Back to CompTIA PenTest+ PT0-002 questions

Scenario-based practice

Select Two (Multi-Select) Questions

Practise CompTIA PenTest+ PT0-002 practice questions — original exam-style scenarios covering every exam domain, with detailed explanations, wrong-answer analysis, and common exam traps.

20
scenario questions
PT0-002
exam code
CompTIA
vendor

Scenario guide

How to approach select two (multi-select) questions

Multi-select questions tell you to 'Choose TWO' or 'Choose THREE'. Getting partial credit is not a thing — you must select all correct answers with no incorrect ones. The stem always states how many to choose, so trust it. These questions require precision, not best-guess elimination.

Quick answer

Select Two (Multi-Select) Questions questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Related practice questions

Related PT0-002 topic practice pages

Scenario questions usually connect to one or more exam topics. Use these links to review the underlying concepts behind the scenario.

Practice set

Practice scenarios

Question 1hardmulti select
Full question →

A tester has low-privilege shell access on a Linux server. Which two checks are most appropriate for local privilege escalation enumeration? (Choose 2.)

Question 2mediummulti select
Full question →

Which TWO of the following should be included in the methodology section of a penetration test report?

Question 3mediummulti select
Full question →

A penetration tester is performing passive reconnaissance against a target domain. Which of the following resources can be used to gather information about the target without directly sending packets to the target's network? (Select two.) (Choose 2.)

Question 4mediummulti select
Full question →

Before starting a penetration test, the tester receives permission to test only two public IP ranges and is told not to perform denial-of-service testing. Which two documents or artefacts are most important to confirm before testing begins? (Choose 2.)

Question 5easymulti select
Full question →

When calculating the risk rating for a vulnerability found during a penetration test, which two factors are most fundamental to the risk calculation?

Question 6hardmulti select
Full question →

Which TWO of the following are indicators that a web application is vulnerable to XML External Entity (XXE) attacks? (Select TWO.)

Question 7mediummulti select
Full question →

Which TWO of the following are common techniques used during a pass-the-hash attack? (Select TWO.)

Question 8easymulti select
Full question →

Which TWO of the following are common methods used to bypass network access controls during a penetration test? (Choose two.)

Question 9hardmulti select
Read the full wireless explanation →

A penetration tester is assessing a wireless network's security. The tester wants to capture WPA2 handshakes for offline password cracking. Which two attacks can be used to force a client to re-authenticate and capture the handshake? (Choose TWO.)

Question 10mediummulti select
Full question →

A penetration tester is analyzing the results of a vulnerability scan. Which of the following findings indicate that a vulnerability is likely exploitable? (Choose two.)

Question 11mediummulti select
Full question →

Which TWO of the following are effective methods for bypassing AppLocker during a penetration test? (Choose two.)

Question 12easymulti select
Full question →

A penetration tester is gathering information using passive reconnaissance techniques. Which of the following are considered passive reconnaissance methods? (Choose two.)

Question 13hardmulti select
Full question →

During a vulnerability scan of a Linux server, the tester notices that the NMAP scan reports port 22 as filtered. Which of the following could be causing this result? (Select TWO).

Question 14mediummulti select
Full question →

A penetration tester is performing information gathering for a web application. Which of the following are passive information gathering techniques? (Select THREE).

Question 15easymulti select
Full question →

A penetration tester needs to perform initial reconnaissance on a target domain. Which of the following tools are specifically designed for domain enumeration? (Select TWO).

Question 16mediummulti select
Full question →

A penetration tester is scoping an engagement for a client that has both on-premises and cloud infrastructure. Which TWO documents should be reviewed to understand the client's cloud security posture?

Question 17mediummulti select
Full question →

Which THREE factors are critical to include in the rules of engagement for a penetration test?

Question 18hardmulti select
Full question →

A penetration tester is scoping a test for a client that uses a hybrid identity system. The client wants to ensure that the test does not affect production authentication. Which TWO actions should the tester recommend?

Question 19hardmulti select
Full question →

During the scoping phase of a penetration test, the tester and client must define the rules of engagement (ROE). Which THREE of the following should be included in the ROE? (Select THREE.)

Question 20easymulti select
Full question →

A tester is planning a physical security assessment. Which TWO should be included in the scope? (Choose two.)

These PT0-002 practice questions are part of Courseiva's free CompTIA certification practice question bank. Courseiva provides original exam-style PT0-002 questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.