes. Which Impacket tool is designed for this purpose?
5A penetration tester has captured a WPA2 handshake. Which tool from the Aircrack-ng suite is used to crack the pre-shared key?
6During a code review of a PHP web application, you encounter the following code: $result = mysql_query("SELECT * FROM users WHERE username='" . $_GET['user'] . "'");. Which vulnerability does this represent?
7A tester needs to brute-force SSH credentials on a target. Which tool is most appropriate for this task?
8In a Python script for a penetration test, you need to craft a custom TCP packet with specific flags. Which library is best suited for low-level packet manipulation?
9Which tool is used for security auditing of AWS environments and can enumerate misconfigurations in IAM, S3, and other services?
10During a reverse engineering task on a .NET binary, which tool would allow you to decompile the code into readable C# source code?
11A tester wants to perform an evil twin attack to capture WPA handshakes. Which tool from the Aircrack-ng suite is used to deauthenticate clients from a legitimate AP to force reconnection to the rogue AP?
12Which PowerShell script is commonly used for post-exploitation enumeration of Active Directory, such as querying user accounts and group memberships?
13A penetration tester is analyzing a network capture with Wireshark. Which TWO of the following are common uses of Wireshark in a pentest?
14During a cloud security assessment of AWS, a tester wants to identify misconfigurations using automated tools. Which THREE tools are specifically designed for AWS security auditing?
15A tester is reviewing source code for security vulnerabilities. Which TWO of the following are examples of insecure coding practices that often lead to critical vulnerabilities?
16A penetration tester wants to identify all live hosts and open ports on a network segment. Which Nmap scan type is most efficient for this purpose?
17During a web application test, a penetration tester needs to intercept and modify HTTP requests before forwarding them to the server. Which tool is best suited for this task?
18A penetration tester is performing a password cracking task against a dump of NTLM hashes obtained from a Windows domain controller. Which tool would be the most efficient for this task?
19A tester wants to perform a Kerberoasting attack against an Active Directory environment. Which Impacket tool would be most appropriate?
20During a wireless penetration test, a tester captures WPA2 handshakes but finds they are unable to crack the password using a dictionary attack. Which technique could improve the likelihood of cracking the password?
21A penetration tester is reviewing a Python script used for a custom exploit. Which of the following code snippets contains a dangerous function that could lead to remote code execution?
22A tester decompiles a .NET application using dnSpy and finds a function that loads a serialized object from a file. Which vulnerability is most likely present?
23A tester needs to enumerate Windows domain users and groups from a compromised system. Which PowerShell script would be most useful?
24Which tool would be best for capturing and analyzing network packets to troubleshoot a web application?
25A penetration tester wants to exploit a Windows system using a known vulnerability and gain a meterpreter session. Which tool is most appropriate?
26During a source code review of a PHP application, the tester finds the following line: $query = "SELECT * FROM users WHERE username = '" . $_POST['username'] . "'"; Which vulnerability is present?
27A tester needs to perform an online brute-force attack against an SSH service. Which tool is most suitable?
28A penetration tester is conducting a wireless assessment and wants to capture WPA handshakes for offline cracking. Which two tools from the Aircrack-ng suite would be used? (Choose two.)
29A tester has compromised a Linux server and wants to maintain persistence. Which three actions would be typical for post-exploitation? (Choose three.)
30A penetration tester is reviewing code for insecure deserialization vulnerabilities. Which two languages are commonly associated with this vulnerability? (Choose two.)
31A penetration tester has been given a target IP address and needs to quickly determine which services are running on the target. Which Nmap option should the tester use to perform a SYN scan with service version detection and default NSE scripts?
32During a web application penetration test, the tester captures a login request in Burp Suite and wants to automate a brute-force attack against the password field. Which Burp Suite tool is specifically designed for this purpose?
33A penetration tester needs to perform a Kerberoasting attack against a Windows Active Directory environment. Which tool from the Impacket suite should the tester use to request service tickets and extract TGS hashes for offline cracking?
34A penetration tester is conducting a wireless security assessment. The target network uses WPA2-PSK. The tester has captured the four-way handshake. Which tool from the Aircrack-ng suite can be used to attempt to recover the pre-shared key by performing a dictionary attack?
