Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Planning and Scoping practice sets

PT0-002 Planning and Scoping • Complete Question Bank

PT0-002 Planning and Scoping — All Questions With Answers

Complete PT0-002 Planning and Scoping question bank — all 0 questions with answers and detailed explanations.

103
Questions
Free
No signup
Certifications/PT0-002/Practice Test/Planning and Scoping/All Questions
Question 1mediummultiple choice
Read the full Planning and Scoping explanation →

A penetration testing firm is scoping a test for a financial institution. The client insists that the test only be performed on systems located in the corporate headquarters, excluding cloud-based infrastructure and remote branch offices. Which of the following should the penetration tester emphasize during the scoping discussion?

Question 2mediummultiple choice
Read the full NAT/PAT explanation →

A penetration tester is scoping a test for a multinational corporation that has offices in the United States and the European Union. The client wants to test the entire environment. Which of the following is the MOST important legal consideration for the tester to include in the rules of engagement?

Question 3mediummultiple choice
Read the full Planning and Scoping explanation →

During a penetration test of a large e-commerce platform, the client requests additional testing on a newly discovered microservice mid-engagement. The scope defined in the rules of engagement (ROE) explicitly lists all target systems. What should the penetration tester do FIRST?

Question 4easymultiple choice
Read the full Planning and Scoping explanation →

A penetration testing firm is hired to assess a U.S.-based company that has recently expanded operations to a country with strict data privacy laws (e.g., GDPR-style regulations). Which of the following is the MOST important legal consideration to include in the rules of engagement?

Question 5easymultiple choice
Read the full Planning and Scoping explanation →

A penetration testing firm is scoping a test for a client that has a hybrid infrastructure with on-premises servers and cloud-based virtual machines. The client insists on testing only the on-premises systems due to budget constraints. Which of the following should the penetration tester emphasize during the scoping discussion?

Question 6hardmultiple choice
Read the full Planning and Scoping explanation →

A penetration testing firm is engaged to assess a cloud infrastructure hosted in multiple AWS regions. The client specifies that only systems in US-based regions should be tested due to data sovereignty concerns. Which of the following is the MOST critical documentation to include in the rules of engagement (ROE) to ensure compliance?

Question 7mediummultiple choice
Read the full Planning and Scoping explanation →

A penetration testing firm is hired to assess a client's network that includes both internal servers and external cloud-based services. The client wants to test only the internal network due to compliance concerns about testing cloud infrastructure. Which of the following should the penetration tester MOST strongly emphasize during the scoping meeting?

Question 8mediummultiple choice
Read the full NAT/PAT explanation →

A penetration testing firm is hired to perform a test on a multinational company that has offices in Europe and North America. The client wants to test all systems including those in the European office, which is subject to GDPR. Which of the following is the MOST important legal consideration to include in the rules of engagement?

Question 9easymultiple choice
Read the full Planning and Scoping explanation →

A client requests a penetration test that simulates an external attacker with no prior knowledge of the internal network. The tester is not provided with any credentials, network diagrams, or source code. Which type of test does this describe?

Question 10mediummultiple choice
Read the full Planning and Scoping explanation →

A penetration testing firm is scoping a test for a client that uses a hybrid infrastructure with both on-premises servers and cloud-based services (IaaS). The client specifies that only the cloud environment should be tested this year. Which concept is MOST important for the tester to discuss during the scoping meeting to avoid testing out-of-scope assets?

Question 11mediummultiple choice
Read the full Planning and Scoping explanation →

A penetration testing firm is hired to assess a client's hybrid infrastructure with on-premises and cloud servers in multiple regions. The client specifies testing only the on-premises systems due to budget and compliance. Which of the following should the tester emphasize in the rules of engagement (ROE)?

Question 12easymultiple choice
Read the full Planning and Scoping explanation →

A penetration testing firm is hired to assess the security of a small business's web application. The client has explicitly stated that they do not want any testing that could cause a denial of service. Which section of the rules of engagement should specify this restriction?

Question 13mediummultiple choice
Read the full Planning and Scoping explanation →

A client with a hybrid on-premises and cloud infrastructure requests a penetration test. The client uses an IaaS provider for some servers. Which of the following is the MOST important aspect to clarify in the rules of engagement regarding the cloud environment?

