that executes in a victim's browser. Which vulnerability is this?","acceptedAnswer":{"@type":"Answer","text":"Cross-site scripting (XSS)","comment":"Cross-site scripting occurs when unsanitised input is rendered in the browser, allowing attacker-supplied JavaScript to run in the victim's session context."},"suggestedAnswer":[{"@type":"Answer","text":"Command injection"},{"@type":"Answer","text":"SQL injection"},{"@type":"Answer","text":"Local file inclusion"}]},{"@type":"Question","eduQuestionType":"Multiple choice","text":"A tester positions themselves between two communicating hosts by poisoning the ARP cache to intercept traffic. What is this attack called?","acceptedAnswer":{"@type":"Answer","text":"ARP spoofing (on-path/MITM)","comment":"ARP spoofing sends forged ARP replies so that traffic destined for one host is sent to the attacker instead, enabling an on-path (man-in-the-middle) interception of LAN traffic."},"suggestedAnswer":[{"@type":"Answer","text":"SQL injection"},{"@type":"Answer","text":"Privilege escalation"},{"@type":"Answer","text":"Password spraying"}]},{"@type":"Question","eduQuestionType":"Multiple choice","text":"An attacker tries a single common password such as 'Summer2025!' against many different user accounts to avoid lockouts. What is this technique called?","acceptedAnswer":{"@type":"Answer","text":"Password spraying","comment":"Password spraying attempts one or a few passwords across many accounts, staying under per-account lockout thresholds, in contrast to hammering a single account with many guesses."},"suggestedAnswer":[{"@type":"Answer","text":"Brute-force attack"},{"@type":"Answer","text":"Dictionary stuffing"},{"@type":"Answer","text":"Rainbow table attack"}]}]}
Log in Start practising free
CompTIA PenTest+

Attacks & Exploits

52 free practice questions with explanations

Practise all 52 questions free →

PassNova has 52 free CompTIA PenTest+ practice questions on Attacks & Exploits, each with a clear explanation. Practise them in the browser with instant feedback — 100% free, no sign-up, on any device. Updated for 2026.

Sample questions

Attacks & Exploits: example questions & answers

Here are 6 example questions from this topic. Practise the full set of 52 free in the browser.

  1. A web application accepts the input ' OR '1'='1 in a login field and grants access. Which vulnerability does this demonstrate?

    • A SQL injection
    • B Cross-site request forgery (CSRF)
    • C Buffer overflow
    • D Cross-site scripting (XSS)

    Answer: The payload manipulates the SQL query logic so the WHERE clause always evaluates true, bypassing authentication, which is a classic SQL injection.

  2. A tester captures NTLMv2 hashes from a Windows network using Responder, then uses them to authenticate to another host without cracking them. What is this technique called?

    • A Golden ticket
    • B Kerberoasting
    • C Pass-the-hash
    • D Pass-the-ticket

    Answer: Pass-the-hash reuses a captured password hash directly to authenticate to other systems via NTLM, avoiding the need to crack the plaintext password.

  3. Which attack requests Kerberos service tickets for accounts with Service Principal Names (SPNs) and cracks them offline to recover service account passwords?

    • A ARP spoofing
    • B DNS poisoning
    • C Smurf attack
    • D Kerberoasting

    Answer: Kerberoasting requests TGS tickets for SPN-associated service accounts; because the ticket is encrypted with the service account's password hash, it can be cracked offline to recover the password.

  4. A web application reflects unsanitised user input back into a page, allowing a tester to inject <script>alert(1)</script> that executes in a victim's browser. Which vulnerability is this?

    • A Command injection
    • B SQL injection
    • C Cross-site scripting (XSS)
    • D Local file inclusion

    Answer: Cross-site scripting occurs when unsanitised input is rendered in the browser, allowing attacker-supplied JavaScript to run in the victim's session context.

  5. A tester positions themselves between two communicating hosts by poisoning the ARP cache to intercept traffic. What is this attack called?

    • A ARP spoofing (on-path/MITM)
    • B SQL injection
    • C Privilege escalation
    • D Password spraying

    Answer: ARP spoofing sends forged ARP replies so that traffic destined for one host is sent to the attacker instead, enabling an on-path (man-in-the-middle) interception of LAN traffic.

  6. An attacker tries a single common password such as 'Summer2025!' against many different user accounts to avoid lockouts. What is this technique called?

    • A Brute-force attack
    • B Password spraying
    • C Dictionary stuffing
    • D Rainbow table attack

    Answer: Password spraying attempts one or a few passwords across many accounts, staying under per-account lockout thresholds, in contrast to hammering a single account with many guesses.

Start practising Attacks & Exploits →
More CompTIA PenTest+ topics

Practise another topic

Information Gathering & Vulnerability Scanning46 questions Tools & Code Analysis38 questions Planning & Scoping36 questions Reporting & Communication28 questions
← Back to CompTIA PenTest+