Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Free Resources

Difficulty IndexLearn — Free ChaptersIT GlossaryFree Tools & LabsStudy GuidesCareer RoadmapsBrowse by VendorCisco Command ReferenceCCNA Scenarios

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Planning and Scoping practice sets

PT0-002 Planning and Scoping • Complete Question Bank

PT0-002 Planning and Scoping — All Questions With Answers

Complete PT0-002 Planning and Scoping question bank — all 0 questions with answers and detailed explanations.

74
Questions
Free
No signup
Certifications/PT0-002/Practice Test/Planning and Scoping/All Questions
Question 1easymultiple choice
Read the full Planning and Scoping explanation →

A penetration tester is hired to assess the security of a company's internal network. The tester is given full network diagrams, credentials, and source code. Which type of penetration test is being performed?

Question 2mediummultiple choice
Read the full wireless explanation →

During a pre-engagement meeting, the client states that no testing is allowed on the wireless network or on any cloud-based services hosted by third parties. Which part of the engagement documentation would specify these restrictions?

Question 3mediummultiple choice
Read the full Planning and Scoping explanation →

A penetration testing company is contracted to perform a social engineering engagement. The client requests that only employees in the finance department be targeted. Which scoping consideration is most relevant?

Question 4hardmultiple choice
Read the full Planning and Scoping explanation →

A penetration tester discovers evidence of ongoing criminal activity, such as a data breach by an internal employee, during a white box penetration test. The client's legal team has not provided specific instructions on handling such discoveries. According to best practices and legal considerations, what should the tester do first?

Question 5easymultiple choice
Read the full Planning and Scoping explanation →

Which penetration testing standard provides a structured methodology for conducting penetration tests, including pre-engagement, reconnaissance, and reporting phases?

Question 6mediummultiple choice
Read the full Planning and Scoping explanation →

A company wants to simulate a real-world attack scenario where the penetration tester has no prior knowledge of the environment and must act as an external threat actor. However, the tester is allowed to use social engineering to gain initial access. Which type of engagement is most appropriate?

Question 7hardmultiple choice
Read the full Planning and Scoping explanation →

A penetration tester is conducting a grey box test on a web application. During the test, the tester discovers that the application is hosted on a cloud infrastructure that belongs to a third-party provider. The client did not mention this provider in the scope. What is the best course of action regarding testing this infrastructure?

Question 8mediummultiple choice
Read the full Planning and Scoping explanation →

Which legal framework in the United States prohibits unauthorized access to computer systems and is commonly referenced in penetration testing authorization documents?

Question 9easymultiple choice
Read the full Planning and Scoping explanation →

A penetration tester is preparing a deliverable for a client. Which of the following should be included in the final report?

Question 10mediummultiple choice
Read the full Planning and Scoping explanation →

A penetration tester is planning a test that involves scanning for vulnerabilities across a large IP range. The client has provided a list of IPs that are in-scope, but the tester notices that some IPs belong to a third-party company hosting a client application. What should the tester do?

Question 11hardmultiple choice
Read the full wireless explanation →

A penetration tester is conducting a wireless penetration test. The client's rules of engagement state that testing must not disrupt production services. During the test, the tester's de-authentication attack causes the company's guest Wi-Fi to go offline. What should the tester do?

Question 12mediummultiple choice
Read the full Planning and Scoping explanation →

Which of the following is the primary purpose of a get-out-of-jail letter in a penetration testing engagement?

Question 13mediummulti select
Read the full Planning and Scoping explanation →

A penetration testing company is scoping a test for a client. The client wants to ensure that testing does not impact production systems. Which TWO of the following are appropriate scoping considerations? (Select TWO.)

Question 14hardmulti select
Read the full Planning and Scoping explanation →

A penetration tester is preparing a post-engagement deliverable. Which THREE of the following should be included in the final report? (Select THREE.)

Question 15easymulti select
Read the full Planning and Scoping explanation →

Which TWO of the following are types of penetration testing based on the level of knowledge provided to the tester? (Select TWO.)

Question 16easymultiple choice
Read the full Planning and Scoping explanation →

A penetration tester is hired to perform an assessment where the tester is provided with network diagrams, source code, and administrative credentials. Which type of penetration test is this?

Question 17easymultiple choice
Read the full Planning and Scoping explanation →

Which document defines the IP ranges that are in scope, testing windows, and emergency stop criteria for a penetration test?

Question 18mediummultiple choice
Read the full Planning and Scoping explanation →

A penetration tester is planning a social engineering engagement targeting employees of a client. The client requests that only non-managerial staff be tested. Which scoping consideration is most directly affected by this request?

