Attacks and Exploits Questions
Practice questions for Attacks and Exploits topic in CompTIA PenTest+. 34 questions covering this domain.
A penetration tester is testing a web application login form and suspects it may be vulnerable to SQL injection. Which input would BEST serve as an in...
Which type of network attack involves an attacker inserting themselves between two communicating parties to intercept, read, or modify their traffic?
A penetration tester is performing an IAM misconfiguration assessment in an AWS environment and discovers that an IAM user has the policy `Administrat...
A penetration tester is performing an on-path (man-in-the-middle) attack on a local network segment to intercept traffic between a client and a server...
A penetration tester is performing a password attack against an Active Directory environment and wants to avoid triggering account lockout policies. W...
A penetration tester is evaluating the security of an AI-powered chatbot deployed by a client. The tester crafts a message that instructs the AI to ig...
A penetration tester is performing a web application assessment and observes that the application includes user-controlled input in XML that is proces...
During a network penetration test, a tester performs a VLAN hopping attack using double tagging. What is the PREREQUISITE condition that makes double-...
A penetration tester is performing a web application test and discovers that the application constructs file paths using user-supplied input without v...
A penetration tester has obtained a shell on a Windows server and wants to dump credentials from memory. Which tool is MOST commonly used for this pur...
Which attack technique involves capturing a user's authentication hash and using it directly to authenticate to other systems without cracking the pla...
A penetration tester has gained initial access to a Linux system and wants to escalate privileges. Running `sudo -l` reveals the following:\n\n```text...
A penetration tester is testing a cloud environment and discovers that an EC2 instance has the Instance Metadata Service (IMDS) accessible without IMD...
A penetration tester wants to perform a Kerberoasting attack in an Active Directory environment. What is the FIRST step required to execute this attac...
Which attack technique involves attempting to authenticate using large lists of previously compromised username and password pairs obtained from other...
A penetration tester is conducting a web application test and identifies that the application reflects user input in the page response without encodin...
A penetration tester is testing a containerized environment and successfully escapes from a Docker container to the host system. Which condition MOST ...
A penetration tester discovers that a web application login page is not enforcing account lockout after multiple failed attempts. Which attack does th...
A penetration tester discovers that a Windows host is vulnerable to PrintNightmare (CVE-2021-34527). What does successful exploitation of this vulnera...
A penetration tester is performing a network attack during an internal engagement and successfully captures NTLMv2 hashes using Responder. The hashes ...
Sign in to see all 34 questions
Create a free account to browse all questions — completely free during our launch phase.