Question 14easymultiple choice
Read the full Planning and Scoping explanation →

A small business hires a penetration tester to assess the security of their network. The owner is concerned about employee data breaches and wants to ensure compliance with industry regulations. Which of the following is the MOST critical document to establish before the test begins?

Question 15mediummultiple choice
Read the full Planning and Scoping explanation →

A client requests a penetration test that includes both their internal network and a third-party cloud service provider's infrastructure. The cloud provider has not given permission for testing. Which action should the penetration tester take regarding the cloud provider's assets?

Question 16easymultiple choice
Read the full Planning and Scoping explanation →

A penetration testing firm is hired to assess a client's web application that integrates with a third-party payment processor's API. The client wants to include the payment processor's API in the test scope. Which action should the tester take FIRST?

Question 17mediummultiple choice
Read the full Planning and Scoping explanation →

A client with a hybrid infrastructure (on-premises and cloud IaaS) requests a penetration test covering both environments. The cloud provider's terms of service require notification and restrict scanning to specific IP ranges. In which document should these constraints be documented?

Question 18mediummultiple choice
Read the full Planning and Scoping explanation →

A client hires a penetration testing firm to assess a web application. The client uses a third-party content delivery network (CDN) for static assets and explicitly wants to exclude the CDN infrastructure from testing. In which document should this restriction be formally documented?

Question 19mediummultiple choice
Read the full Planning and Scoping explanation →

A penetration testing firm has been hired to test the internal network of a large enterprise. During the scoping meeting, the client states that they want to include all IP ranges, including those used by the HR department's sensitive systems. The tester should recommend which of the following to minimize business impact and avoid disruption?

Question 20mediummultiple choice
Read the full Planning and Scoping explanation →

A client wants to test a web application that uses multiple third-party APIs for payment processing, shipping, and customer relationship management. The client states that the APIs are critical for operations but cannot be taken offline. Which scoping consideration is most important to include in the rules of engagement?

Question 21hardmultiple choice
Read the full NAT/PAT explanation →

A penetration testing firm is hired to assess a healthcare organization's network. The client has strict regulatory requirements (HIPAA) and wants to ensure that all patient data is protected during testing. Which scoping document should specify the data handling procedures and the destruction of any collected sensitive information?

Question 22mediummultiple choice
Read the full Planning and Scoping explanation →

A client wants to test a web application that uses a third-party payment gateway. The client explicitly wants the payment gateway to be excluded from the test to avoid service disruption. Where should this exclusion be formally documented?

Question 23mediummultiple choice
Read the full Planning and Scoping explanation →

A client hires a penetration testing firm to assess a web application that integrates with a third-party API for payment processing. The client wants to include the API endpoint in the test scope. What should the penetration tester do FIRST to ensure the test is conducted ethically and legally?

Question 24easymultiple choice
Read the full Planning and Scoping explanation →

A penetration testing firm is contracted to test a multi-tenant SaaS application. During scoping, the client needs to ensure that testing does not affect other tenants' data. Which scoping control is most important to implement?

Question 25easymultiple choice
Read the full Planning and Scoping explanation →

A penetration tester is scoping an engagement for a client that hosts a public-facing web application and an internal database server. The client wants to ensure that testing does not cause any disruption to the database server. Which of the following should the tester include in the rules of engagement to address this concern?

Question 26mediummultiple choice
Read the full Planning and Scoping explanation →

A client requests a penetration test that includes an API endpoint hosted by a third-party vendor. The client does not have a signed agreement with the vendor for testing. What is the most appropriate action for the tester?

Question 27mediummultiple choice
Read the full Planning and Scoping explanation →

A penetration tester is hired to assess a web application that integrates with a third-party payment API. The client wants the API included in the test but does not have a signed agreement with the vendor. What is the most appropriate action for the tester?

Question 28easymultiple choice
Read the full Planning and Scoping explanation →

A client asks a penetration tester to perform a test on an e-commerce website. The website experiences high traffic during weekdays and major sales events. To minimize business disruption, when should the tester schedule the active scanning and exploitation activities?

Question 29easymultiple choice
Read the full Planning and Scoping explanation →

A client requests a penetration test of their web application, but they want to exclude all third-party APIs from the scope. Where should this exclusion be documented?