Question 19mediummultiple choice
Read the full Planning and Scoping explanation →

During a penetration test, the tester discovers evidence of an ongoing data breach that appears to involve criminal activity unrelated to the test scope. What is the tester's primary responsibility regarding this discovery?

Question 20hardmultiple choice
Read the full Planning and Scoping explanation →

A penetration tester is engaged to test a web application that uses a third-party payment gateway. The client has not obtained permission from the payment gateway provider. Which of the following is the best course of action?

Question 21mediummultiple choice
Read the full Planning and Scoping explanation →

Which of the following penetration testing standards includes detailed guidelines for pre-engagement interactions, intelligence gathering, threat modeling, vulnerability analysis, exploitation, post-exploitation, and reporting?

Question 22easymultiple choice
Read the full Planning and Scoping explanation →

A company hires a penetration testing firm to simulate the tactics, techniques, and procedures of a real adversary. The engagement includes attempting to achieve specific objectives without being detected. This type of engagement is best described as:

Question 23mediummultiple choice
Read the full Planning and Scoping explanation →

During pre-engagement, a client insists that the penetration testers sign a non-disclosure agreement (NDA). However, the client refuses to provide a 'get-out-of-jail' letter. What risk does this pose to the penetration testers?

Question 24hardmultiple choice
Read the full VPN explanation →

A penetration tester is contracted to perform a grey box test of a company's internal network. The client provides a VPN account for remote access but does not disclose that the account has been used by a former employee. The tester connects and is immediately locked out. Which pre-engagement document should have addressed this scenario?

Question 25mediummultiple choice
Read the full Planning and Scoping explanation →

After completing a penetration test, the tester must deliver a report. According to standard practices, which of the following is a required component of the deliverables?

Question 26hardmultiple choice
Read the full wireless explanation →

A penetration tester is performing a wireless penetration test. The RoE states that testing is only allowed between 8 PM and 6 AM. At 7:30 PM, the tester begins active scanning. At 8:15 PM, a client employee calls emergency contact to report suspicious activity. According to the RoE, which of the following is the most likely reason for the call?

Question 27mediummultiple choice
Read the full Planning and Scoping explanation →

Which of the following best describes the primary purpose of a 'get-out-of-jail' letter in a penetration testing engagement?

Question 28mediummulti select
Read the full Planning and Scoping explanation →

A penetration tester is scoping a web application penetration test. The client wants to include a third-party API that processes payments. Which TWO are appropriate considerations?

Question 29hardmulti select
Read the full Planning and Scoping explanation →

During post-engagement, a penetration tester needs to ensure proper data handling. Which THREE actions should the tester take?

Question 30easymulti select
Read the full Planning and Scoping explanation →

A company is planning a social engineering engagement. Which TWO items should be included in the pre-engagement documentation?

Question 31easymultiple choice
Read the full Planning and Scoping explanation →

Which type of penetration test provides the tester with full knowledge of the target environment, including network diagrams, source code, and administrative credentials?

Question 32mediummultiple choice
Read the full Planning and Scoping explanation →

A penetration tester is about to start an engagement. Which document outlines the IP ranges that are in scope, the testing window, and the emergency stop criteria?

Question 33mediummultiple choice
Read the full Planning and Scoping explanation →

During an external penetration test, the tester discovers that a critical web application is hosted on a third-party cloud provider. The SOW did not mention this provider. What should the tester do before proceeding with testing against that provider's infrastructure?

Question 34hardmultiple choice
Read the full Planning and Scoping explanation →

A penetration tester is engaged to perform a social engineering assessment targeting the sales department. The RoE specifies that testing is allowed only during business hours. Which of the following actions would be most appropriate when planning the engagement?

Question 35easymultiple choice
Read the full Planning and Scoping explanation →

Which document, often signed before a penetration test, protects the tester from legal liability if the tester's actions are perceived as malicious by third parties?

Question 36mediummultiple choice
Read the full Planning and Scoping explanation →

A penetration tester is planning a web application test. The client wants to minimize risk to production data. Which environment should the tester recommend for testing?

Question 37mediummultiple choice
Read the full Planning and Scoping explanation →

Which legal framework in the United States makes it a crime to access a computer system without authorization, and is a key consideration when obtaining permission for penetration testing?

Question 38hardmultiple choice
Read the full Planning and Scoping explanation →

During a red team exercise, the tester successfully gains access to an internal server and finds evidence of ongoing criminal activity unrelated to the client. According to best practices for handling discovered criminal activity, what should the tester do first?

Question 39mediummultiple choice
Read the full Planning and Scoping explanation →

Which of the following best describes the purpose of a vulnerability disclosure policy in the context of a penetration test?

