CompTIA PenTest+ — free practice exam
63 original practice questions aligned to official exam domains. Run a timed, domain-weighted quiz in your browser — no login required.
Exam domains
| Domain | Weight |
|---|---|
| Domain 1: Planning and Scoping | 20% |
| Domain 2: Attacks and Exploits | 45% |
| Domain 3: Reporting and Communication | 35% |
Sample practice questions
- An audit found gaps: the organization must obtain written authorization. Which option addresses this?
- An audit found gaps: the organization must include reproduction steps. Which option addresses this?
- A company needs to communicate findings to leadership. Which option meets the requirement with the LEAST…
- A company needs to define rules of engagement. Which option meets the requirement with the LEAST implementation effort?
- A company needs to enumerate external attack surface. Which option meets the requirement with the LEAST implementation…
- A company needs to exploit misconfigured cloud storage. Which option meets the requirement with the LEAST…
- A company needs to include reproduction steps. Which option meets the requirement with the LEAST implementation effort?
- A company needs to map findings to remediation owners. Which option meets the requirement with the LEAST…
- A company needs to test API authentication. Which option meets the requirement with the LEAST implementation effort?
- For cost and security, the team must obtain written authorization. What is the recommended approach?
- For cost and security, the team must map findings to remediation owners. What is the recommended approach?
- After a design review, leadership requires the team to validate SQL injection risk. Which approach is MOST reliable?
- After a design review, leadership requires the team to perform privilege escalation checks. Which approach is MOST…
- After a design review, leadership requires the team to perform phishing simulation. Which approach is MOST reliable?
- After a design review, leadership requires the team to map findings to remediation owners. Which approach is MOST…
- After a design review, leadership requires the team to communicate findings to leadership. Which approach is MOST…
- After a design review, leadership requires the team to include reproduction steps. Which approach is MOST reliable?
- Two designs were proposed. Design A would define rules of engagement. Design B would obtain written authorization. The…
- Two designs were proposed. Design A would obtain written authorization. Design B would define out-of-scope assets. The…
- Two designs were proposed. Design A would define out-of-scope assets. Design B would define rules of engagement. The…
- Two designs were proposed. Design A would validate SQL injection risk. Design B would test for weak password policies.…
- Two designs were proposed. Design A would test for weak password policies. Design B would enumerate external attack…
- Two designs were proposed. Design A would enumerate external attack surface. Design B would exploit misconfigured…
- Two designs were proposed. Design A would exploit misconfigured cloud storage. Design B would test wireless…
Browse all 63 indexed questions for this exam.