Question 30mediummultiple choice
Read the full Planning and Scoping explanation →

A penetration testing firm is contracted to test a cloud-based infrastructure. The client uses a shared responsibility model. Which of the following should be clarified in the rules of engagement to avoid legal issues?

Question 31easymultiple choice
Read the full Planning and Scoping explanation →

A client requests a penetration test of their network and provides a list of IP addresses. During scoping, the tester notices that several IP addresses belong to a major cloud service provider. What should the tester do FIRST before including those IP addresses in the test?

Question 32easymultiple choice
Read the full Planning and Scoping explanation →

A client wants a penetration test that includes social engineering attacks against employees. They request that the testing team not target the executive leadership team. What should be included in the rules of engagement to address this requirement?

Question 33hardmultiple choice
Read the full Planning and Scoping explanation →

A penetration testing firm is contracted to perform an external test of a company's web applications. During the scoping meeting, the client mentions that they use a CDN and WAF provided by a third party. The client wants the test to accurately reflect the security of their backend servers behind these protections. What should the tester recommend?

Question 34mediummultiple choice
Read the full DNS explanation →

A penetration tester is performing reconnaissance on a target domain. The tester queries the public DNS records and finds an SPF record that includes an 'include' mechanism pointing to a third-party email service. Which technique can the tester use to potentially discover more subdomains or internal infrastructure?

Question 35easymultiple choice
Read the full Planning and Scoping explanation →

During the scoping phase of a penetration test, a client wants to test a third-party API that is integral to their web application. However, they do not have permission from the third-party provider. Which of the following should the tester do first?

Question 36mediummultiple choice
Read the full Planning and Scoping explanation →

A client requests a penetration test of their internal network. During scoping, the tester learns that the client uses a managed security service provider (MSSP) that monitors all network traffic. The client does not want the MSSP to be informed about the test. What is the most appropriate action for the tester to take?

Question 37mediummultiple choice
Read the full Planning and Scoping explanation →

A penetration tester is contracted to perform a test of a company's critical web application that handles financial transactions. The client requires that testing must not degrade the application's performance for live users. Which of the following scoping controls would best address this requirement?

Question 38mediummultiple choice
Read the full Planning and Scoping explanation →

A client requires a penetration test of their web application that uses Single Sign-On (SSO) with a third-party identity provider. The client is concerned that testing could lock out real user accounts and disrupt operations. Which of the following should be included in the rules of engagement to address this concern?

Question 39hardmultiple choice
Read the full Planning and Scoping explanation →

A client has a critical web application that cannot be tested in the production environment due to availability requirements. A staging environment exists that exactly mirrors production, but it uses different IP addresses, domain names, and a subset of data. The staging environment is isolated from production networks. Which scoping element is most important to include in the rules of engagement to ensure a valid test?

Question 40mediummultiple choice
Read the full Planning and Scoping explanation →

A client engages a penetration testing firm to evaluate the security of their internal network. During the scoping meeting, the client states that they use a network access control (NAC) solution that might block the tester's machine if it is connected to the internal network without prior authorization. Which of the following should be included in the rules of engagement to address this potential issue?

Question 41easymultiple choice
Read the full Planning and Scoping explanation →

A client wants to conduct a penetration test of their web application, but they are concerned about potential service disruption. They request that the tester avoid using any techniques that could cause the application to crash or become unresponsive. Which of the following should the tester include in the rules of engagement to address this requirement?

Question 42hardmultiple choice
Read the full Planning and Scoping explanation →

A client is subject to PCI DSS compliance and requests a penetration test. The client's network has a mix of in-scope systems (cardholder data environment) and out-of-scope systems. During scoping, the tester recommends a specific approach to ensure accurate segmentation testing. Which of the following is the most important consideration for the rules of engagement?

Question 43easymultiple choice
Read the full Planning and Scoping explanation →

A penetration tester is engaged to perform a red team exercise for a large enterprise. The client wants the test to simulate a realistic attack from an external threat actor. Which of the following scoping elements is most important to include in the rules of engagement?

Question 44mediummultiple choice
Read the full Planning and Scoping explanation →

A client wants to test a mobile app that uses certificate pinning. The penetration tester needs to perform dynamic analysis of the app's network traffic. Which of the following should be included in the rules of engagement to enable this testing?

Question 45easymultiple choice
Read the full Planning and Scoping explanation →

A client is planning a penetration test of their AWS cloud environment. They will provide the tester with an IAM user account with limited permissions. Which of the following scoping restrictions is most important to include in the rules of engagement to avoid unexpected costs?

