Pentest Methodology — CompTIA PenTest+ (PT0-002) Practice Questions
Pentest methodology refers to the structured, repeatable process used to plan, execute, and report on a penetration test engagement. PT0-002 maps its objectives to a lifecycle that includes pre-engagement (scoping, legal agreements, rules of engagement), reconnaissance, scanning and enumeration, exploitation, post-exploitation, and reporting. Candidates must understand the purpose and key activities of each phase, how phases feed into one another, and how to select appropriate techniques based on scope and target environment. Knowing methodology also helps testers defend the professional legitimacy of their work and communicate clearly with clients.
Free questions on pentest methodology
Which of the following is NOT a common information gathering technique?
Free question · medium · full answer + explanation
More pentest methodology questions in the full bank
- A penetration tester discovers that a critical server uses an outdated Apache version with known CVE vulnerabilities. However, the server is protected by a WAF that blocks known exploit payloads. What advanced approach should the tester consider? Unlock answer & explanation →
- How should API parameter validation be tested for security? Unlock answer & explanation →
- What is the PRIMARY purpose of establishing Rules of Engagement (RoE) before a penetration test? Unlock answer & explanation →