35During code review, a penetration tester identifies the following line in a PHP web application: $sql = "SELECT * FROM users WHERE username='" . $_GET['user'] . "'"; Which type of vulnerability is most likely present?
36A penetration tester is analyzing a Linux binary and wants to decompile it to understand its logic. Which open-source tool is specifically designed for reverse engineering and can generate C-like pseudocode from compiled binaries?
37A penetration tester needs to perform a dictionary attack against an SSH service. Which of the following tools is best suited for this task?
38During a penetration test, the tester wants to capture network traffic for later analysis. Which tool is most appropriate for capturing packets and saving them to a pcap file?
39A penetration tester has obtained a set of NTLM password hashes from a Windows domain controller. The tester wants to perform an offline cracking attack using GPU acceleration. Which tool is best suited for this purpose?
40A penetration tester is performing a cloud security audit of an AWS environment. Which tool is specifically designed for AWS exploitation and post-exploitation, including privilege escalation and persistence?
41A penetration tester is writing a Python script to send a crafted TCP packet to a target. Which Python library should the tester use for low-level packet crafting and injection?
42A penetration tester needs to enumerate Active Directory users and groups from a Windows domain. Which PowerShell tool is specifically designed for AD enumeration and is commonly used in post-exploitation?
43A penetration tester is reviewing a Java application for insecure deserialization vulnerabilities. Which of the following should the tester look for? (Choose TWO.)
44A penetration tester is performing a wireless assessment and wants to set up an evil twin attack. Which of the following steps are necessary? (Choose THREE.)
45A penetration tester is conducting a post-exploitation phase on a Windows target and wants to dump credentials. Which of the following tools can be used? (Choose TWO.)
46A penetration tester needs to identify live hosts and open ports on a target network. Which tool is most appropriate for this task?
47During a web application test, a penetration tester intercepts requests between the browser and server and modifies them in real time. Which Burp Suite tool is designed for this purpose?
48After gaining initial access to a Windows system, a penetration tester wants to extract password hashes from the local SAM database. Which Impacket tool should be used?
49A penetration tester is conducting a wireless assessment and needs to capture the four-way handshake to perform offline WPA cracking. Which tool is best suited for capturing the handshake?
50A penetration tester needs to perform an online brute-force attack against an SSH service. Which tool is most appropriate?
51During a code review, a penetration tester identifies a PHP function that executes arbitrary shell commands. Which function poses the greatest security risk if user input is not sanitized?
52A penetration tester is analyzing a Java application and finds the following code snippet: Object obj = ois.readObject(); where ois is an ObjectInputStream. What vulnerability is most likely present if the input is untrusted?
53Which cloud security auditing tool is designed specifically for assessing AWS environments and can perform enumeration of misconfigurations?
54A penetration tester has captured network traffic and wants to analyze it using Wireshark. Which two actions can the tester perform to focus on specific types of communication? (Choose TWO.)
55A penetration tester is performing post-exploitation on a Windows domain controller and wants to extract Kerberos tickets for offline cracking. Which two Impacket tools can be used to obtain ticket-granting service (TGS) tickets? (Choose TWO.)
56During a penetration test, a tester needs to perform a deauthentication attack to force a client to reconnect and capture the WPA handshake. Which two tools from the Aircrack-ng suite are required? (Choose TWO.)
57A penetration tester is reverse-engineering a .NET binary to understand its authentication logic. Which three tools are suitable for decompiling .NET assemblies? (Choose THREE.)
58A penetration tester is writing a Bash script to automate scanning of multiple subnets with Nmap and parse the output. Which three features are commonly used in such a script? (Choose THREE.)
59A penetration tester is reviewing source code and wants to identify common hardcoded credentials and input validation gaps. Which three checks should the tester perform? (Choose THREE.)
The Tools and Code Analysis domain covers the key concepts tested in this area of the PT0-002 exam blueprint published by CompTIA. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all PT0-002 domains — no account required.
The Courseiva PT0-002 question bank contains 59 questions in the Tools and Code Analysis domain. Click any question to see the full explanation and answer breakdown.
Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.
Yes — the session launcher on this page draws questions exclusively from the Tools and Code Analysis domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.
Save your results, see per-domain analytics, and get readiness scores — free, for every certification.
Sign Up FreeFree forever · Every certification included