Question 40easymultiple choice
Read the full Planning and Scoping explanation →

Which penetration testing standard provides a methodology that includes pre-engagement interactions, intelligence gathering, threat modeling, vulnerability analysis, exploitation, post-exploitation, and reporting?

Question 41hardmultiple choice
Read the full Planning and Scoping explanation →

A penetration tester is scoping a test for a client that uses a SaaS application for customer relationship management. The client wants the tester to assess the application's security. What is the most important consideration regarding this SaaS application?

Question 42mediummultiple choice
Read the full Planning and Scoping explanation →

Which of the following is typically included in the final deliverables of a penetration test?

Question 43mediummulti select
Read the full Planning and Scoping explanation →

A penetration tester is planning a red team exercise for a client. Which TWO of the following should be included in the rules of engagement (RoE)?

Question 44hardmulti select
Read the full Planning and Scoping explanation →

A penetration tester is conducting a social engineering engagement targeting the finance department. Which THREE of the following actions are most appropriate to include in the scope of the engagement?

Question 45mediummulti select
Read the full Planning and Scoping explanation →

After completing a penetration test, the tester must handle test artifacts appropriately. Which TWO of the following are best practices for data handling and destruction?

Question 46easymultiple choice
Read the full Planning and Scoping explanation →

A penetration tester is hired to perform a test with no prior knowledge of the target environment. The tester is given only the company name and must gather all necessary information from public sources. Which type of penetration test is this?

Question 47easymultiple choice
Read the full Planning and Scoping explanation →

During the pre-engagement phase, which document defines the IP ranges, test windows, and emergency stop criteria for a penetration test?

Question 48mediummultiple choice
Read the full Planning and Scoping explanation →

A penetration tester is planning an engagement that includes testing a web application hosted on a third-party cloud provider. The client has provided credentials for the application but not for the underlying infrastructure. Which of the following should the tester do before proceeding?

Question 49mediummultiple choice
Read the full Planning and Scoping explanation →

The penetration tester identifies that a web application is hosted on a server that also contains sensitive customer data unrelated to the test. The SOW clearly states that only the web application is in scope. The tester accidentally accesses the customer data. What should the tester do immediately?

Question 50mediummultiple choice
Read the full Planning and Scoping explanation →

A penetration testing engagement requires testing a production environment during business hours. The client is concerned about potential service disruption. Which document should specify the conditions under which the test must be halted?

Question 51hardmultiple choice
Read the full Planning and Scoping explanation →

During a social engineering engagement, a tester is authorized to target employees via email phishing. However, the tester accidentally sends a phishing email to a contractor who is not listed in the personnel scope. The contractor reports the email to the client's security team, causing an internal investigation. Which of the following best describes the tester's mistake?

Question 52mediummultiple choice
Read the full Planning and Scoping explanation →

A penetration tester is conducting a red team exercise. The goal is to simulate an advanced persistent threat (APT) and test the organization's detection and response capabilities. Which of the following engagement types best describes this scenario?

Question 53easymultiple choice
Read the full Planning and Scoping explanation →

Which of the following is the primary purpose of a get-out-of-jail letter?

Question 54mediummultiple choice
Read the full VPN explanation →

A client requests a penetration test that includes testing of both internal network devices and a public-facing web application. The tester is provided with a VPN account for internal access but no credentials for the web application. Which type of penetration test is this?

Question 55hardmultiple choice
Read the full Planning and Scoping explanation →

During a penetration test, the tester discovers evidence of an ongoing criminal activity, such as unauthorized data exfiltration by an insider. The client's legal team has not provided specific guidance on handling such discoveries. According to best practices and legal considerations, what should the tester do first?

Question 56mediummultiple choice
Read the full Planning and Scoping explanation →

A penetration tester is preparing a proposal for a client. The client wants a test that includes a detailed technical report with remediation steps and an executive summary for management. Which standard or framework is most commonly used to structure the testing process from pre-engagement through post-engagement?

Question 57hardmultiple choice
Read the full Planning and Scoping explanation →

After completing a penetration test, the tester must submit deliverables and then destroy all test artifacts. Which legal or ethical consideration primarily drives the requirement to destroy test artifacts?

Question 58mediummulti select
Read the full Planning and Scoping explanation →

A penetration tester is scoping a network penetration test for a client that uses multiple third-party services. Which TWO of the following are correct actions regarding third-party services? (Select TWO.)

Question 59hardmulti select
Read the full Planning and Scoping explanation →

A penetration testing company is planning a social engineering engagement for a client. The engagement includes phishing and physical tailgating. Which THREE of the following should be clearly defined in the Rules of Engagement? (Select THREE.)

