Practice Attacks & Exploits Questions Now

Start a timed practice session focusing on Attacks and Exploits topics from the PENTEST question bank.

PENTEST Attacks & Exploits Question Bank (7 Questions)

Browse all 7 practice questions covering Attacks and Exploits for the PENTEST certification exam. Each question includes the full answer and a detailed explanation to help you understand the concepts.

Question 1Attacks & Exploits
A penetration tester has discovered a vulnerable service on the target. Which Metasploit command is used to configure and launch an exploit against the target?
Asearch
Buse <exploit> followed by set options and run✓
Cdb_nmap
Dsessions -l
Show Answer & Explanation
Correct Answer: B
Explanation:
In Metasploit, the workflow is: `use` to select the exploit module, `set` to configure options (RHOSTS, RPORT, payload, etc.), and `run` or `exploit` to launch it. The `search` command finds modules, and `sessions` lists active sessions.
Question 2Attacks & Exploits
A penetration tester has gained a low-privilege shell on a Linux system. They discover a SUID binary owned by root that is vulnerable to a buffer overflow. What can this lead to?
ADenial of service only
BPrivilege escalation to root because SUID binaries run with the owner's permissions✓
CNetwork packet capture
DDNS cache poisoning
Show Answer & Explanation
Correct Answer: B
Explanation:
SUID (Set User ID) binaries execute with the permissions of the file owner, typically root. If a SUID root binary is vulnerable to a buffer overflow, exploiting it allows the attacker to execute arbitrary code as root, achieving privilege escalation from their low-privilege account.
Question 3Attacks & Exploits
A penetration tester on a Linux system runs `sudo -l` and discovers they can execute `/usr/bin/vim` as root without a password. How can this be exploited for privilege escalation?
AVim cannot be used for privilege escalation
BThe tester can spawn a root shell from within vim by running `:!bash` or `:shell`✓
CThe tester must first crack the root password
DThe tester needs to modify the sudoers file first
Show Answer & Explanation
Correct Answer: B
Explanation:
Many Linux binaries including vim, less, find, and python can be used to escape to a shell. Running `sudo vim` followed by `:!bash` or `:shell` within vim spawns a bash shell with root privileges. GTFOBins is a reference for such privilege escalation techniques.
Question 4Attacks & Exploits
On a Windows system, a penetration tester discovers they have SeImpersonatePrivilege. Which exploitation technique can leverage this?
ADLL injection
BPotato family attacks (JuicyPotato, PrintSpoofer, GodPotato) to escalate to SYSTEM✓
CARP spoofing
DDNS tunneling
Show Answer & Explanation
Correct Answer: B
Explanation:
SeImpersonatePrivilege allows a process to impersonate security tokens. The Potato family of exploits (JuicyPotato, SweetPotato, PrintSpoofer, GodPotato) leverage this privilege to create and impersonate a SYSTEM-level token, escalating from a service account to SYSTEM.
Question 5Attacks & Exploits
A penetration tester finds that a buffer overflow vulnerability exists in a network service but DEP (Data Execution Prevention) is enabled. Which technique can be used to bypass DEP?
AIncreasing the buffer size
BReturn-Oriented Programming (ROP) to chain existing code gadgets✓
CUsing a longer NOP sled
DChanging the exploit payload encoding
Show Answer & Explanation
Correct Answer: B
Explanation:
Return-Oriented Programming (ROP) bypasses DEP by chaining together small existing code sequences (gadgets) ending in a return instruction. Since these gadgets are already in executable memory, DEP does not prevent their execution. This eliminates the need to execute code on the stack.
Question 6Attacks & Exploits
A penetration tester on a Linux system finds a cron job running a script as root, and the script file is world-writable. How can this be exploited?
AThe tester must wait for the cron job to be removed
BThe tester can modify the script to add a reverse shell or change /etc/sudoers, and it will execute as root when the cron job triggers✓
CCron jobs always run as the current user
DThe tester needs to restart the cron service first
Show Answer & Explanation
Correct Answer: B
Explanation:
If a root-owned cron job executes a world-writable script, any user can modify that script. By inserting a reverse shell command or modifying /etc/sudoers to grant themselves sudo access, the attacker's code will execute with root privileges when the cron job next runs.
Question 7Attacks & Exploits
Which of the following payload types provides the MOST interactive post-exploitation capabilities in Metasploit?
Awindows/shell/reverse_tcp (staged shell)
Bwindows/meterpreter/reverse_tcp (Meterpreter)✓
Cwindows/exec (single command execution)
Dgeneric/shell_bind_tcp (bind shell)
Show Answer & Explanation
Correct Answer: B
Explanation:
Meterpreter is Metasploit's advanced payload that provides rich post-exploitation capabilities including file system access, screenshot capture, keylogging, privilege escalation, pivoting, and persistence. Standard shell payloads only provide a basic command prompt with limited functionality.

Key Attacks & Exploits Concepts for PENTEST

exploitattackmetasploitbuffer overflowprivilege escalationlateral movement

PENTEST Attacks & Exploits Exam Tips

Attacks and Exploits questions in PENTEST are typically scenario-based. Focus on service-level decision making aligned to official exam objectives. Priority concepts: exploit, attack, metasploit, buffer overflow, privilege escalation, lateral movement.

What PENTEST Expects

Anchor your answer in select the most practical, secure, and scalable answer for the stated scenario.
Attacks & Exploits scenarios for PENTEST are frequently mapped to Domain 3 (30%), so read the objective carefully before picking controls or architecture.
Expect multi-service scenarios where Attacks & Exploits interacts with IAM, networking, storage, or observability patterns rather than appearing as an isolated service question.
When two options are both technically valid, prefer the choice that best aligns with the exam's operational scope (Professional) and managed-service best practices.

High-Value Attacks & Exploits Concepts

Know the core Attacks & Exploits building blocks cold: exploit, attack, metasploit, buffer overflow.
Review the edge-case features and limits for privilege escalation, lateral movement; these details are commonly used to differentiate answer choices.
Practice service-integration reasoning: how Attacks & Exploits pairs with Information Gathering, Reporting in real deployment patterns.
For PENTEST, explain why the chosen Attacks & Exploits design meets reliability, security, and cost expectations better than the alternatives.

Common PENTEST Traps

Watch for answers that partially solve the requirement but miss operational constraints.
Questions in Attacks and Exploits often include distractors that look correct for Attacks & Exploits but violate least-privilege, durability, or availability requirements.
Avoid picking options purely by feature name; validate data path, failure handling, and governance impact before answering.
If the prompt hints at automation or repeatability, eliminate manual-only operational answers first.

Fast Review Checklist

Can you compare at least two Attacks & Exploits implementation paths and justify which one best fits the scenario?
Can you map the chosen answer back to Attacks and Exploits (30%) outcomes for PENTEST?
Can you explain security and access boundaries for Attacks & Exploits without relying on default-open assumptions?
Can you describe how Attacks & Exploits integrates with Information Gathering and Reporting during failure, scaling, and monitoring events?

Exam Domains Covering Attacks & Exploits

Domain 3Attacks and Exploits30%

Related Resources

🎯 Free PENTEST Mock Exam 📝 Information Gathering Questions 📝 Reporting Questions

More PENTEST Study Resources

← PENTEST Study Hub 30-Day Study Plan Full Practice Exam

⚔️ Attacks and Exploits - PENTEST Practice Questions