PT0-002 · topic practice

Attacks and Exploits practice questions

Practise CompTIA PenTest+ PT0-002 Attacks and Exploits practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Attacks and Exploits

What the exam tests

What to know about Attacks and Exploits

Attacks and Exploits questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Attacks and Exploits exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Attacks and Exploits questions

20 questions · select your answer, then reveal the explanation

A penetration tester is conducting an internal network assessment and wants to capture NTLMv2 hashes from Windows hosts without sending any authentication traffic. Which tool and attack technique should the tester use?

During a web application test, the tester discovers a parameter that reflects user input in the response without sanitization. Which type of vulnerability is most likely present?

A tester wants to exploit a Windows service running with SYSTEM privileges that has an unquoted service path containing spaces. Which technique should be used to escalate privileges?

A penetration tester is performing a password attack on a Windows domain and has captured NTLM hashes. Which tool can be used to perform a pass-the-hash attack to gain remote code execution on a target system?

During a web application test, the tester uses sqlmap and identifies a time-based blind SQL injection. Which technique is sqlmap using to extract data?

A penetration tester needs to escalate privileges on a Linux system and finds that the current user can run a specific command with sudo without a password. Which tool should the tester consult to find known exploitation techniques for that command?

A penetration tester is attempting to exploit a server-side request forgery (SSRF) vulnerability in a cloud-hosted web application to access the cloud metadata service. Which IP address should the tester target?

A tester has gained a low-privilege shell on a Windows machine and found that the user has the SeImpersonatePrivilege enabled. Which attack can be used to escalate privileges to SYSTEM?

A penetration tester wants to crack NTLM hashes obtained from a Windows domain. Which hashcat mode should the tester use?

During a penetration test, the tester discovers a JWT token that uses the 'alg:none' header. Which attack does this vulnerability enable?

Question 11hardmultiple choice
Review the full routing breakdown →

A penetration tester has compromised a Linux host and wants to use it as a pivot point to access an internal network that is not directly reachable from the attacker's machine. Which tool can create a SOCKS proxy for routing traffic through the compromised host?

A tester is exploiting a vulnerable web application and wants to perform a UNION-based SQL injection to extract data. Which condition is necessary for a successful UNION attack?

A penetration tester is performing a Kerberoasting attack. Which TWO steps are required for a successful Kerberoasting attack?

A penetration tester is testing a web application and wants to exploit an XXE vulnerability to read sensitive files. Which TWO payloads could be used?

A penetration tester is performing lateral movement in a Windows domain after compromising a workstation. Which THREE techniques can be used to move to another machine?

During an internal penetration test, a tester wants to capture NTLMv2 hashes by poisoning LLMNR and NBT-NS traffic. Which tool should the tester use?

A penetration tester has successfully compromised a Windows machine and wants to perform lateral movement to another machine using captured NTLM hashes. Which tool would allow the tester to pass the hash and execute commands remotely?

During a penetration test, a tester identifies that a web application is vulnerable to Server-Side Request Forgery (SSRF). The tester attempts to access the AWS metadata endpoint to retrieve temporary credentials. Which IP address is commonly used for the cloud metadata endpoint?

A penetration tester is exploiting a SQL injection vulnerability in a login page. The tester wants to extract data from another table without returning data in the original query. Which SQL injection technique should the tester use?

A tester wants to crack NTLM hashes captured from a Windows domain. Which hashcat mode should be used for NTLM hashes?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Attacks and Exploits sessions

Start a Attacks and Exploits only practice session

Every question in these sessions is drawn from the Attacks and Exploits domain — nothing else.

Related practice questions

Related PT0-002 topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the PT0-002 exam test about Attacks and Exploits?
Attacks and Exploits questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Attacks and Exploits questions in a focused session?
Yes — the session launcher on this page draws every question from the Attacks and Exploits domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other PT0-002 topics?
Use the topic links above to move to related areas, or go back to the PT0-002 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the PT0-002 exam covers. They are not copied from any real exam or dump site.