Free PenTest+ Practice

Free CompTIA PenTest+ Quiz

Test your CompTIA PenTest+ (PT0-002) knowledge with this free practice quiz. Questions cover planning and scoping, information gathering, attacks and exploits (network, web app, wireless, social engineering), reporting, and pentest tooling.

Ideal for Australian IT security professionals pursuing vendor-neutral penetration testing certification.

Explore IT Courses

PenTest+ Ready? Start the Free Quiz

Answer the multiple-choice questions below and submit to see how many you got right. A new randomised set is drawn from the question bank each session.

Select an answer to start0%
01Which document formally authorizes a penetration tester to conduct security testing against a specific target?
02What is the primary purpose of defining the scope during penetration test planning?
03A client asks for a penetration test where the testers are given full knowledge of the internal network architecture, credentials, and source code. What type of test is this?
04Which concept describes the legal agreement between a penetration tester and client that prevents disclosure of confidential information obtained during an engagement?
05During a penetration test kickoff meeting, the client specifies that production databases must not be tested during business hours. This restriction is documented in which artifact?
06A penetration tester accidentally discovers evidence of an active data breach by a third party while performing a contracted test. What is the most appropriate immediate action?
07What does the term 'threat modeling' involve in the context of penetration test planning?
08Which penetration testing methodology is developed and maintained by PTES (Penetration Testing Execution Standard)?
09Which Nmap scan type sends TCP SYN packets and does not complete the three-way handshake, making it less likely to be logged by the target?
10A penetration tester uses the command 'whois example.com'. What type of reconnaissance is this?
11Which tool is primarily used for Open Source Intelligence (OSINT) gathering and can automate the collection of emails, subdomains, hosts, and employee names?
12What does the Nmap output 'filtered' indicate for a scanned port?
13During DNS enumeration, which record type would a penetration tester query to discover all mail servers for a domain?
14A tester uses Shodan to identify internet-facing devices belonging to a client. Which category of reconnaissance does this represent?
15Which vulnerability scanning tool is widely used in enterprise environments and produces detailed reports that categorize vulnerabilities by severity using the CVSS scoring system?
16What is the purpose of a banner grab during information gathering?
17Which Nmap script category is used specifically to enumerate vulnerabilities on discovered services?
18Which attack involves sending a large volume of TCP SYN packets to a target without completing the three-way handshake, exhausting server resources?
19A penetration tester uses Responder to capture NTLMv2 hashes on a Windows network. What vulnerability is being exploited?
20Which technique involves an attacker inserting themselves between two communicating parties to intercept and potentially alter communications?
21A tester runs 'arpspoof -i eth0 -t 192.168.1.10 192.168.1.1'. What is the purpose of this command?
22Which Metasploit module type is used to maintain access on a compromised system after initial exploitation?
23What is a 'pivot' in the context of penetration testing?
24Which tool is commonly used to perform password spraying attacks against Active Directory environments?
25What does the term 'Pass-the-Hash' (PtH) describe in a Windows environment?
Ask anything!