1|Page
COMPTIA PENTEST+ (PT0-002 / PT0-003)
SOLUTION MANUAL – 210+ PRACTICE
QUESTIONS WITH VERIFIED ANSWERS &
DETAILED RATIONALES +
PERFORMANCE-BASED QUESTION (PBQ)
SOLUTIONS | PT0-003 UPDATED
# PART 1: ENGAGEMENT MANAGEMENT (DOMAIN 1 – 13%) –
Questions 1–30
**Q1. A penetration tester is hired to conduct a test with no prior
knowledge of the internal network. The client only provides the
company name and public IP range. Which type of engagement is
this?**
A) White box
B) Gray box
C) Black box
D) Crystal box
**Answer: C**
*Rationale:* A black box test simulates an external attacker with zero
prior knowledge of the target environment. The tester receives only the
,2|Page
company name or public IP range. White box provides full internal
access (credentials, architecture). Gray box provides partial information
(e.g., network diagrams but no credentials) .
**Q2. What is the primary purpose of a "Rules of Engagement" (ROE)
document?**
A) To list the employee salaries
B) To define the boundaries, limitations, and scope of the penetration
test, including prohibited actions, testing windows, and emergency
contacts
C) To report test findings to the board
D) To request additional budget
**Answer: B**
*Rationale:* The Rules of Engagement (ROE) is a critical legal
document that defines the scope, boundaries, and limitations of the
penetration test. It includes testing windows, allowed/forbidden
techniques (e.g., DoS attacks, phishing), emergency contacts, and
authorization signatures. Signing the ROE protects both the tester and
the client .
,3|Page
**Q3. Which regulatory framework might require a healthcare
organization to conduct penetration tests to ensure the security of
electronic protected health information (ePHI)?**
A) PCI DSS
B) HIPAA Security Rule
C) GDPR
D) FISMA
**Answer: B**
*Rationale:* The HIPAA Security Rule requires covered entities and
business associates to conduct regular risk assessments, including
penetration testing, to protect ePHI. PCI DSS applies to credit card
processing. GDPR applies to EU data subjects. FISMA applies to federal
information systems .
**Q4. During a penetration test, the tester discovers a vulnerability that
could lead to immediate customer data exposure but was not within the
original scope. The ROE does not address this situation. What should the
tester do FIRST?**
A) Exploit the vulnerability to demonstrate impact
B) Stop testing immediately
, 4|Page
C) Contact the designated point of contact to discuss the finding
(communication trigger)
D) Include the finding in the final report without mentioning it during
the test
**Answer: C**
*Rationale:* According to engagement management best practices, the
tester must follow the communication escalation path defined in the
ROE. If critical findings are discovered, the tester should immediately
contact the designated point of contact, not wait for the final report.
Many ROEs define communication triggers for critical vulnerabilities .
**Q5. A penetration tester is drafting a report for a client. Which section
is intended for non-technical stakeholders (e.g., executives, board
members)?**
A) Technical findings appendix
B) Executive Summary
C) Exploit code listing
D) Vulnerability details with CVSS scores
**Answer: B**
COMPTIA PENTEST+ (PT0-002 / PT0-003)
SOLUTION MANUAL – 210+ PRACTICE
QUESTIONS WITH VERIFIED ANSWERS &
DETAILED RATIONALES +
PERFORMANCE-BASED QUESTION (PBQ)
SOLUTIONS | PT0-003 UPDATED
# PART 1: ENGAGEMENT MANAGEMENT (DOMAIN 1 – 13%) –
Questions 1–30
**Q1. A penetration tester is hired to conduct a test with no prior
knowledge of the internal network. The client only provides the
company name and public IP range. Which type of engagement is
this?**
A) White box
B) Gray box
C) Black box
D) Crystal box
**Answer: C**
*Rationale:* A black box test simulates an external attacker with zero
prior knowledge of the target environment. The tester receives only the
,2|Page
company name or public IP range. White box provides full internal
access (credentials, architecture). Gray box provides partial information
(e.g., network diagrams but no credentials) .
**Q2. What is the primary purpose of a "Rules of Engagement" (ROE)
document?**
A) To list the employee salaries
B) To define the boundaries, limitations, and scope of the penetration
test, including prohibited actions, testing windows, and emergency
contacts
C) To report test findings to the board
D) To request additional budget
**Answer: B**
*Rationale:* The Rules of Engagement (ROE) is a critical legal
document that defines the scope, boundaries, and limitations of the
penetration test. It includes testing windows, allowed/forbidden
techniques (e.g., DoS attacks, phishing), emergency contacts, and
authorization signatures. Signing the ROE protects both the tester and
the client .
,3|Page
**Q3. Which regulatory framework might require a healthcare
organization to conduct penetration tests to ensure the security of
electronic protected health information (ePHI)?**
A) PCI DSS
B) HIPAA Security Rule
C) GDPR
D) FISMA
**Answer: B**
*Rationale:* The HIPAA Security Rule requires covered entities and
business associates to conduct regular risk assessments, including
penetration testing, to protect ePHI. PCI DSS applies to credit card
processing. GDPR applies to EU data subjects. FISMA applies to federal
information systems .
**Q4. During a penetration test, the tester discovers a vulnerability that
could lead to immediate customer data exposure but was not within the
original scope. The ROE does not address this situation. What should the
tester do FIRST?**
A) Exploit the vulnerability to demonstrate impact
B) Stop testing immediately
, 4|Page
C) Contact the designated point of contact to discuss the finding
(communication trigger)
D) Include the finding in the final report without mentioning it during
the test
**Answer: C**
*Rationale:* According to engagement management best practices, the
tester must follow the communication escalation path defined in the
ROE. If critical findings are discovered, the tester should immediately
contact the designated point of contact, not wait for the final report.
Many ROEs define communication triggers for critical vulnerabilities .
**Q5. A penetration tester is drafting a report for a client. Which section
is intended for non-technical stakeholders (e.g., executives, board
members)?**
A) Technical findings appendix
B) Executive Summary
C) Exploit code listing
D) Vulnerability details with CVSS scores
**Answer: B**
