Question 1mediummultiple choice
Full question →PT0-002 · topic practice
Attacks And Exploits practice questions
Use this page to practise PT0-002 Attacks And Exploits practice questions. The goal is not to memorise dumps, but to understand the concept, review the explanation and improve your exam readiness.
What the exam tests
What to know about Attacks And Exploits
Attacks And Exploits questions test whether you can apply the concept in context, not just recognise a definition.
How the topic appears in realistic exam-style scenarios.
Which detail in the question changes the correct answer.
How to eliminate plausible but wrong options.
How to connect the question back to the wider exam objective.
Practice set
Attacks And Exploits questions
20 questions · select your answer, then reveal the explanation
Question 2mediummultiple choice
Full question →A penetration tester has obtained the NTLM hash of a local administrator account on a Windows domain-joined system. The tester wants to use this hash to authenticate to another system on the network and execute commands remotely. Which tool is commonly used for pass-the-hash attacks to achieve remote code execution?
Question 3mediummultiple choice
Full question →A penetration tester has gained access to a Windows domain and wants to perform a Kerberoasting attack. Which account privileges are required to request service tickets for Kerberoasting?
Question 4easymultiple choice
Full question →A penetration tester is analyzing a Python script that uses the 'socket' library. The script creates a socket, connects to a target IP and port, sends a payload, and then receives a response. The script is most likely designed for which type of attack?
Question 5easymultiple choice
Full question →A company wants to test the security of their internet-facing web application without impacting production servers or user data. The tester must be authorized to attempt authentication bypass and SQL injection. Which item is most critical to include in the scope definition to ensure the test is focused and lawful?
Question 6mediummultiple choice
Full question →A penetration tester discovers a web application that deserializes user-controlled data without validation. The application uses Java serialization. The tester creates a malicious serialized object that executes a system command. Which of the following conditions is required for this exploit to succeed?
Question 7easymultiple choice
Full question →A client wants to conduct a penetration test of their web application, but they are concerned about potential service disruption. They request that the tester avoid using any techniques that could cause the application to crash or become unresponsive. Which of the following should the tester include in the rules of engagement to address this requirement?
Question 8easymultiple choice
Full question →A penetration tester wants to perform DNS brute-force enumeration to discover subdomains of a target domain. Which tool is specifically designed for this purpose?
Question 9easymultiple choice
Full question →A penetration testing firm is hired to assess the security of a small business's web application. The client has explicitly stated that they do not want any testing that could cause a denial of service. Which section of the rules of engagement should specify this restriction?
Question 10hardmultiple choice
Full question →During a penetration test, a tester gains access to a Linux server as a low-privileged user. The server has a cron job that executes a script owned by root but writable by the tester's group. Which privilege escalation technique should the tester use?
Question 11mediummultiple choice
Full question →A penetration tester is attempting a pass-the-hash (PtH) attack against a Windows domain-joined machine. The tester has obtained the NTLM hash of a local administrator account. Which tool can be used directly to authenticate using the hash to gain remote command execution?
Question 12mediummultiple choice
Full question →During a penetration test, a tester has access to a Windows domain-joined machine. The tester finds that the machine is running a service that uses named pipes for interprocess communication. The tester wants to perform a relay attack to capture authentication credentials. Which of the following conditions is necessary for an SMB relay attack to succeed?
Question 13mediummultiple choice
Full question →During a penetration test, the tester exploits a local file inclusion (LFI) vulnerability to read /etc/passwd. The tester then wants to achieve remote code execution. Which technique is most likely to succeed if the web application is running as the www-data user?
Question 14mediummultiple choice
Full question →A client is planning a penetration test of their internal network but refuses to provide network diagrams or access to a staging environment. The tester is concerned about causing a denial of service (DoS) on critical systems. Which clause should be included in the rules of engagement to mitigate this risk?
Question 15easymultiple choice
Full question →A client wants to conduct a penetration test of their e-commerce website. They are concerned about impacting live transactions. Which clause should be included in the Rules of Engagement to address this?
Question 16easymultiple choice
Full question →A client wants a penetration test that includes social engineering attacks against employees. They request that the testing team not target the executive leadership team. What should be included in the rules of engagement to address this requirement?
Question 17easymultiple choice
Full question →A penetration tester gains access to a web application that uses a MongoDB backend. The tester discovers that the search functionality directly interpolates user input into a NoSQL query without sanitization. Which technique should the tester use to extract data from the database?
Question 18mediummultiple choice
Full question →A penetration tester has gained a foothold on a Windows server running IIS. The tester wants to perform an SMB relay attack to move laterally within the domain. Which of the following conditions must be met for this attack to succeed?
Question 19mediummultiple choice
Full question →A penetration tester is analyzing a Python script that uses the Impacket library to perform an SMB relay attack. The script is failing to capture NTLM hashes from target machines. Which part of the script is MOST likely misconfigured?
Question 20mediummultiple choice
Full question →A penetration tester is analyzing a Python script used for web application testing. The script imports the 'socket' module and uses it to create a raw socket. Which of the following is the most likely purpose of the script?
Watch out for
Common Attacks And Exploits exam traps
- ▸Answering from memory before reading the full scenario.
- ▸Missing a constraint such as cost, availability, security, scope or command context.
- ▸Choosing a broad answer when the question asks for the most specific fix.
- ▸Ignoring why the wrong options are tempting.
Free account
Track your progress over time
Create a free account to save your results and see which topics improve across sessions.
Focused Attacks And Exploits sessions
Start a Attacks And Exploits only practice session
Every question in these sessions is drawn from the Attacks And Exploits domain — nothing else.
Related practice questions
Related PT0-002 topic practice pages
Move into related areas when this topic feels solid.
Frequently asked questions
- What does the PT0-002 exam test about Attacks And Exploits?
- Attacks And Exploits questions test whether you can apply the concept in context, not just recognise a definition.
- How should I use these practice questions?
- Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
- Can I practise just Attacks And Exploits questions in a focused session?
- Yes — the session launcher on this page draws every question from the Attacks And Exploits domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
- Where can I practise other PT0-002 topics?
- Use the topic links above to move to related areas, or go back to the PT0-002 question bank to see all topics.
- Are these real exam questions or dumps?
- These are original practice questions written to test the same concepts the PT0-002 exam covers. They are not copied from any real exam or dump site.
Track your progress
A free account saves results across sessions and highlights which topics need work.
Sign up freeStudy resources
Exam traps to avoid
- ▸Answering from memory before reading the full scenario.
- ▸Missing a constraint such as cost, availability, security, scope or command context.
- ▸Choosing a broad answer when the question asks for the most specific fix.
- ▸Ignoring why the wrong options are tempting.