Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsPT0-002TopicsPlanning and Scoping
Free · No Signup RequiredCompTIA · PT0-002

PT0-002 Planning and Scoping Practice Questions

20+ practice questions focused on Planning and Scoping — one of the most tested topics on the CompTIA PenTest+ PT0-002 exam. Each question includes a detailed explanation so you learn why the right answer is correct.

Start Planning and Scoping Practice

Exam Domains

Planning and ScopingInformation Gathering and Vulnerability ScanningAttacks and ExploitsReporting and CommunicationTools and Code AnalysisAll domains →

Study Tools

Practice TestMock ExamFlashcardsAll Topics

Sample Planning and Scoping Questions

Practice all 20+ →
1.

A penetration testing firm is scoping a test for a financial institution. The client insists that the test only be performed on systems located in the corporate headquarters, excluding cloud-based infrastructure and remote branch offices. Which of the following should the penetration tester emphasize during the scoping discussion?

A.The test will include social engineering of remote employees
B.The exclusion of cloud infrastructure may leave critical assets untested
C.The test can only be performed during off-hours
D.The tester will require VPN access to the corporate network

Explanation: Option B is correct because the client's exclusion of cloud-based infrastructure and remote branch offices creates a significant gap in the test scope. A penetration test that ignores cloud assets (e.g., AWS, Azure, or SaaS applications) may miss critical vulnerabilities in systems that process or store sensitive financial data, as these are often part of the institution's attack surface. The tester must emphasize that such exclusions can lead to a false sense of security, as attackers frequently target cloud and remote assets due to their accessibility and potential misconfigurations.

2.

A penetration tester is scoping a test for a multinational corporation that has offices in the United States and the European Union. The client wants to test the entire environment. Which of the following is the MOST important legal consideration for the tester to include in the rules of engagement?

A.Ensuring all testing is performed from a single external IP address
B.Obtaining explicit written authorization from each country's legal department
C.Ensuring compliance with GDPR and data protection laws
D.Restricting testing to non-business hours to minimize impact

Explanation: Option C is correct because the multinational corporation operates in the European Union, where the General Data Protection Regulation (GDPR) imposes strict requirements on the processing and transfer of personal data. A penetration test that accesses or stores EU residents' personal data must comply with GDPR, including data minimization, lawful processing, and breach notification obligations. Failure to include GDPR compliance in the rules of engagement could result in severe fines (up to 4% of annual global turnover) and legal liability for the tester and client.

3.

During a penetration test of a large e-commerce platform, the client requests additional testing on a newly discovered microservice mid-engagement. The scope defined in the rules of engagement (ROE) explicitly lists all target systems. What should the penetration tester do FIRST?

A.Add the microservice to the test and include it in the final report as an unadvertised finding
B.Decline the request because the microservice was not part of the original scope
C.Inform the client that a scope amendment is needed and pause testing on the microservice until it is approved
D.Test the microservice only if it is using the same technology stack as other targets

Explanation: Option C is correct because the rules of engagement (ROE) are a legally binding document that defines the scope of testing. Adding a new microservice mid-engagement without an approved scope amendment violates the ROE and could lead to legal or contractual issues. The penetration tester must first pause testing on the microservice and formally request a scope amendment to ensure all activities remain authorized.

4.

A penetration testing firm is hired to assess a U.S.-based company that has recently expanded operations to a country with strict data privacy laws (e.g., GDPR-style regulations). Which of the following is the MOST important legal consideration to include in the rules of engagement?

A.The client's headquarters location determines which laws apply
B.Data collected during the test must be stored only within the country of operation and deleted after the engagement
C.All findings must be reported in the local language of the country of operation
D.The penetration testers must be citizens of the country where the systems reside

Explanation: Option B is correct because under strict data privacy laws like GDPR, personal data collected during a penetration test must be stored within the jurisdiction where it was obtained and deleted once the engagement is complete. This ensures compliance with data localization and minimization requirements, which are critical legal considerations in the rules of engagement.

5.

A penetration testing firm is scoping a test for a client that has a hybrid infrastructure with on-premises servers and cloud-based virtual machines. The client insists on testing only the on-premises systems due to budget constraints. Which of the following should the penetration tester emphasize during the scoping discussion?

A.The on-premises systems are more critical, so testing them is sufficient.
B.Cloud systems are generally more secure and do not require testing.
C.Limiting the scope to on-premises may result in an incomplete risk picture because cloud systems are part of the attack surface.
D.Testing cloud systems would violate the shared responsibility model.

Explanation: Option C is correct because the client's hybrid infrastructure means that cloud-based virtual machines are part of the overall attack surface, and limiting the scope to on-premises systems ignores potential attack vectors such as misconfigured cloud APIs, insecure inter-VPC routing, or compromised cloud credentials that could lead to lateral movement into on-premises systems. A penetration test must assess all components that can be exploited to provide a complete risk picture, as cloud systems often serve as entry points or pivot points into the on-premises environment.

+15 more Planning and Scoping questions available

Practice all Planning and Scoping questions

How to master Planning and Scoping for PT0-002

1. Baseline your knowledge

Start with 10 questions to gauge your current understanding of Planning and Scoping. This tells you whether you need a concept refresher or just practice.

2. Review every explanation

For each question — right or wrong — read the full explanation. Understanding why an answer is correct is more valuable than knowing the answer itself.

3. Focus on exam traps

Planning and Scoping questions on the PT0-002 frequently use trap wording. Look for subtle differences in answers that test your precision, not just general knowledge.

4. Reach 80% consistently

Do repeated sessions until you score 80%+ three times in a row. Then move to mixed-mode practice to test cross-topic recall under realistic conditions.

Frequently asked questions

How many PT0-002 Planning and Scoping questions are on the real exam?

The exact number varies per candidate. Planning and Scoping is tested as part of the CompTIA PenTest+ PT0-002 blueprint. Practicing with targeted Planning and Scoping questions ensures you can handle any format or difficulty that appears.

Are these PT0-002 Planning and Scoping practice questions free?

Yes. Courseiva provides free PT0-002 practice questions across all exam topics and domains. The platform includes topic-based practice, mock exams, missed-question review, bookmarked questions, and readiness tracking — no account required.

Is Planning and Scoping one of the harder PT0-002 topics?

Difficulty is subjective, but Planning and Scoping is a high-priority exam concept tested in multiple ways — direct recall, scenario analysis, and command-output interpretation. Consistent practice is the best way to build confidence.

Ready to practice?

Launch a full Planning and Scoping practice session with instant scoring and detailed explanations.

Start Planning and Scoping Practice →

Topic Info

Topic

Planning and Scoping

Exam

PT0-002

Questions available

20+