Question 1mediummultiple choice
Full question →PT0-002 · topic practice
Information Gathering And Vulnerability Scanning practice questions
Use this page to practise PT0-002 Information Gathering And Vulnerability Scanning practice questions. The goal is not to memorise dumps, but to understand the concept, review the explanation and improve your exam readiness.
20 questionsDomain: Information Gathering And Vulnerability Scanning
What the exam tests
What to know about Information Gathering And Vulnerability Scanning
Information Gathering And Vulnerability Scanning questions test whether you can apply the concept in context, not just recognise a definition.
How the topic appears in realistic exam-style scenarios.
Which detail in the question changes the correct answer.
How to eliminate plausible but wrong options.
How to connect the question back to the wider exam objective.
Practice set
Information Gathering And Vulnerability Scanning questions
20 questions · select your answer, then reveal the explanation
Question 2mediummultiple choice
Full question →A penetration tester has gained a low-privileged shell on a Linux server. During enumeration, the tester discovers a binary with the SUID bit set that belongs to root and is known to have a buffer overflow vulnerability. What is the MOST effective next step to escalate privileges?
Question 3mediummulti select
Full question →A penetration tester is performing passive reconnaissance against a target domain. Which of the following resources can be used to gather information about the target without directly sending packets to the target's network? (Select two.) (Choose 2.)
Question 4mediummultiple choice
Full question →A penetration tester is analyzing a PowerShell script that contains the following code: Get-WmiObject -Class Win32_Service | Where-Object {$_.PathName -like "* *"} | Select-Object Name, PathName, State What is the primary purpose of this script?
Question 5mediummultiple choice
Full question →A client review of a penetration test report reveals confusion about why a particular vulnerability exists. The client's security engineer wants to understand the root cause and the exact steps to reproduce the issue. Which section of the report should the tester point the engineer to?
Question 6mediummultiple choice
Full question →A penetration tester has completed the test and is writing the findings section. For a critical vulnerability, the tester wants to provide a clear and actionable remediation recommendation. Which of the following is the best practice for writing this recommendation?
Question 7easymultiple choice
Full question →A client wants to perform a penetration test on a new web application that is still in development. The application is not yet connected to the internet. Which of the following is the most appropriate scope for this test?
Question 8mediummultiple choice
Full question →A penetration tester has completed the test and is preparing the final report. The client requested a risk rating for each vulnerability. Which of the following frameworks is MOST commonly used to standardize vulnerability severity ratings in penetration testing reports?
Question 9mediummultiple choice
Full question →A penetration tester is analyzing a Bash script that performs network scanning. The script contains the following command: 'for ip in $(seq 1 254); do hping3 -S -p 22 -c 1 $TARGET_SUBNET.$ip 2>/dev/null | grep -q "flags=SA" && echo "$TARGET_SUBNET.$ip: open"; done'. What is the primary purpose of this script?
Question 10easymultiple choice
Full question →A penetration tester is analyzing a Python script that uses the 'socket' library. The script creates a socket, connects to a target IP and port, sends a payload, and then receives a response. The script is most likely designed for which type of attack?
Question 11mediummultiple choice
Full question →A penetration test report includes a finding about a SQL injection vulnerability in a public-facing web application. Which section of the report would be the MOST appropriate place to provide step-by-step remediation instructions for the development team?
Question 12mediummultiple choice
Full question →A client wants to test a web application that uses multiple third-party APIs for payment processing, shipping, and customer relationship management. The client states that the APIs are critical for operations but cannot be taken offline. Which scoping consideration is most important to include in the rules of engagement?
Question 13hardmultiple choice
Full question →A penetration tester has gained a low-privileged shell on a Linux server. During enumeration, the tester finds a cron job that runs a script as root every five minutes. The script is located in /opt/backup.sh and is world-writable. Which technique should the tester use to escalate privileges?
Question 14hardmultiple choice
Full question →A penetration tester is analyzing a Python script that performs a buffer overflow attack. The script imports the struct module and the socket module. It constructs a payload by packing a pattern of characters, then overwriting a return address with a specific offset. Which of the following is the most critical piece of information the tester must determine before running this script against the target?
Question 15mediummultiple choice
Full question →A penetration tester is analyzing a Python script that uses the requests library to automate web vulnerability scanning. The script sends POST requests with payloads but receives 403 Forbidden responses for many requests, even though manual testing with the same payloads works. Which is the most likely cause?
Question 16mediummultiple choice
Full question →A client with a hybrid infrastructure (on-premises and cloud IaaS) requests a penetration test covering both environments. The cloud provider's terms of service require notification and restrict scanning to specific IP ranges. In which document should these constraints be documented?
Question 17easymultiple choice
Full question →A penetration tester has completed an internal network test. The client's IT manager requests a document that lists each vulnerability with its CVSS score, risk rating, and a brief description of the impact. Which section of the final report should contain this information?
Question 18mediummultiple choice
Full question →A penetration tester has identified a critical misconfiguration in a cloud storage bucket that exposes sensitive customer data. The client's technical team has already applied a fix, but the tester wants to ensure the report accurately reflects the risk and the remediation. Which section of the report should include the steps to reproduce the vulnerability?
Question 19easymultiple choice
Full question →A client asks a penetration tester to perform a test on an e-commerce website. The website experiences high traffic during weekdays and major sales events. To minimize business disruption, when should the tester schedule the active scanning and exploitation activities?
Question 20easymultiple choice
Full question →A client wants to conduct a penetration test of their web application, but they are concerned about potential service disruption. They request that the tester avoid using any techniques that could cause the application to crash or become unresponsive. Which of the following should the tester include in the rules of engagement to address this requirement?
Watch out for
Common Information Gathering And Vulnerability Scanning exam traps
- ▸Answering from memory before reading the full scenario.
- ▸Missing a constraint such as cost, availability, security, scope or command context.
- ▸Choosing a broad answer when the question asks for the most specific fix.
- ▸Ignoring why the wrong options are tempting.
Free account
Track your progress over time
Create a free account to save your results and see which topics improve across sessions.
Focused Information Gathering And Vulnerability Scanning sessions
Start a Information Gathering And Vulnerability Scanning only practice session
Every question in these sessions is drawn from the Information Gathering And Vulnerability Scanning domain — nothing else.
Related practice questions
Related PT0-002 topic practice pages
Move into related areas when this topic feels solid.
Frequently asked questions
- What does the PT0-002 exam test about Information Gathering And Vulnerability Scanning?
- Information Gathering And Vulnerability Scanning questions test whether you can apply the concept in context, not just recognise a definition.
- How should I use these practice questions?
- Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
- Can I practise just Information Gathering And Vulnerability Scanning questions in a focused session?
- Yes — the session launcher on this page draws every question from the Information Gathering And Vulnerability Scanning domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
- Where can I practise other PT0-002 topics?
- Use the topic links above to move to related areas, or go back to the PT0-002 question bank to see all topics.
- Are these real exam questions or dumps?
- These are original practice questions written to test the same concepts the PT0-002 exam covers. They are not copied from any real exam or dump site.
Information Gathering And Vulnerability Scanning only
Mixed PT0-002 sessionTrack your progress
A free account saves results across sessions and highlights which topics need work.
Sign up freeStudy resources
Exam traps to avoid
- ▸Answering from memory before reading the full scenario.
- ▸Missing a constraint such as cost, availability, security, scope or command context.
- ▸Choosing a broad answer when the question asks for the most specific fix.
- ▸Ignoring why the wrong options are tempting.