Question 1mediummultiple choice
Full question →PT0-002 · topic practice
Tools And Code Analysis practice questions
Use this page to practise PT0-002 Tools And Code Analysis practice questions. The goal is not to memorise dumps, but to understand the concept, review the explanation and improve your exam readiness.
What the exam tests
What to know about Tools And Code Analysis
Tools And Code Analysis questions test whether you can apply the concept in context, not just recognise a definition.
How the topic appears in realistic exam-style scenarios.
Which detail in the question changes the correct answer.
How to eliminate plausible but wrong options.
How to connect the question back to the wider exam objective.
Practice set
Tools And Code Analysis questions
20 questions · select your answer, then reveal the explanation
Question 2mediummulti select
Full question →A penetration tester is performing passive reconnaissance against a target domain. Which of the following resources can be used to gather information about the target without directly sending packets to the target's network? (Select two.) (Choose 2.)
Question 3mediummultiple choice
Full question →A penetration tester is analyzing a PowerShell script that contains the following code: Get-WmiObject -Class Win32_Service | Where-Object {$_.PathName -like "* *"} | Select-Object Name, PathName, State What is the primary purpose of this script?
Question 4easymultiple choice
Full question →A client wants to perform a penetration test on a new web application that is still in development. The application is not yet connected to the internet. Which of the following is the most appropriate scope for this test?
Question 5mediummultiple choice
Full question →A penetration tester has obtained the NTLM hash of a local administrator account on a Windows domain-joined system. The tester wants to use this hash to authenticate to another system on the network and execute commands remotely. Which tool is commonly used for pass-the-hash attacks to achieve remote code execution?
Question 6hardmultiple choice
Full question →A penetration tester has exploited a web application and found that the server has an outbound firewall that restricts all outbound traffic except for DNS queries (UDP 53). The tester has a reverse shell payload that connects back on TCP 443. Which technique can the tester use to exfiltrate data or establish a channel?
Question 7easymultiple choice
Full question →A penetration tester is analyzing a Python script that uses the 'socket' library. The script creates a socket, connects to a target IP and port, sends a payload, and then receives a response. The script is most likely designed for which type of attack?
Question 8mediummultiple choice
Full question →A penetration tester gained low-privileged access to a Linux server and found that the user can run a custom script located at /opt/tool/backup.sh with setuid root. The script begins with a hashbang #!/bin/bash and uses an internal variable defined as BASEDIR=$(dirname $0) to determine paths. Which technique is most likely to allow privilege escalation?
Question 9mediummultiple choice
Full question →A client wants to test a web application that uses multiple third-party APIs for payment processing, shipping, and customer relationship management. The client states that the APIs are critical for operations but cannot be taken offline. Which scoping consideration is most important to include in the rules of engagement?
Question 10hardmultiple choice
Full question →A penetration tester is analyzing a Python script that performs a buffer overflow attack. The script imports the struct module and the socket module. It constructs a payload by packing a pattern of characters, then overwriting a return address with a specific offset. Which of the following is the most critical piece of information the tester must determine before running this script against the target?
Question 11mediummultiple choice
Full question →A penetration tester is analyzing a Python script that uses the requests library to automate web vulnerability scanning. The script sends POST requests with payloads but receives 403 Forbidden responses for many requests, even though manual testing with the same payloads works. Which is the most likely cause?
Question 12mediummultiple choice
Full question →A penetration tester is analyzing a Python script used during a test. The script contains the following code: 'import requests; r = requests.get('http://target', headers={'User-Agent': 'Mozilla/5.0'}); print(r.text)'. What is the primary purpose of setting the User-Agent header in this script?
Question 13mediummultiple choice
Full question →A penetration tester discovers a web application that deserializes user-controlled data without validation. The application uses Java serialization. The tester creates a malicious serialized object that executes a system command. Which of the following conditions is required for this exploit to succeed?
Question 14hardmultiple choice
Full question →A penetration tester gains a foothold on a Linux system with ASLR and NX enabled. The tester identifies a stack buffer overflow in a SUID binary. The binary has no PIE (Position Independent Executable) and is compiled without stack canaries. The tester wants to execute a shell. Which technique should be used?
Question 15hardmultiple choice
Full question →A penetration tester has gained a low-privileged shell on a Linux server and discovers a binary with the SUID bit set owned by root. The binary executes a system command using a relative path without sanitizing user input. Which of the following techniques would the tester MOST likely use to escalate privileges?
Question 16mediummultiple choice
Full question →A client wants to test a mobile app that uses certificate pinning. The penetration tester needs to perform dynamic analysis of the app's network traffic. Which of the following should be included in the rules of engagement to enable this testing?
Question 17hardmultiple choice
Full question →A penetration tester discovers a remote command injection vulnerability in a Java-based web application on a Windows server. The tester wants to execute a PowerShell reverse shell. Which encoding technique is most effective to avoid filter restrictions on special characters?
Question 18easymultiple choice
Full question →A client wants a penetration test of their internal network. They are concerned about causing any disruption to the production systems. The tester should include which of the following in the rules of engagement to address this concern?
Question 19hardmultiple choice
Full question →A penetration tester discovers that a web application uses a vulnerable Java deserialization endpoint. The classpath includes the Apache Commons Collections library. Which attack technique is most likely to achieve remote code execution?
Question 20mediummultiple choice
Full question →A penetration tester discovers a Java application that deserializes user-controlled data without validation. The tester crafts a malicious serialized object that executes a command upon deserialization. The application runs on a Linux server with a standard Java runtime. Which of the following is the most likely outcome if the malicious object is accepted?
Watch out for
Common Tools And Code Analysis exam traps
- ▸Answering from memory before reading the full scenario.
- ▸Missing a constraint such as cost, availability, security, scope or command context.
- ▸Choosing a broad answer when the question asks for the most specific fix.
- ▸Ignoring why the wrong options are tempting.
Free account
Track your progress over time
Create a free account to save your results and see which topics improve across sessions.
Focused Tools And Code Analysis sessions
Start a Tools And Code Analysis only practice session
Every question in these sessions is drawn from the Tools And Code Analysis domain — nothing else.
Related practice questions
Related PT0-002 topic practice pages
Move into related areas when this topic feels solid.
Frequently asked questions
- What does the PT0-002 exam test about Tools And Code Analysis?
- Tools And Code Analysis questions test whether you can apply the concept in context, not just recognise a definition.
- How should I use these practice questions?
- Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
- Can I practise just Tools And Code Analysis questions in a focused session?
- Yes — the session launcher on this page draws every question from the Tools And Code Analysis domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
- Where can I practise other PT0-002 topics?
- Use the topic links above to move to related areas, or go back to the PT0-002 question bank to see all topics.
- Are these real exam questions or dumps?
- These are original practice questions written to test the same concepts the PT0-002 exam covers. They are not copied from any real exam or dump site.
Track your progress
A free account saves results across sessions and highlights which topics need work.
Sign up freeStudy resources
Exam traps to avoid
- ▸Answering from memory before reading the full scenario.
- ▸Missing a constraint such as cost, availability, security, scope or command context.
- ▸Choosing a broad answer when the question asks for the most specific fix.
- ▸Ignoring why the wrong options are tempting.