Back to CompTIA PenTest+ PT0-002

CompTIA exam questions

CompTIA PenTest+ PT0-002 practice test

Practise questions on cloud computing concepts covering service models, deployment types, and essential characteristics for the PT0-002 exam.

509
practice questions
5
topics covered
PT0-002
exam code
CompTIA
vendor

Study modes

Three ways to study

Start with the Study Sheet to learn the material, switch to Practice Tests for active recall, then take a Mock Exam to simulate the real thing.

Study Sheet

All 509 questions with correct answers and explanations already visible. Read at your own pace — no time pressure.

Start reading →

Practice Test

Answer first, then see feedback and explanation. Tracks your score per session. Best for active recall and identifying weak areas.

Mock Exam

Full timed simulation with countdown. Answers hidden until the end. Includes all question types just like the real exam.

Start mock exam →

Study Sheet

All 509 PT0-002 questions with answers

Every question in the bank, paginated 75 per page. Correct answers and full explanations are revealed upfront — ideal for first-pass learning and pre-exam review.

7 pages · 75 questions per page · 509 total

Domain practice

Study PT0-002 by domain

Each domain has its own study sheet and practice test. Target the areas where you're weakest instead of repeating questions you already know.

All domains with question counts →

Related practice questions

Study PT0-002 by topic

Topic pages go deep on individual concepts — each one covers a specific exam topic with questions, explanations, and study notes.

Courseiva uses original exam-style practice questions created for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps. Learn the difference →

Sample questions

CompTIA PenTest+ PT0-002 practice questions

Start practice test

A penetration tester is performing passive reconnaissance on a target organization. Which of the following activities would be considered passive reconnaissance?

A penetration tester is conducting passive reconnaissance on a target organization. Which technique can be used to discover subdomains of the target's domain without sending any packets to the target's network?

Question 3mediummultiple choice
Study the full Python automation breakdown →

A penetration tester is analyzing a Python script that uses the 'requests' library to send HTTP POST requests to a target URL with different payloads. The script also implements a retry mechanism with exponential backoff. What is the most likely purpose of this script?

Question 4mediummultiple choice
Read the full NAT/PAT explanation →

A penetration tester is analyzing a PowerShell script that contains the following code: Get-WmiObject -Class Win32_Service | Where-Object {$_.PathName -like "* *"} | Select-Object Name, PathName, State What is the primary purpose of this script?

A client review of a penetration test report reveals confusion about why a particular vulnerability exists. The client's security engineer wants to understand the root cause and the exact steps to reproduce the issue. Which section of the report should the tester point the engineer to?

A penetration tester has completed the test and is writing the findings section. For a critical vulnerability, the tester wants to provide a clear and actionable remediation recommendation. Which of the following is the best practice for writing this recommendation?

A client requests a penetration test that includes both their internal network and a third-party cloud service provider's infrastructure. The cloud provider has not given permission for testing. Which action should the penetration tester take regarding the cloud provider's assets?

A client wants to perform a penetration test on a new web application that is still in development. The application is not yet connected to the internet. Which of the following is the most appropriate scope for this test?

Question 9mediummultiple choice
Read the full VPN explanation →

A client requests a penetration test of a new mobile application that is still in development and only accessible on a test server behind the corporate VPN. The tester should include which of the following in the scope?

A penetration tester has compromised a host and wants to move laterally to a server using pass-the-hash. Which of the following is required for a successful pass-the-hash attack against a Windows target?

A client requests a penetration test of their internal network. During scoping, the tester learns that the client uses a managed security service provider (MSSP) that monitors all network traffic. The client does not want the MSSP to be informed about the test. What is the most appropriate action for the tester to take?

A penetration tester has gained access to a Windows domain and wants to perform a Kerberoasting attack. Which account privileges are required to request service tickets for Kerberoasting?

A client engages a penetration testing firm to evaluate the security of their internal network. During the scoping meeting, the client states that they use a network access control (NAC) solution that might block the tester's machine if it is connected to the internal network without prior authorization. Which of the following should be included in the rules of engagement to address this potential issue?

A penetration test report includes a finding about a SQL injection vulnerability in a public-facing web application. Which section of the report would be the MOST appropriate place to provide step-by-step remediation instructions for the development team?

A penetration tester has gained a shell on a Linux machine as a low-privileged user. The user can execute the binary 'less' with sudo privileges without a password. Which technique can the tester use to escalate privileges to root?

A penetration tester is analyzing a Python script that performs a buffer overflow attack. The script imports the struct module and the socket module. It constructs a payload by packing a pattern of characters, then overwriting a return address with a specific offset. Which of the following is the most critical piece of information the tester must determine before running this script against the target?

Question 17mediummultiple choice
Study the full Python automation breakdown →

A penetration tester is analyzing a Python script used during a test. The script contains the following code: 'import requests; r = requests.get('http://target', headers={'User-Agent': 'Mozilla/5.0'}); print(r.text)'. What is the primary purpose of setting the User-Agent header in this script?

A client hires a penetration testing firm to assess a web application that integrates with a third-party API for payment processing. The client wants to include the API endpoint in the test scope. What should the penetration tester do FIRST to ensure the test is conducted ethically and legally?

A client with a hybrid infrastructure (on-premises and cloud IaaS) requests a penetration test covering both environments. The cloud provider's terms of service require notification and restrict scanning to specific IP ranges. In which document should these constraints be documented?

Question 20hardmultiple choice
Read the full DNS explanation →

A penetration tester has gained a foothold on a Linux server through a vulnerable web application. The server has an outbound firewall that blocks all traffic except DNS queries (UDP 53). The tester needs to establish a reverse shell to maintain access. Which technique is most likely to succeed?

A client wants to test a web application that uses a third-party payment gateway. The client explicitly wants the payment gateway to be excluded from the test to avoid service disruption. Where should this exclusion be formally documented?

A penetration tester has completed an internal network test. The client's IT manager requests a document that lists each vulnerability with its CVSS score, risk rating, and a brief description of the impact. Which section of the final report should contain this information?

A penetration tester has identified a critical misconfiguration in a cloud storage bucket that exposes sensitive customer data. The client's technical team has already applied a fix, but the tester wants to ensure the report accurately reflects the risk and the remediation. Which section of the report should include the steps to reproduce the vulnerability?

A client wants to conduct a penetration test of their web application, but they are concerned about potential service disruption. They request that the tester avoid using any techniques that could cause the application to crash or become unresponsive. Which of the following should the tester include in the rules of engagement to address this requirement?

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

Exam question guide

How to use these PT0-002 questions

Use these questions as active recall, not passive reading. Try the question first, review the answer choices, then open the explanation and connect the result back to the exam topic.

Quick answer

Tests understanding of cloud service models, deployment types, and characteristics like scalability and elasticity.

IaaS, PaaS, SaaS service model definitions and use cases

Public, private, hybrid cloud deployment distinctions

Key cloud characteristics: on-demand, broad network access

Metered usage and resource pooling concepts

These PT0-002 practice questions are part of Courseiva's free CompTIA certification practice question bank. Courseiva provides original exam-style PT0-002 questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.