PT0-002 Domain 2: Attacks and Exploits

A company needs to test API authentication. Which option meets the requirement with the LEAST implementation effort?

Multiple choice — select one answer

Answer choices

  1. a. Validate local and domain privilege boundaries
  2. b. Broken object level authorization checks
  3. c. Approved templates and metrics
  4. d. Parameterized queries and input validation

Architectural breakdown & explanation

API flaws are common in modern apps.

Correct answer(s): b. Broken object level authorization checks

Exam domain: Domain 2: Attacks and Exploits (45% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the CompTIA PenTest+ bank. Run a full timed practice exam with domain-weighted random questions in your browser.