Back to CompTIA PenTest+ PT0-002 questions

Scenario-based practice

Drag and Drop Matching Questions

Practise CompTIA PenTest+ PT0-002 practice questions — original exam-style scenarios covering every exam domain, with detailed explanations, wrong-answer analysis, and common exam traps.

10
scenario questions
PT0-002
exam code
CompTIA
vendor

Scenario guide

How to approach drag and drop matching questions

Matching questions give you two columns — concepts, commands, or protocols on the left, and their definitions or use-cases on the right. You drag each left item to its correct match. These appear on most certification exams and punish superficial memorisation.

Quick answer

Drag and Drop Matching Questions questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Related practice questions

Related PT0-002 topic practice pages

Scenario questions usually connect to one or more exam topics. Use these links to review the underlying concepts behind the scenario.

Practice set

Practice scenarios

Question 1mediummatching
Full question →

Match each penetration testing tool to its primary function.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Network scanning and port enumeration

Exploit development and execution

Web application security testing

Password cracking

Network packet analysis

Match each wireless attack to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Rogue AP mimicking a legitimate one

Forcing clients to disconnect from AP

Brute-forcing the WPS PIN to recover passphrase

Exploiting WPA2 handshake to decrypt traffic

Sending unsolicited messages over Bluetooth

Question 3mediummatching
Full question →

Match each scanning technique to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Sends SYN packet, waits for SYN-ACK, then RST

Completes full TCP three-way handshake

Sends UDP packets to determine open ports

Used to map firewall rulesets

Sends packets with FIN, PSH, URG flags set

Question 4mediummatching
Full question →

Match each evasion technique to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Splitting packets to evade IDS/IPS

Converting payload to bypass signature detection

Faking source IP to hide origin

Routing traffic through multiple proxies

Delaying requests to avoid rate limiting

Question 5mediummatching
Full question →

Match each Phase of the Penetration Testing Execution Standard (PTES) to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Scope definition, rules of engagement, legal agreements

Collecting information about the target via OSINT

Identifying assets, threats, and attack vectors

Scanning and testing for vulnerabilities

Gaining unauthorized access using exploits

Question 6mediummatching
Full question →

Match each compliance standard to its focus area.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Payment card data security

Protected health information privacy

Personal data protection for EU citizens

Financial reporting and internal controls

Information security management system

Question 7mediummatching
Full question →

Match each network protocol to its well-known port number.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

22

443

53

25

3389

Question 8mediummatching
Full question →

Match each type of social engineering attack to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Fraudulent emails to obtain sensitive information

Targeted phishing at a specific individual or organization

Voice-based phishing over phone calls

Phishing via SMS text messages

Following an authorized person into a restricted area

Question 9mediummatching
Full question →

Match each vulnerability category to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Attacker injects malicious SQL queries

Attacker injects client-side scripts into web pages

Attacker tricks user into performing unwanted actions

Writing more data to a buffer than it can hold

Accessing files outside the web root directory

Question 10mediummatching
Full question →

Match each reporting element to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

High-level overview for non-technical management

Detailed steps and tools used during testing

List of vulnerabilities with severity ratings

Recommended actions to fix vulnerabilities

Raw logs, scripts, and supporting evidence

These PT0-002 practice questions are part of Courseiva's free CompTIA certification practice question bank. Courseiva provides original exam-style PT0-002 questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.