Question 46mediummultiple choice
Read the full Planning and Scoping explanation →

A client is planning a penetration test of their internal network but refuses to provide network diagrams or access to a staging environment. The tester is concerned about causing a denial of service (DoS) on critical systems. Which clause should be included in the rules of engagement to mitigate this risk?

Question 47hardmultiple choice
Read the full Planning and Scoping explanation →

A penetration test is being conducted for a healthcare organization subject to HIPAA. The tester is given access to a production system that contains electronic protected health information (ePHI). Which of the following should be included in the rules of engagement to ensure compliance?

Question 48easymultiple choice
Read the full Planning and Scoping explanation →

A client wants to perform a penetration test on a new web application that is still in development. The application is not yet connected to the internet. Which of the following is the most appropriate scope for this test?

Question 49mediummultiple choice
Read the full Planning and Scoping explanation →

A client wants a penetration test of their cloud infrastructure hosted on AWS. The client states that they want to test the security of their EC2 instances, S3 buckets, and IAM configurations. The client's security team is concerned about potential service disruption due to testing. Which of the following should be included in the rules of engagement to address this concern?

Question 50easymultiple choice
Read the full Planning and Scoping explanation →

A client requests a penetration test of their production environment that includes critical financial transaction systems. The client is concerned about potential service disruptions. Which of the following should the tester include in the Rules of Engagement to address this concern?

Question 51mediummultiple choice
Read the full Planning and Scoping explanation →

A client wants a penetration test that simulates a disgruntled employee with access to the internal network but no administrative privileges. The client provides a standard user account on the domain. The tester discovers that the account has local administrator rights on a critical file server. Which step should the tester take according to typical Rules of Engagement?

Question 52easymultiple choice
Read the full Planning and Scoping explanation →

A client wants to conduct a penetration test of their e-commerce website. They are concerned about impacting live transactions. Which clause should be included in the Rules of Engagement to address this?

Question 53mediummultiple choice
Read the full Planning and Scoping explanation →

A client wants a penetration test that simulates an external threat actor with no prior access. The client provides a list of public IP ranges and domain names. Which type of test is this?

Question 54easymultiple choice
Read the full Planning and Scoping explanation →

A client wants a penetration test of their internal network. They are concerned about causing any disruption to the production systems. The tester should include which of the following in the rules of engagement to address this concern?

Question 55mediummultiple choice
Read the full VPN explanation →

A client requests a penetration test of a new mobile application that is still in development and only accessible on a test server behind the corporate VPN. The tester should include which of the following in the scope?

Question 56mediummultiple choice
Read the full Planning and Scoping explanation →

A client requests a penetration test of their production environment, which includes critical financial transaction systems. The client is concerned about potential service disruptions. Which of the following should the tester include in the Rules of Engagement to address this concern?

Question 57easymultiple choice
Read the full Planning and Scoping explanation →

A company wants to test the security of their internet-facing web application without impacting production servers or user data. The tester must be authorized to attempt authentication bypass and SQL injection. Which item is most critical to include in the scope definition to ensure the test is focused and lawful?

Question 58mediummulti select
Read the full Planning and Scoping explanation →

Before starting a penetration test, the tester receives permission to test only two public IP ranges and is told not to perform denial-of-service testing. Which two documents or artefacts are most important to confirm before testing begins? (Choose 2.)

Question 59easymultiple choice
Read the full Planning and Scoping explanation →

A penetration testing firm is hired to assess a mobile banking application. The client wants to test both Android and iOS versions, but only the production environment. Which of the following is the MOST important scoping consideration to include in the rules of engagement?

Question 60easymultiple choice
Read the full Planning and Scoping explanation →

A penetration tester is asked to perform a test that focuses on identifying vulnerabilities in a company's external web application without providing any internal credentials. The tester has been given a signed agreement that lists the IP range and URLs. Which of the following scoping considerations is MOST directly addressed by the agreement?

