PracticeStudy GuidesBlogFlashcardsPartner
All Practice Exams

200+ Free OSCP Practice Questions

Pass your Offensive Security Certified Professional (PEN-200) exam on the first try — instant access, no signup required.

✓ No registration✓ No credit card✓ No hidden fees✓ Start practicing immediately
~30-40% Pass Rate
200+ Questions
100% Free

Choose Your Practice Session

Select how many questions you want to practice

Questions by Category

Oscp-Enumeration50 questions
Oscp-Exploitation50 questions
Oscp-Active-Directory34 questions
Oscp-Post-Exploitation26 questions
Oscp-Privilege-Escalation24 questions
Oscp-Methodology11 questions
Oscp-Reporting5 questions
2026 Statistics

Key Facts: OSCP Exam

~30-40%

First-Attempt Pass Rate

Industry estimate

70/100

Passing Score

Offensive Security

23h 45m

Exam Duration

Offensive Security

$1,499+

Course + Exam

Offensive Security

24 hours

Report Due

Offensive Security

3 + 1 AD

Targets

OSCP Exam

The OSCP (Offensive Security Certified Professional) is the industry's most respected hands-on penetration testing certification. The 24-hour practical exam requires compromising 3 standalone targets (20 points each) and 1 Active Directory set (40 points) to achieve 70/100 passing score. This practice exam tests theoretical knowledge; actual OSCP requires live exploitation. PEN-200 course + exam package costs $1,499-$2,499.

About the OSCP Exam

The OSCP is the world's premier hands-on penetration testing certification. Unlike traditional multiple-choice exams, OSCP requires candidates to exploit multiple target machines in a 24-hour practical exam. This practice test covers the theoretical knowledge needed: enumeration, exploitation techniques, privilege escalation, and Active Directory attacks.

Questions

200 scored questions

Time Limit

23h 45m + 24h reporting

Passing Score

70/100

Exam Fee

$1,499-$2,499 (Offensive Security)

OSCP Exam Content Outline

20%

Information Gathering & Enumeration

Nmap scanning, service enumeration, SMB/SNMP/web enumeration, and reconnaissance techniques

25%

Exploitation Techniques

Manual exploitation, buffer overflows, file transfers, shell upgrades, and payload delivery

25%

Privilege Escalation

Linux privilege escalation (SUID, sudo, kernel exploits), Windows privilege escalation (services, registry, scheduled tasks)

20%

Active Directory Attacks

AD enumeration, Kerberoasting, AS-REP roasting, lateral movement, BloodHound, and Impacket tools

10%

Post-Exploitation & Reporting

Pivoting, tunneling, data exfiltration, and professional report writing with proof compilation

How to Pass the OSCP Exam

What You Need to Know

  • Passing score: 70/100
  • Exam length: 200 questions
  • Time limit: 23h 45m + 24h reporting
  • Exam fee: $1,499-$2,499

Keys to Passing

  • Complete 500+ practice questions
  • Score 80%+ consistently before scheduling
  • Focus on highest-weighted sections
  • Use our AI tutor for tough concepts

OSCP Study Tips from Top Performers

1Master Nmap scanning and service enumeration — accurate enumeration is the foundation of successful exploitation
2Practice manual exploitation — OSCP rewards custom exploits and manual techniques over automated tools
3Build a comprehensive cheat sheet for privilege escalation on both Linux and Windows
4Learn Active Directory attacks thoroughly — the AD set is 40% of your exam score
5Practice buffer overflow exploitation for exploit development understanding (even though removed from exam)
6Develop a systematic methodology and stick to it during the exam
7Take detailed notes during your lab time — you can't remember everything
8Practice report writing — a great technical performance can fail with a poor report
9Complete 200+ practice questions and understand the concepts deeply

Frequently Asked Questions

What is the OSCP exam format?

The OSCP exam is a 24-hour hands-on penetration test starting at 6:00 AM ET. You must compromise 3 standalone machines (20 points each) and 1 Active Directory set (40 points total: 10 for initial access, 10 for each of 3 privilege escalations). You need 70 points to pass. After the exam, you have 24 hours to submit a professional penetration test report with detailed proof screenshots.

What are the OSCP exam restrictions?

Metasploit is restricted — you may only use it on ONE target of your choice. Commercial vulnerability scanners (Nessus Pro, Burp Suite Pro) are NOT allowed. No AI/LLM assistance. No spoofing attacks (ARP, DNS, etc.). You must document all exploits used and provide proof files (proof.txt, local.txt) for each compromised target.

How should I prepare for OSCP?

Complete the PEN-200 course materials and exercises. Practice on the PWK lab networks — aim to compromise 30+ machines including the "big three" (Pain, Sufferance, Ghost). Master buffer overflow exploitation (even though removed from exam, it builds exploit development skills). Practice Active Directory attacks extensively. Build a comprehensive methodology and stick to it. Document everything for your notes.

How hard is the OSCP exam?

OSCP has a 30-40% first-attempt pass rate. It requires both technical skill and mental stamina for the 24-hour exam. The exam tests practical exploitation skills, not just knowledge. Time management is critical — many candidates fail due to poor time allocation. The exam changed in November 2024: buffer overflow was removed, and Active Directory became mandatory with assumed-breach scenarios.

What jobs can I get with OSCP?

OSCP qualifies you for penetration testing roles: Junior Penetration Tester ($70,000-95,000), Penetration Tester ($95,000-140,000), Senior Penetration Tester ($130,000-180,000), Security Consultant ($100,000-160,000), Red Team Operator ($120,000-200,000). OSCP is often a required certification for penetration testing positions and is highly respected by employers.

Is this practice exam like the real OSCP?

No — this is a theoretical multiple-choice practice exam. The real OSCP is a hands-on practical exam where you must actually exploit vulnerable systems. This practice exam helps you learn the concepts, tools, and techniques. However, to pass OSCP, you must practice hands-on exploitation in labs. Use this practice exam to test your knowledge of methodology, tools, and techniques.