Free · No account needed · No credit card

CompTIA PenTest+ PT0-002 Practice Test

509 questions with instant explanations, domain breakdown, and wrong-answer analysis. Built for the real exam.

Instant feedback after each answer
Full explanations included
Domain score breakdown
Real exam: 165 min
Pass mark: 750%

Sample questions with explanations

This is exactly what you see during practice — question, options, and a full explanation after you answer.

Q1Information Gathering and Vulnerability Scanningmedium
Full explanation →

During a vulnerability scan, a penetration tester notices that the scanner is repeatedly attempting to exploit a service, causing the service to crash and generating misleading findings. Which of the following scan configurations would BEST help the tester avoid this issue while still identifying potential vulnerabilities?

AEnable SYN scan instead of full TCP connect scan
BAdjust the scan timing template to a slower rate
Activate the 'safe checks' option in the scannerCorrect
DIncrease the port range to include high ports

Option C is correct because the 'safe checks' option in vulnerability scanners (such as Nessus or OpenVAS) disables intrusive plug-ins that attempt to exploit services aggressively, which can cause service crashes. This configuration allows the scanner to identify potential vulne…Read full explanation

Q2Attacks and Exploitsmedium
Full explanation →

A penetration tester has gained a foothold on a Windows server and wants to move laterally to a domain controller. The tester has access to a service account that is a member of the 'Remote Management Users' group on the domain controller. Which of the following tools would be MOST appropriate for lateral movement in this scenario?

APsExec
BMS16-075 exploit
WinRMCorrect
DBloodHound

WinRM (Windows Remote Management) is the most appropriate tool because the tester's service account is a member of the 'Remote Management Users' group on the domain controller, which grants explicit permission to connect via WinRM over HTTP/HTTPS (ports 5985/5986). This allows di…Read full explanation

Q3Reporting and Communicationhard
Full explanation →

After completing a penetration test, the lead tester is preparing the executive summary. The client's CISO wants to understand the business impact of a critical vulnerability found in the customer-facing web application. Which of the following is the BEST way to convey this in the report?

AList the CVSS score and exploitability metrics
Describe the attack scenario and potential financial lossCorrect
CProvide the raw log entries showing the exploitation
DRecommend a specific patch version

Option B is correct because the executive summary must communicate business risk, not technical details. Describing the attack scenario and potential financial loss directly addresses the CISO's need to understand the business impact, such as revenue loss from a data breach or re…Read full explanation

Untimed Practice

Answer at your own pace. Explanation and domain tag shown immediately after each answer.

Timed Practice

Countdown timer starts immediately. Results and domain scores shown at the end — just like the real exam.

Why practice here?

Full explanations on every question

Not just the right answer — you get exactly why each wrong option is wrong, so you learn the concept, not the answer.

Domain score breakdown

After each session see your score by exam domain so you know exactly where to focus study time.

100% free, forever

No subscription, no trial, no email wall. Start a session in under 10 seconds.

Exam-style questions

Scenario-based, precise wording, realistic distractors — written to match what you actually see on exam day.

← All PT0-002 questionsPT0-002 exam guideStudy guidePractice by domain