Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsPT0-002TopicsAttacks and Exploits
Free · No Signup RequiredCompTIA · PT0-002

PT0-002 Attacks and Exploits Practice Questions

20+ practice questions focused on Attacks and Exploits — one of the most tested topics on the CompTIA PenTest+ PT0-002 exam. Each question includes a detailed explanation so you learn why the right answer is correct.

Start Attacks and Exploits Practice

Exam Domains

Planning and ScopingInformation Gathering and Vulnerability ScanningAttacks and ExploitsReporting and CommunicationTools and Code AnalysisAll domains →

Study Tools

Practice TestMock ExamFlashcardsAll Topics

Sample Attacks and Exploits Questions

Practice all 20+ →
1.

A penetration tester has gained a foothold on a Windows server and wants to move laterally to a domain controller. The tester has access to a service account that is a member of the 'Remote Management Users' group on the domain controller. Which of the following tools would be MOST appropriate for lateral movement in this scenario?

A.PsExec
B.MS16-075 exploit
C.WinRM
D.BloodHound

Explanation: WinRM (Windows Remote Management) is the most appropriate tool because the tester's service account is a member of the 'Remote Management Users' group on the domain controller, which grants explicit permission to connect via WinRM over HTTP/HTTPS (ports 5985/5986). This allows direct PowerShell remoting or winrs execution for lateral movement without requiring administrative privileges or additional exploits.

2.

During an internal test, a penetration tester discovers a web application that is vulnerable to Server-Side Template Injection (SSTI). The application uses a template engine that does not sandbox user input. Which of the following payloads would be MOST effective to achieve remote code execution on the server?

A.{{7*7}}
B.<script>alert('xss')</script>
C.${7*7}
D.{{config.__class__.__init__.__globals__['os'].popen('id').read()}}

Explanation: Option D is correct because it exploits Python's object model to access the `os` module via `__class__.__init__.__globals__`, bypassing the template engine's lack of sandboxing. This allows the attacker to execute arbitrary system commands like `id` on the server, achieving remote code execution (RCE). The payload is specific to Jinja2 or similar Python-based template engines that expose built-in objects.

3.

During a penetration test, a tester finds a custom binary that is vulnerable to a stack-based buffer overflow. The binary has DEP enabled but no ASLR. Which of the following exploitation techniques would be MOST effective to achieve code execution?

A.Return-oriented programming (ROP) to bypass DEP
B.Heap spraying to inject shellcode
C.ret2libc to call system() with a controlled argument
D.Stack pivoting to redirect execution to a known location

Explanation: Option C is correct because ret2libc allows the tester to call the system() function from libc with a controlled argument (e.g., "/bin/sh") to spawn a shell, bypassing DEP (which prevents code execution on the stack) without needing to execute shellcode. Since ASLR is disabled, the address of system() and the string "/bin/sh" in libc are predictable, making this technique reliable and effective.

4.

A penetration tester is testing a web application that has input validation blocking single quotes. The tester wants to perform a SQL injection attack. Which of the following techniques would be MOST effective to bypass the filter?

A.Using URL encoding for the single quote (%27)
B.Using double quotes instead of single quotes
C.Using a second-order SQL injection
D.Using a payload without quotes, such as numeric injection

Explanation: Option D is correct because numeric injection does not require quotes at all, directly bypassing the single-quote filter. When the vulnerable parameter expects a numeric value (e.g., an ID), the tester can inject SQL logic like `OR 1=1` without any quotes, making it the most effective technique against input validation that blocks single quotes.

5.

During a web application test, a penetration tester discovers that the application exposes internal object references (e.g., user ID in a URL) and does not properly authorize access. The tester can view other users' private data by simply changing the ID parameter. Which type of vulnerability does this represent?

A.Cross-Site Request Forgery (CSRF)
B.Insecure Direct Object Reference (IDOR)
C.SQL Injection
D.Cross-Site Scripting (XSS)

Explanation: The vulnerability is Insecure Direct Object Reference (IDOR) because the application exposes internal object references (e.g., user ID in a URL) and fails to enforce proper authorization checks. By simply changing the ID parameter, the tester can access other users' private data without authentication or permission validation, which is the hallmark of IDOR.

+15 more Attacks and Exploits questions available

Practice all Attacks and Exploits questions

How to master Attacks and Exploits for PT0-002

1. Baseline your knowledge

Start with 10 questions to gauge your current understanding of Attacks and Exploits. This tells you whether you need a concept refresher or just practice.

2. Review every explanation

For each question — right or wrong — read the full explanation. Understanding why an answer is correct is more valuable than knowing the answer itself.

3. Focus on exam traps

Attacks and Exploits questions on the PT0-002 frequently use trap wording. Look for subtle differences in answers that test your precision, not just general knowledge.

4. Reach 80% consistently

Do repeated sessions until you score 80%+ three times in a row. Then move to mixed-mode practice to test cross-topic recall under realistic conditions.

Frequently asked questions

How many PT0-002 Attacks and Exploits questions are on the real exam?

The exact number varies per candidate. Attacks and Exploits is tested as part of the CompTIA PenTest+ PT0-002 blueprint. Practicing with targeted Attacks and Exploits questions ensures you can handle any format or difficulty that appears.

Are these PT0-002 Attacks and Exploits practice questions free?

Yes. Courseiva provides free PT0-002 practice questions across all exam topics and domains. The platform includes topic-based practice, mock exams, missed-question review, bookmarked questions, and readiness tracking — no account required.

Is Attacks and Exploits one of the harder PT0-002 topics?

Difficulty is subjective, but Attacks and Exploits is a high-priority exam concept tested in multiple ways — direct recall, scenario analysis, and command-output interpretation. Consistent practice is the best way to build confidence.

Ready to practice?

Launch a full Attacks and Exploits practice session with instant scoring and detailed explanations.

Start Attacks and Exploits Practice →

Topic Info

Topic

Attacks and Exploits

Exam

PT0-002

Questions available

20+