PT0-002 · topic practice

Scenario practice questions

Practise CompTIA PenTest+ PT0-002 Scenario practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
11 questionsDomain: Scenario

What the exam tests

What to know about Scenario

Scenario questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Scenario exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Scenario questions

11 questions · select your answer, then reveal the explanation

Question 1mediummultiple choice
Read the full Scenario explanation →

A penetration tester has gained a foothold on a Windows server and wants to move laterally to a domain controller. The tester has access to a service account that is a member of the 'Remote Management Users' group on the domain controller. Which of the following tools would be MOST appropriate for lateral movement in this scenario?

Question 2hardmultiple choice
Read the full Scenario explanation →

A penetration tester discovers a remote command injection vulnerability in a Java-based web application on a Windows server. The tester wants to execute a PowerShell reverse shell. Which encoding technique is most effective to avoid filter restrictions on special characters?

Question 3mediummultiple choice
Read the full Scenario explanation →

A penetration tester is using a vulnerability scanner on a web application and notices that many findings are false positives caused by the scanner sending oversized payloads that the application truncates or rejects. Which scanner configuration change would MOST effectively reduce false positives in this scenario?

Question 4easymultiple choice
Read the full Scenario explanation →

A penetration tester is performing a client-side attack against a user. The tester sends an email with a malicious attachment that, when opened, executes a macro that downloads a payload. Which type of attack is this?

Question 5hardmultiple choice
Read the full Scenario explanation →

After completing a penetration test, the lead tester is preparing the executive summary. The client's CISO wants to understand the business impact of a critical vulnerability found in the customer-facing web application. Which of the following is the BEST way to convey this in the report?

Question 6hardmultiple choice
Read the full Scenario explanation →

A penetration tester has compromised a Linux server and wants to move laterally to a Windows server. The Linux server has network access to the Windows server on port 445. The tester has a captured NTLM hash of a domain administrator account. Which technique is most likely to allow the tester to authenticate and execute commands on the Windows server?

Question 7hardmultiple choice
Read the full Scenario explanation →

A vulnerability scanner reports a reflected XSS vulnerability in a web application. Manual testing confirms that the application HTML-encodes all user input in the response. Which scanner misconfiguration is MOST likely causing this false positive?

Question 8easymultiple choice
Read the full Scenario explanation →

A penetration tester is planning a social engineering campaign against a corporation. The goal is to trick the CEO into revealing sensitive information. Which type of attack should the tester use?

Question 9easymultiple choice
Read the full Scenario explanation →

A client requests a penetration test but only provides network diagrams and application credentials. Which type of test is being scoped?

Question 10easymultiple choice
Open the full VLAN trunking answer →

During a penetration test of a corporate network, you discover a Linux server running a custom Python application that handles authentication for a web portal. The server is configured to allow SSH access only from a specific management subnet. You have obtained a limited shell on a different host within the same VLAN as the target server. From your limited shell, you can reach the target server on TCP port 22, but you do not have valid credentials. The Python authentication script uses a flat file database to store user credentials in the format 'username:hashed_password'. You suspect the script has a vulnerability that allows reading arbitrary files, such as the password file. Which of the following actions should you take to exploit this vulnerability?

Question 11hardmultiple choice
Open the full VLAN trunking answer →

A medium-sized e-commerce company, CyberMart, has contracted your penetration testing firm to assess their security posture. The company operates from three physical locations: headquarters, a data center, and a remote warehouse. They have a flat internal network but separate VLANs for production, development, and guest Wi-Fi. CyberMart's CISO insists that the test must be conducted without causing any disruption to the production environment, especially the payment processing system. The test should simulate an external attacker targeting the public-facing web servers and an internal attacker who has gained initial access to the guest network. The CISO also requests that all testing be done during off-peak hours to minimize impact. You are preparing the rules of engagement. Which of the following is the most appropriate action to include in the ROE to satisfy the client's requirements while maintaining a realistic test scenario?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Scenario sessions

Start a Scenario only practice session

Every question in these sessions is drawn from the Scenario domain — nothing else.

Related practice questions

Related PT0-002 topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the PT0-002 exam test about Scenario?
Scenario questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Scenario questions in a focused session?
Yes — the session launcher on this page draws every question from the Scenario domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other PT0-002 topics?
Use the topic links above to move to related areas, or go back to the PT0-002 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the PT0-002 exam covers. They are not copied from any real exam or dump site.