Question 60mediummulti select
Read the full Planning and Scoping explanation →

A penetration tester has completed a web application test and is preparing the final deliverables. According to best practices, which THREE components should be included in the deliverables? (Select THREE.)

Question 61easymultiple choice
Read the full Planning and Scoping explanation →

A penetration tester is hired to assess the security of a company's internal network. The client provides the tester with full network diagrams, credentials, and source code. Which type of penetration test is being performed?

Question 62mediummultiple choice
Read the full Planning and Scoping explanation →

During the pre-engagement phase, a penetration tester and the client agree on the specific IP ranges to be tested, testing windows, and what constitutes an emergency stop condition. Which document typically contains these details?

Question 63hardmultiple choice
Read the full Planning and Scoping explanation →

A penetration tester is contracted to perform a web application test for a company that hosts its application on a third-party cloud provider. The tester discovers a critical vulnerability that could allow access to other customers' data on the same cloud platform. Which legal consideration is MOST important for the tester to address?

Question 64mediummultiple choice
Read the full Planning and Scoping explanation →

A penetration testing company is scoping a social engineering engagement for a client. The client wants to test employee awareness of phishing attempts. Which of the following should be included in the scope?

Question 65easymultiple choice
Read the full Planning and Scoping explanation →

Which penetration testing standard provides a step-by-step methodology from pre-engagement through post-engagement activities, including intelligence gathering, vulnerability analysis, and exploitation?

Question 66mediummultiple choice
Read the full Planning and Scoping explanation →

A penetration tester is planning a red team exercise for a client. The client insists that the testing should not disrupt production systems and only target a replicated staging environment. However, the tester believes that testing the production environment is necessary for realistic adversary simulation. What is the MOST appropriate course of action?

Question 67hardmultiple choice
Read the full Planning and Scoping explanation →

After completing a penetration test, the tester is required to provide deliverables that include an executive summary, technical findings, and remediation guidance. However, the client also requests that all test artifacts, such as captured credentials and sample data, be securely destroyed after the report is delivered. Which standard or framework emphasizes the importance of data handling and destruction of test artifacts?

Question 68mediummulti select
Review the full subnetting walkthrough →

A penetration testing firm is scoping a network penetration test for a client. The client has provided a list of IP ranges and subnets. Which TWO of the following should the tester consider when defining the scope?

Question 69hardmulti select
Read the full Planning and Scoping explanation →

A penetration tester is preparing for a web application penetration test. The client application is hosted on a cloud platform that serves multiple tenants. Which THREE of the following are critical legal and scoping considerations?

Question 70mediummulti select
Read the full Planning and Scoping explanation →

During a social engineering engagement, a tester plans to use phishing emails targeting employees. Which TWO of the following should be included in the rules of engagement?

Question 71easymulti select
Read the full Planning and Scoping explanation →

Which TWO of the following are typical deliverables of a penetration test?

Question 72hardmulti select
Read the full Planning and Scoping explanation →

A penetration tester discovers evidence of an ongoing criminal activity (e.g., data exfiltration by an insider) during a test. According to best practices and legal considerations, which THREE actions should the tester take?

Question 73mediummulti select
Read the full Planning and Scoping explanation →

In a red team exercise, the team wants to simulate a realistic adversary. Which TWO of the following are typically included in the scope of a red team engagement compared to a standard penetration test?

Question 74easymulti select
Read the full Planning and Scoping explanation →

Which THREE of the following are common components of a pre-engagement agreement between a penetration tester and a client?

Practice tests

Scored 10-question sessions with instant feedback and explanations.

PT0-002 Practice Test 1 — 25 Questions→PT0-002 Practice Test 2 — 25 Questions→PT0-002 Practice Test 3 — 25 Questions→PT0-002 Practice Test 4 — 25 Questions→PT0-002 Practice Test 5 — 25 Questions→PT0-002 Practice Exam 1 — 20 Questions→PT0-002 Practice Exam 2 — 20 Questions→PT0-002 Practice Exam 3 — 20 Questions→PT0-002 Practice Exam 4 — 20 Questions→Free PT0-002 Practice Test 1 — 30 Questions→Free PT0-002 Practice Test 2 — 30 Questions→Free PT0-002 Practice Test 3 — 30 Questions→PT0-002 Practice Questions 1 — 50 Questions→PT0-002 Practice Questions 2 — 50 Questions→PT0-002 Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Information Gathering and Vulnerability ScanningPlanning and ScopingReporting and CommunicationAttacks and ExploitsTools and Code Analysis

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Planning and Scoping setsAll Planning and Scoping questionsPT0-002 Practice Hub