20+ practice questions focused on Information Gathering and Vulnerability Scanning — one of the most tested topics on the CompTIA PenTest+ PT0-002 exam. Each question includes a detailed explanation so you learn why the right answer is correct.
Start Information Gathering and Vulnerability Scanning PracticeDuring a vulnerability scan, a penetration tester notices that the scanner is repeatedly attempting to exploit a service, causing the service to crash and generating misleading findings. Which of the following scan configurations would BEST help the tester avoid this issue while still identifying potential vulnerabilities?
Explanation: Option C is correct because the 'safe checks' option in vulnerability scanners (such as Nessus or OpenVAS) disables intrusive plug-ins that attempt to exploit services aggressively, which can cause service crashes. This configuration allows the scanner to identify potential vulnerabilities without disrupting the target service, avoiding misleading findings from crashed services.
A penetration tester is performing reconnaissance on a target organization and uses Shodan to find internet-facing devices. Which of the following is the BEST use case for Shodan in this context?
Explanation: Shodan is a search engine for internet-connected devices that scans public IP ranges and indexes the banners returned by services. Its primary use in reconnaissance is to discover open ports and running services on target IP ranges, revealing attack surface such as exposed databases, web servers, or industrial control systems. This aligns directly with the information-gathering phase of a penetration test.
During the reconnaissance phase, a penetration tester wants to map out the target's DNS infrastructure without directly interacting with the target's servers. Which of the following techniques BEST achieves this?
Explanation: Option B is correct because querying publicly available DNS records (e.g., via passive DNS, WHOIS, or DNS dumpster) allows the tester to gather DNS information without any direct interaction with the target's servers. This technique relies on third-party databases and cached records, avoiding any packets sent to the target, which is essential for stealth during reconnaissance. It aligns with passive information gathering, as defined in the PT0-002 objectives.
A penetration tester is conducting passive reconnaissance on a target organization. Which of the following techniques would provide the MOST useful information about internal network architecture without directly interacting with the target's systems?
Explanation: Certificate Transparency (CT) logs are publicly accessible, append-only ledgers of SSL/TLS certificates. By searching CT logs for certificates issued to the target organization, a penetration tester can discover subdomains, hostnames, and even internal-facing server names that are included in Subject Alternative Names (SANs) or Common Names (CNs). This reveals internal network architecture details (e.g., 'mail.internal.example.com') without any direct interaction with the target's systems, making it a purely passive reconnaissance technique.
A penetration tester is using a vulnerability scanner to assess an internal network. The scanner reports a critical vulnerability in a custom web application, but manual verification shows the application is not vulnerable. Which of the following is the MOST likely cause of this false positive?
Explanation: Option C is correct because vulnerability scanners often identify libraries or components with known CVEs, but they cannot determine whether the application's code actually invokes the vulnerable functions. In this case, the scanner flagged a library with a known vulnerability, but the custom web application's implementation does not expose the vulnerable code path, resulting in a false positive. This is a common limitation of static or version-based detection versus dynamic, context-aware analysis.
+15 more Information Gathering and Vulnerability Scanning questions available
Practice all Information Gathering and Vulnerability Scanning questions1. Baseline your knowledge
Start with 10 questions to gauge your current understanding of Information Gathering and Vulnerability Scanning. This tells you whether you need a concept refresher or just practice.
2. Review every explanation
For each question — right or wrong — read the full explanation. Understanding why an answer is correct is more valuable than knowing the answer itself.
3. Focus on exam traps
Information Gathering and Vulnerability Scanning questions on the PT0-002 frequently use trap wording. Look for subtle differences in answers that test your precision, not just general knowledge.
4. Reach 80% consistently
Do repeated sessions until you score 80%+ three times in a row. Then move to mixed-mode practice to test cross-topic recall under realistic conditions.
The exact number varies per candidate. Information Gathering and Vulnerability Scanning is tested as part of the CompTIA PenTest+ PT0-002 blueprint. Practicing with targeted Information Gathering and Vulnerability Scanning questions ensures you can handle any format or difficulty that appears.
Yes. Courseiva provides free PT0-002 practice questions across all exam topics and domains. The platform includes topic-based practice, mock exams, missed-question review, bookmarked questions, and readiness tracking — no account required.
Difficulty is subjective, but Information Gathering and Vulnerability Scanning is a high-priority exam concept tested in multiple ways — direct recall, scenario analysis, and command-output interpretation. Consistent practice is the best way to build confidence.
Launch a full Information Gathering and Vulnerability Scanning practice session with instant scoring and detailed explanations.
Start Information Gathering and Vulnerability Scanning Practice →