Question 61mediumdrag order
Read the full Planning and Scoping explanation →

Drag and drop the steps to perform a basic Nmap scan to discover open ports on a target host into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 62mediumdrag order
Read the full DNS explanation →

Drag and drop the steps to perform a DNS enumeration using dig into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 63mediummatching
Read the full Planning and Scoping explanation →

Match each network protocol to its well-known port number.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

22

443

53

25

3389

Question 64mediummatching
Read the full Planning and Scoping explanation →

Match each type of social engineering attack to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Fraudulent emails to obtain sensitive information

Targeted phishing at a specific individual or organization

Voice-based phishing over phone calls

Phishing via SMS text messages

Following an authorized person into a restricted area

Question 65easymultiple choice
Read the full Planning and Scoping explanation →

A client requests a penetration test but only provides network diagrams and application credentials. Which type of test is being scoped?

Question 66easymultiple choice
Read the full Planning and Scoping explanation →

During scoping, a client insists that no social engineering be used. Which rule of engagement element does this affect?

Question 67mediummultiple choice
Read the full NAT/PAT explanation →

A penetration tester is scoping a test for a multinational company that must comply with GDPR. The tester wants to ensure that any personal data captured during the test is handled appropriately. Which document should be reviewed?

Question 68hardmultiple choice
Read the full wireless explanation →

A client wants a penetration test that includes testing of their internal network, external perimeter, and wireless. However, they have a very limited budget. Which approach would best meet the client's needs while staying within budget?

Question 69easymultiple choice
Read the full Planning and Scoping explanation →

Which agreement is typically signed before a penetration test to protect both parties from legal liability?

Question 70mediummultiple choice
Read the full Planning and Scoping explanation →

A client has a highly dynamic cloud environment where resources are frequently spun up and down. What scoping challenge does this present?

Question 71hardmultiple choice
Read the full Planning and Scoping explanation →

During scoping, a tester learns that the client's network has multiple subsidiaries with different IP ranges. The client wants a test that covers all subsidiaries but with a limited number of target IPs. How should the tester proceed?

Question 72easymultiple choice
Read the full Planning and Scoping explanation →

Which of the following is the most important factor when determining the scope of a penetration test?

Question 73hardmultiple choice
Read the full Planning and Scoping explanation →

A client requests a penetration test but refuses to provide any information about the target systems due to security concerns. What is the most appropriate response from the tester?

Question 74mediummulti select
Read the full Planning and Scoping explanation →

A penetration tester is scoping an engagement for a client that has both on-premises and cloud infrastructure. Which TWO documents should be reviewed to understand the client's cloud security posture?

Question 75mediummulti select
Read the full Planning and Scoping explanation →

Which THREE factors are critical to include in the rules of engagement for a penetration test?

Question 76hardmulti select
Read the full Planning and Scoping explanation →

A penetration tester is scoping a test for a client that uses a hybrid identity system. The client wants to ensure that the test does not affect production authentication. Which TWO actions should the tester recommend?

Question 77hardmultiple choice
Read the full Planning and Scoping explanation →

Based on the exhibit, which host or network can SSH to 10.0.1.10?

Network Topology
DROP all0.0.0.0/0ACCEPT tcp192.168.1.0/24 10.0.1.10 tcp dpt:22ACCEPT all10.0.1.0/24Refer to the exhibit.```# iptables -L -nChain INPUT (policy ACCEPT)target prot opt source destination
Question 78mediummultiple choice
Read the full Planning and Scoping explanation →

Refer to the exhibit. During scoping, what risk does this policy pose?

Exhibit

Refer to the exhibit.
```
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": "*",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::company-data/*"
    }
  ]
}
```
Question 79easymultiple choice
Review the full routing breakdown →

Refer to the exhibit. A penetration tester is scoping a test and needs to reach a host at 10.0.1.50. Through which interface will traffic be routed?

Exhibit

Refer to the exhibit.
```
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    100    0        0 eth0
10.0.0.0        0.0.0.0         255.0.0.0       U     0      0        0 eth1
10.0.1.0        0.0.0.0         255.255.255.0   U     0      0        0 eth2
```
Question 80easymultiple choice
Read the full Planning and Scoping explanation →

A company needs to test the security of its web application without causing any service disruption. Which testing methodology is most appropriate to include in the scope?

Question 81mediummultiple choice
Read the full Planning and Scoping explanation →

During scoping, a client asks the tester to avoid a specific IP range containing legacy systems. The tester discovers these systems are vulnerable but out of scope. What should the tester do?

