Free CompTIA PenTest+ PT0-002: 02 Planning & Scoping + Anki Cards

Ref:📕CompTIA PenTest+ PT0-002 Cert Guide (Certification Guide) 2nd Edition

PenTest+ (PT0-002) Chapter 02. Planning and Scoping a Penetration Testing Assessment

1 / 64

Which type of Non-disclosure agreement (NDA) involves three or more parties, where at least one of the parties is disclosing sensitive information that should not be disclosed to any entity outside the agreement?

2 / 64

What are some of the key items that should be included in your scope and related documentation for penetration testing?

3 / 64

During a penetration testing engagement, what terminology refers to the list of applications, systems, or networks that should not be tested because they are not in the scope?

4 / 64

What are some examples of support resources that might be obtained from the organization for a penetration test?

5 / 64

Which of the following regulations should a penetration tester be familiar with when hired to perform a compliance-based assessment for an organization processing credit card payments?

6 / 64

What is the primary purpose of a Service-level Agreement (SLA) in the context of a penetration testing assessment?

7 / 64

What is the purpose of an SDK in the planning and scoping of a penetration test?

8 / 64

In compliance with PCI DSS, which of the following statements is true regarding the protection of account data in a system component?

9 / 64

What is the role of a PCI forensic investigator (PFI) as defined by the PCI SSC?

10 / 64

What is the purpose of documenting what systems, applications, and networks will be tested during a penetration testing engagement?

11 / 64

Which of the following is NOT a key concept to address and understand in the planning and preparation phase of a penetration testing engagement?

12 / 64

Which of the following is NOT a key concept that must be addressed and understood in the planning and preparation phase of a penetration testing engagement?

13 / 64

What aspects should you consider about your target audience when planning a penetration testing engagement?

14 / 64

Which of the following statements best describes the term ’allow list’ in the context of a penetration testing engagement?

15 / 64

Which of the following is not mentioned in Chapter 1 as a standard or methodology for penetration testing?

16 / 64

What are some important considerations when planning and scoping a penetration testing assessment?

17 / 64

Which of the following statements is false regarding PCI DSS requirements in relation to the account data and its storage?

18 / 64

What is the responsibility of an organization that uses a third party for managing cardholder data according to PCI DSS?

19 / 64

What is the importance of adhering to the specific scope of a penetration testing engagement?

20 / 64

What is the purpose of Simple Object Access Protocol (SOAP) project files in the planning and scoping penetration testing assessment?

21 / 64

Which of the following best describes a Master service agreement (MSA) in the context of a penetration test?

22 / 64

What are some of the key elements dictated by regulations that a penetration tester should pay attention to during an assessment for compliance?

23 / 64

What is an essential piece of information to document when conducting a penetration testing assessment, specifically with respect to the scope of the assessment?

24 / 64

Which type of agreement allows for quick negotiation of work to be performed without the need for renegotiating terms every time, especially beneficial for recurring penetration tests?

25 / 64

What is the responsibility of an organization that leverages a third party to manage cardholder data according to PCI DSS?

26 / 64

Why is it important to include disclaimers in your penetration testing documentation?

27 / 64

What is the goal of implementing Data isolation (also known as network segmentation) in an organization?

28 / 64

What is an ’allow list’ in the context of a penetration testing scope?

29 / 64

Which entity is responsible for initiating and maintaining relationships with merchants for the acceptance of payment cards according to the PCI DSS?

30 / 64

In planning and scoping a penetration testing assessment, what is the meaning of an ’allow list’?

31 / 64

What is the primary difference between unknown-environment testing and known-environment testing in a penetration testing assessment?

32 / 64

What is the role of an ASV (approved scanning vendor) in the context of the Payment Card Industry Security Standards Council (PCI SSC)?

33 / 64

What does the term ’Key Management’ refer to in the context of a penetration testing assessment?

34 / 64

Which of the following types of non-disclosure agreements (NDAs) is best suited when an external organization to your customer is also engaged in the penetration testing engagement?

35 / 64

What is an ’allow list’ in the context of a penetration testing scope?

36 / 64

What is the primary difference between unknown-environment and known-environment penetration testing strategies?

37 / 64

Which of the following defines whether PCI DSS requirements apply in a cardholder data environment?

38 / 64

What is one of the support resources a pen tester might obtain to accelerate the testing of a specific API?

