PT0-002 · topic practice

Planning and Scoping practice questions

Practise CompTIA PenTest+ PT0-002 Planning and Scoping practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Planning and Scoping

What the exam tests

What to know about Planning and Scoping

Planning and Scoping questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Planning and Scoping exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Planning and Scoping questions

20 questions · select your answer, then reveal the explanation

A penetration tester is hired to assess the security of a company's internal network. The tester is given full network diagrams, credentials, and source code. Which type of penetration test is being performed?

Question 2mediummultiple choice
Read the full wireless explanation →

During a pre-engagement meeting, the client states that no testing is allowed on the wireless network or on any cloud-based services hosted by third parties. Which part of the engagement documentation would specify these restrictions?

A penetration testing company is contracted to perform a social engineering engagement. The client requests that only employees in the finance department be targeted. Which scoping consideration is most relevant?

A penetration tester discovers evidence of ongoing criminal activity, such as a data breach by an internal employee, during a white box penetration test. The client's legal team has not provided specific instructions on handling such discoveries. According to best practices and legal considerations, what should the tester do first?

Which penetration testing standard provides a structured methodology for conducting penetration tests, including pre-engagement, reconnaissance, and reporting phases?

A company wants to simulate a real-world attack scenario where the penetration tester has no prior knowledge of the environment and must act as an external threat actor. However, the tester is allowed to use social engineering to gain initial access. Which type of engagement is most appropriate?

A penetration tester is conducting a grey box test on a web application. During the test, the tester discovers that the application is hosted on a cloud infrastructure that belongs to a third-party provider. The client did not mention this provider in the scope. What is the best course of action regarding testing this infrastructure?

Which legal framework in the United States prohibits unauthorized access to computer systems and is commonly referenced in penetration testing authorization documents?

A penetration tester is preparing a deliverable for a client. Which of the following should be included in the final report?

A penetration tester is planning a test that involves scanning for vulnerabilities across a large IP range. The client has provided a list of IPs that are in-scope, but the tester notices that some IPs belong to a third-party company hosting a client application. What should the tester do?

Question 11hardmultiple choice
Read the full wireless explanation →

A penetration tester is conducting a wireless penetration test. The client's rules of engagement state that testing must not disrupt production services. During the test, the tester's de-authentication attack causes the company's guest Wi-Fi to go offline. What should the tester do?

Which of the following is the primary purpose of a get-out-of-jail letter in a penetration testing engagement?

A penetration testing company is scoping a test for a client. The client wants to ensure that testing does not impact production systems. Which TWO of the following are appropriate scoping considerations? (Select TWO.)

A penetration tester is preparing a post-engagement deliverable. Which THREE of the following should be included in the final report? (Select THREE.)

Which TWO of the following are types of penetration testing based on the level of knowledge provided to the tester? (Select TWO.)

A penetration tester is hired to perform an assessment where the tester is provided with network diagrams, source code, and administrative credentials. Which type of penetration test is this?

Which document defines the IP ranges that are in scope, testing windows, and emergency stop criteria for a penetration test?

A penetration tester is planning a social engineering engagement targeting employees of a client. The client requests that only non-managerial staff be tested. Which scoping consideration is most directly affected by this request?

During a penetration test, the tester discovers evidence of an ongoing data breach that appears to involve criminal activity unrelated to the test scope. What is the tester's primary responsibility regarding this discovery?

A penetration tester is engaged to test a web application that uses a third-party payment gateway. The client has not obtained permission from the payment gateway provider. Which of the following is the best course of action?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Planning and Scoping sessions

Start a Planning and Scoping only practice session

Every question in these sessions is drawn from the Planning and Scoping domain — nothing else.

Related practice questions

Related PT0-002 topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the PT0-002 exam test about Planning and Scoping?
Planning and Scoping questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Planning and Scoping questions in a focused session?
Yes — the session launcher on this page draws every question from the Planning and Scoping domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other PT0-002 topics?
Use the topic links above to move to related areas, or go back to the PT0-002 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the PT0-002 exam covers. They are not copied from any real exam or dump site.