Question 82hardmultiple choice
Read the full Planning and Scoping explanation →

A contract prohibits DoS testing, but a tester finds a WAF that could be tested with a technique resembling slowloris. What is the best course of action?

Question 83easymultiple choice
Read the full Planning and Scoping explanation →

A client wants a social engineering test focusing on phishing. What should be included in the scope to ensure ethical handling?

Question 84mediummultiple choice
Read the full Planning and Scoping explanation →

A multi-tenant SaaS application needs tenant isolation testing. Which type of testing is most appropriate?

Question 85hardmultiple choice
Read the full NAT/PAT explanation →

The scope allows only Nmap, but it is ineffective against heavy packet filtering. The tester wants to use an alternate tool. What should the tester do?

Question 86easymultiple choice
Read the full Planning and Scoping explanation →

A client has limited budget for a penetration test covering critical assets. Which scoping decision best balances coverage and cost?

Question 87mediummultiple choice
Read the full wireless explanation →

A wireless network test must not disrupt the network. How can the tester crack WPA2 passwords without disruption?

Question 88hardmultiple choice
Read the full Planning and Scoping explanation →

A 'no-fail' clause prohibits service outages. How should the tester address high-risk tests like SQL injection?

Question 89easymulti select
Read the full Planning and Scoping explanation →

A tester is planning a physical security assessment. Which TWO should be included in the scope? (Choose two.)

Question 90mediummulti select
Read the full Planning and Scoping explanation →

A web application test must cover OWASP Top 10. Which THREE should be explicitly included? (Choose three.)

Question 91hardmulti select
Read the full Planning and Scoping explanation →

An internal test prohibits buffer overflow exploits. Which TWO techniques are appropriate to test privilege escalation without violating the rule? (Choose two.)

Question 92mediummultiple choice
Read the full NAT/PAT explanation →

Refer to the exhibit. A penetration tester obtains this output from a Linux server. The tester notes that port 3389 is typically used for RDP on Windows. Which of the following is the MOST likely explanation?

Exhibit

Active Connections
Proto  Local Address          Foreign Address        State
TCP    10.0.0.15:22          192.168.1.100:54321    ESTABLISHED
TCP    10.0.0.15:80          0.0.0.0:0              LISTENING
TCP    10.0.0.15:443         0.0.0.0:0              LISTENING
TCP    10.0.0.15:3389        203.0.113.50:12345     ESTABLISHED
UDP    10.0.0.15:123         *:*
Question 93hardmultiple choice
Read the full Planning and Scoping explanation →

Refer to the exhibit. A penetration tester reviews this S3 bucket policy. The bucket contains sensitive data. Which of the following best describes the security issue?

Exhibit

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": "*",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::example-bucket/*",
      "Condition": {
        "IpAddress": {
          "aws:SourceIp": "10.0.0.0/8"
        }
      }
    }
  ]
}
Question 94hardmultiple choice
Read the full NAT/PAT explanation →

You are a penetration tester conducting an internal network penetration test for a medium-sized company. The network consists of a Windows domain with multiple servers and workstations. The scope includes testing the Active Directory security. The client has provided a low-privileged domain user account for initial access. During the reconnaissance phase, you discover that the domain controller is running Windows Server 2012 R2 with no recent patches. There is a known privilege escalation vulnerability (e.g., Zerologon) that could allow you to become Domain Admin. However, the client's rules of engagement explicitly prohibit the use of any exploit that could cause a denial of service on the domain controller. The Zerologon exploit, if not carefully executed, could crash the domain controller. Which of the following actions should you take?

Question 95easymultiple choice
Read the full Planning and Scoping explanation →

A penetration tester is conducting an external network assessment for a client. During the reconnaissance phase, the tester identifies an IP address range that is not listed in the rules of engagement (ROE). The client had initially provided a list of authorized target IPs. What should the tester do next?

Question 96mediummultiple choice
Read the full Planning and Scoping explanation →

A client requests a penetration test for a new e-commerce application. The application uses a microservices architecture with RESTful APIs and a React frontend. The tester recommends including both a vulnerability assessment and manual penetration testing. However, the client has a tight budget and asks to skip the vulnerability assessment to save costs. Which response best aligns with best practices?

Question 97hardmulti select
Read the full Planning and Scoping explanation →

During the scoping phase of a penetration test, the tester and client must define the rules of engagement (ROE). Which THREE of the following should be included in the ROE? (Select THREE.)