39 / 64

Which of the following documents specifies the activities to be performed during a penetration testing engagement?

40 / 64

What does the Payment Card Industry Data Security Standard (PCI DSS) apply to?

41 / 64

What is the role of the Acquirer as defined in the Payment Card Industry Security Standards Council (PCI SSC)?

42 / 64

Which of the following acts modified and expanded the scope and requirements of the Healthcare Sector HIPAA Security Rule?

43 / 64

According to the PCI DSS, which of the following conditions triggers PCI DSS requirements?

44 / 64

Which of the following is NOT accurate regarding PCI DSS and its applicability to PAN?

45 / 64

What is an ’allow list’ in the context of planning and scoping a penetration testing assessment?

46 / 64

Which of the following is true about regulations concerning the financial sector?

47 / 64

Which one of the following statements accurately describes unknown-environment testing in relation to black-box penetration testing?

48 / 64

Which of the following BEST describes a ’Statement of Work (SOW)’ in relation to a penetration testing engagement?

49 / 64

When performing a penetration test, what is the purpose of a Service-level agreement (SLA)?

50 / 64

What is considered as one of the potential sources of scope creep in a penetration testing engagement?

51 / 64

What is a Bilateral NDA in the context of penetration testing?

52 / 64

What is scope creep in the context of penetration testing?

53 / 64

Which of the following is NOT considered an essential component of a contract for a pen testing engagement?

54 / 64

What is the main aim of the Payment Card Industry Data Security Standard (PCI DSS) regulation in the context of penetration testing?

55 / 64

What is an ’allow list’ in the context of penetration testing?

56 / 64

Which of the following regulations aims to give citizens control of their personal data, particularly within the European Union?

57 / 64

What is the role of API documentation in a penetration testing engagement?

58 / 64

Which role is responsible for carrying out PCI DSS compliance assessments?

59 / 64

Which of the following is NOT a requirement under PCI DSS in relation to stored, processed, or transmitted account data?

60 / 64

What elements are typically included in a rules of engagement document for a penetration testing engagement?

61 / 64

Which one of the following is not a regulatory compliance consideration for penetration testing?

62 / 64

Which important element of regulations is often overlooked, extends into the realm of configuration management, and encompasses requirements on password length, password complexity, session timeout, and multifactor authentication?

63 / 64

Why is proper scoping important in a penetration testing engagement?

64 / 64

Which organization is responsible for developing Payment Card Industry Data Security Standard (PCI DSS)?

Your score is

Share the Post:

Download Your FREE CompTIA PenTest+(PT0-002) Anki Deck!

Email issues? [ [email protected] ]

Share the Post:

Master the essentials of planning and scoping with our CompTIA PenTest+ Chapter 02 practice questions.

This chapter covers crucial topics like defining test boundaries, compliance requirements, and risk analysis.
Understanding these aspects is vital for real-world penetration testing scenarios.
Explore our Free Anki decks for comprehensive preparation.
Visit CompTIA’s official page for more exam insights.

Once you’re ready, advance to Chapter 03: Information Gathering and Vulnerability Scanning to enhance your cybersecurity expertise further.

Related Posts

RSS  
  • WGU Master’s Degree Rankings 2026 | I Asked 3 AIs 300 Times to Find the Best One
    Table of Contents Which WGU Master’s Degree Is Actually Worth It? If you’re considering a master’s degree from WGU and can’t figure out which program to choose — cybersecurity, software engineering, AI/ML, data analytics — you’re not alone. The options are overwhelming, and most comparisons online are either outdated or purely opinion-based. So here’s a […]
  • How I Made $1.3 Million in Cybersecurity (With Exact Revenue Numbers)
    Table of Contents If you’re stuck at $50K–$100K and wondering, “How the hell do people make seven figures?” this is for you.I’m Josh Madakor. In 2025, I made $1.3 million in cybersecurity. Not from a corporate job. Not from VC funding. And definitely not from selling a bullshit course.In this article, I’ll break down everything: […]
  • The Best Laptops for Cyber Security in 2026: Stop Over-Analyzing, Start Building
    Table of Contents Let’s be real: most people think that to get into cyber security, you need to be a “super elite hacker” running 10 different virtual machines on a glowing, heavy-duty gaming laptop. Spoiler alert: That’s just not how the industry works. I’ve spent years in roles ranging from Senior Analyst to Security Engineer, […]