Courseiva
PT0-002
Full test
hardmultiple choiceObjective-mapped

A penetration tester is performing internal reconnaissance on a network that uses IPv6. The tester wants to discover alive hosts and their IPv6 addresses without sending many packets. Which technique is most effective for this purpose?

Question 1hardmultiple choice
Full question →

A penetration tester is performing internal reconnaissance on a network that uses IPv6. The tester wants to discover alive hosts and their IPv6 addresses without sending many packets. Which technique is most effective for this purpose?

Full question →

Answer choices

Why each option matters

Good practice is not just finding the correct option. The wrong answers often show the exact trap the exam wants you to fall into.

A

Distractor review

Perform a full TCP SYN scan on the entire /64 subnet using Nmap with IPv6 addressing

A full scan of a /64 subnet (2^64 addresses) is impractical due to the immense address space; it would take an extremely long time and generate excessive traffic.

B

Best answer

Ping the IPv6 all-nodes multicast address (ff02::1) and analyze the responses to discover active hosts

Sending an ICMPv6 echo request to ff02::1 will trigger responses from all hosts that respond to multicast pings, quickly revealing active IPv6 addresses without scanning the entire subnet.

C

Distractor review

Request the DHCPv6 server log from the network administrator to obtain a list of assigned IPv6 addresses

This relies on the administrator's cooperation and may not include statically addressed hosts; also not a tester technique.

D

Distractor review

Use the `ip neighbor` command on the tester's machine to view the IPv6 neighbor cache after generating traffic

The neighbor cache only shows hosts the tester's machine has recently communicated with; it requires prior traffic and is not a discovery technique itself.

Common exam trap

Common exam trap: OSPF can fail even when IP connectivity looks correct

OSPF neighbour formation depends on matching areas, timers, network type, authentication and passive-interface behaviour. Do not choose an answer only because the devices can ping.

Technical deep dive

How to think about this question

OSPF questions usually test the details that control adjacency and route selection. Read the neighbour state, area, router ID and interface configuration before deciding what is wrong.

KKey Concepts to Remember

  • OSPF neighbours must agree on key parameters.
  • Router ID selection can affect neighbour relationships and LSDB output.
  • OSPF cost influences the preferred path.
  • A route can appear in OSPF information but not become the installed route.

TExam Day Tips

  • Check area mismatch first when OSPF adjacency fails.
  • Review passive interfaces when a network is advertised but no neighbour forms.
  • Use show ip ospf neighbor and show ip route clues carefully.

Related practice questions

Related PT0-002 practice-question pages

Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.

PT0-002 fundamentals practice questions

Practise PT0-002 questions linked to PT0-002 fundamentals.

PT0-002 scenario practice questions

Practise PT0-002 questions linked to PT0-002 scenario.

PT0-002 troubleshooting practice questions

Practise PT0-002 questions linked to PT0-002 troubleshooting.

More questions from this exam

Keep practising from the same exam bank, or move into a focused topic page if this question exposed a weak area.

Question 1

A penetration tester is writing the executive summary for a report. The client's CEO needs to understand the business impact of a critical SQL injection vulnerability. Which of the following should the tester include?

Question 2

A penetration tester has gained a low-privileged shell on a Linux server. During enumeration, the tester discovers a binary with the SUID bit set that belongs to root and is known to have a buffer overflow vulnerability. What is the MOST effective next step to escalate privileges?

Question 3

A penetration tester is performing passive reconnaissance against a target domain. Which of the following resources can be used to gather information about the target without directly sending packets to the target's network? (Select two.) (Choose 2.)

Question 4

A penetration tester has obtained a TGT from a domain controller by cracking the krbtgt hash. Which attack can the tester now perform to gain persistent administrative access to any resource in the domain?

Question 5

A penetration tester is writing the executive summary for the final report. The CEO needs to understand the overall risk level and the business impact of the findings. Which of the following should be included in the executive summary?

Question 6

A penetration tester is writing the executive summary of a penetration test report. Which of the following elements is MOST important to include for a non-technical audience?

FAQ

Questions learners often ask

What does this PT0-002 question test?

OSPF neighbours must agree on key parameters.

What is the correct answer to this question?

The correct answer is: Ping the IPv6 all-nodes multicast address (ff02::1) and analyze the responses to discover active hosts — IPv6 networks often have a large address space, making traditional scanning inefficient. The Neighbor Discovery Protocol (NDP) can be used to solicit neighbor advertisements, but this requires sending a multicast packet. Leveraging DHCPv6 logs or router advertisements is passive. Using the IPv6 multicast address for all-nodes (ff02::1) and then analyzing responses is more reliable than scanning the entire /64 subnet.

What should I do if I get this PT0-002 question wrong?

Then try more questions from the same exam bank and focus on understanding why the wrong options are tempting.

Discussion

Loading comments…

Sign in to join the discussion.