Question 98easymultiple choice
Read the full Planning and Scoping explanation →

A small business owner contacts you to perform a penetration test. The company has a single office with 50 employees, uses a cloud-based email service (Office 365), and hosts a public-facing website on a shared server. The owner is concerned about external threats but does not allow any testing that could disrupt operations. The owner wants to test the security of the website and the email system against common attacks, such as SQL injection, XSS, and phishing. Based on these constraints and the environment, which type of penetration test is most appropriate?

Question 99mediummultiple choice
Read the full Planning and Scoping explanation →

You are conducting a penetration test for a financial institution. The rules of engagement specify that you are not to access any production customer data. During the test, you discover a SQL injection vulnerability in a public-facing web application that allows you to extract customer personally identifiable information (PII). You successfully demonstrate the injection but do not extract any actual PII. According to ethical guidelines and the rules of engagement, what is the appropriate course of action?

Question 100hardmultiple choice
Read the full Planning and Scoping explanation →

A large enterprise hires your firm to perform a penetration test on a new cloud-based product that integrates with several third-party services. The product is built on AWS and uses serverless functions (Lambda), API Gateway, DynamoDB, and S3. The client provides you with access to a staging environment that mirrors production in architecture but with relaxed security controls: the staging environment has less restrictive security groups, enabled debugging endpoints, and broad IAM permissions. The client insists that the staging environment is sufficient for testing and that production testing is not allowed due to compliance constraints. What is the best recommendation?

Question 101easymulti select
Read the full Planning and Scoping explanation →

A penetration tester is developing a rules of engagement document for a client. Which TWO elements should the tester include to ensure proper scope boundaries?

Question 102mediummultiple choice
Read the full Planning and Scoping explanation →

Refer to the exhibit. A penetration tester has run an initial reconnaissance scan and obtained the above output. The tester needs to decide which attack vector to prioritize based on the principle of exploiting the oldest software version. Which of the following is the most appropriate next step?

Exhibit

Nmap scan report for 10.0.0.1
Host is up (0.001s latency).
PORT    STATE    SERVICE    VERSION
22/tcp  open     ssh        OpenSSH 6.6 (protocol 2.0)
80/tcp  open     http       Apache httpd 2.4.29
443/tcp open     ssl/https
3306/tcp open     mysql      MySQL 5.1.73
3389/tcp open     ms-wbt-server Microsoft RDP
Question 103hardmultiple choice
Open the full VLAN trunking answer →

A medium-sized e-commerce company, CyberMart, has contracted your penetration testing firm to assess their security posture. The company operates from three physical locations: headquarters, a data center, and a remote warehouse. They have a flat internal network but separate VLANs for production, development, and guest Wi-Fi. CyberMart's CISO insists that the test must be conducted without causing any disruption to the production environment, especially the payment processing system. The test should simulate an external attacker targeting the public-facing web servers and an internal attacker who has gained initial access to the guest network. The CISO also requests that all testing be done during off-peak hours to minimize impact. You are preparing the rules of engagement. Which of the following is the most appropriate action to include in the ROE to satisfy the client's requirements while maintaining a realistic test scenario?

Practice tests

Scored 10-question sessions with instant feedback and explanations.

PT0-002 Practice Test 1 — 10 Questions→PT0-002 Practice Test 2 — 10 Questions→PT0-002 Practice Test 3 — 10 Questions→PT0-002 Practice Test 4 — 10 Questions→PT0-002 Practice Test 5 — 10 Questions→PT0-002 Practice Exam 1 — 20 Questions→PT0-002 Practice Exam 2 — 20 Questions→PT0-002 Practice Exam 3 — 20 Questions→PT0-002 Practice Exam 4 — 20 Questions→Free PT0-002 Practice Test 1 — 30 Questions→Free PT0-002 Practice Test 2 — 30 Questions→Free PT0-002 Practice Test 3 — 30 Questions→PT0-002 Practice Questions 1 — 50 Questions→PT0-002 Practice Questions 2 — 50 Questions→PT0-002 Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Planning and ScopingInformation Gathering and Vulnerability ScanningAttacks and ExploitsReporting and CommunicationTools and Code Analysis

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Planning and Scoping setsAll Planning and Scoping questionsPT0-002 Practice Hub