CompTIA PenTest+ Questions and Answers
100 questions organized by topic with detailed explanations
CompTIA
PT0-003
100 questions
5 topics
Updated May 2026Engagement Management
14 questions4 easy6 medium4 hard~13% of exam
During a penetration test, the tester discovers evidence of an active data breach unrelated to the test. According to en...After completing a penetration test, the tester is preparing the final report. The client asks the tester to remove a cr...A client requests a penetration test of their environment but insists that only two IT administrators know about the tes...
Reconnaissance and Enumeration
21 questions5 easy10 medium6 hard~21% of exam
A penetration tester uses the Shodan search engine during reconnaissance. What type of information can Shodan provide ab...A penetration tester wants to identify email addresses, subdomains, and employee names associated with a target company ...During passive reconnaissance, a penetration tester reviews SSL/TLS certificate transparency logs for the target domain....
Vulnerability Discovery and Analysis
17 questions4 easy8 medium5 hard~17% of exam
A penetration tester is using Nikto to scan a web server. What category of vulnerabilities is Nikto PRIMARILY designed t...What is the term for a vulnerability scan result that incorrectly reports a vulnerability on a system that is NOT actual...A penetration tester is performing DAST (Dynamic Application Security Testing) on a web application. Which characteristi...
Attacks and Exploits
34 questions6 easy16 medium12 hard~35% of exam
A penetration tester is testing a web application login form and suspects it may be vulnerable to SQL injection. Which i...Which type of network attack involves an attacker inserting themselves between two communicating parties to intercept, r...A penetration tester is performing an IAM misconfiguration assessment in an AWS environment and discovers that an IAM us...
Post-Exploitation and Lateral Movement
14 questions2 easy6 medium6 hard~14% of exam
Which term describes the technique of maintaining access to a compromised system across reboots or credential changes, s...A penetration tester has compromised a host within a target network and wants to access an internal web application on a...A penetration tester has compromised a Windows workstation in a domain environment and wants to move laterally to a doma...
All Questions
| # | Question | Topic | Difficulty |
|---|---|---|---|
| 1 | A penetration tester uses the Shodan search engine during reconnaissance. What type of information c... | Reconnaissance and Enumeration | medium |
| 2 | Which term describes the technique of maintaining access to a compromised system across reboots or c... | Post-Exploitation and Lateral Movement | easy |
| 3 | A penetration tester is using Nikto to scan a web server. What category of vulnerabilities is Nikto ... | Vulnerability Discovery and Analysis | medium |
| 4 | A penetration tester wants to identify email addresses, subdomains, and employee names associated wi... | Reconnaissance and Enumeration | medium |
| 5 | A penetration tester has compromised a host within a target network and wants to access an internal ... | Post-Exploitation and Lateral Movement | medium |
Sign in to see all 100 questions
Create a free account to browse all questions — completely free during our launch phase.
Ready to test your knowledge?
Take a full CompTIA PenTest+ practice test with timed exam simulation.
Start Practice Test