20+ practice questions focused on Attacks and Exploits — one of the most tested topics on the CompTIA PenTest+ PT0-002 exam. Each question includes a detailed explanation so you learn why the right answer is correct.
Start Attacks and Exploits PracticeA penetration tester has gained a foothold on a Windows server and wants to move laterally to a domain controller. The tester has access to a service account that is a member of the 'Remote Management Users' group on the domain controller. Which of the following tools would be MOST appropriate for lateral movement in this scenario?
Explanation: WinRM (Windows Remote Management) is the most appropriate tool because the tester's service account is a member of the 'Remote Management Users' group on the domain controller, which grants explicit permission to connect via WinRM over HTTP/HTTPS (ports 5985/5986). This allows direct PowerShell remoting or winrs execution for lateral movement without requiring administrative privileges or additional exploits.
During an internal test, a penetration tester discovers a web application that is vulnerable to Server-Side Template Injection (SSTI). The application uses a template engine that does not sandbox user input. Which of the following payloads would be MOST effective to achieve remote code execution on the server?
Explanation: Option D is correct because it exploits Python's object model to access the `os` module via `__class__.__init__.__globals__`, bypassing the template engine's lack of sandboxing. This allows the attacker to execute arbitrary system commands like `id` on the server, achieving remote code execution (RCE). The payload is specific to Jinja2 or similar Python-based template engines that expose built-in objects.
During a penetration test, a tester finds a custom binary that is vulnerable to a stack-based buffer overflow. The binary has DEP enabled but no ASLR. Which of the following exploitation techniques would be MOST effective to achieve code execution?
Explanation: Option C is correct because ret2libc allows the tester to call the system() function from libc with a controlled argument (e.g., "/bin/sh") to spawn a shell, bypassing DEP (which prevents code execution on the stack) without needing to execute shellcode. Since ASLR is disabled, the address of system() and the string "/bin/sh" in libc are predictable, making this technique reliable and effective.
A penetration tester is testing a web application that has input validation blocking single quotes. The tester wants to perform a SQL injection attack. Which of the following techniques would be MOST effective to bypass the filter?
Explanation: Option D is correct because numeric injection does not require quotes at all, directly bypassing the single-quote filter. When the vulnerable parameter expects a numeric value (e.g., an ID), the tester can inject SQL logic like `OR 1=1` without any quotes, making it the most effective technique against input validation that blocks single quotes.
During a web application test, a penetration tester discovers that the application exposes internal object references (e.g., user ID in a URL) and does not properly authorize access. The tester can view other users' private data by simply changing the ID parameter. Which type of vulnerability does this represent?
Explanation: The vulnerability is Insecure Direct Object Reference (IDOR) because the application exposes internal object references (e.g., user ID in a URL) and fails to enforce proper authorization checks. By simply changing the ID parameter, the tester can access other users' private data without authentication or permission validation, which is the hallmark of IDOR.
+15 more Attacks and Exploits questions available
Practice all Attacks and Exploits questions1. Baseline your knowledge
Start with 10 questions to gauge your current understanding of Attacks and Exploits. This tells you whether you need a concept refresher or just practice.
2. Review every explanation
For each question — right or wrong — read the full explanation. Understanding why an answer is correct is more valuable than knowing the answer itself.
3. Focus on exam traps
Attacks and Exploits questions on the PT0-002 frequently use trap wording. Look for subtle differences in answers that test your precision, not just general knowledge.
4. Reach 80% consistently
Do repeated sessions until you score 80%+ three times in a row. Then move to mixed-mode practice to test cross-topic recall under realistic conditions.
The exact number varies per candidate. Attacks and Exploits is tested as part of the CompTIA PenTest+ PT0-002 blueprint. Practicing with targeted Attacks and Exploits questions ensures you can handle any format or difficulty that appears.
Yes. Courseiva provides free PT0-002 practice questions across all exam topics and domains. The platform includes topic-based practice, mock exams, missed-question review, bookmarked questions, and readiness tracking — no account required.
Difficulty is subjective, but Attacks and Exploits is a high-priority exam concept tested in multiple ways — direct recall, scenario analysis, and command-output interpretation. Consistent practice is the best way to build confidence.
Launch a full Attacks and Exploits practice session with instant scoring and detailed explanations.
Start Attacks and Exploits Practice →