PT0-002 Domain 2: Attacks and Exploits

Two designs were proposed. Design A would validate SQL injection risk. Design B would test for weak password policies. The team must pick the approach aligned with vendor best practices. Which choice is correct?

Multiple choice — select one answer

Answer choices

  1. a. Check vendor default accounts are changed
  2. b. Password spraying with lockout awareness
  3. c. Validate input sanitization on directory queries
  4. d. Parameterized queries and input validation

Architectural breakdown & explanation

Parameterization mitigates SQLi. Compare with Password spraying with lockout awareness: Testing reveals auth weaknesses.

Correct answer(s): d. Parameterized queries and input validation

Exam domain: Domain 2: Attacks and Exploits (45% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the CompTIA PenTest+ bank. Run a full timed practice exam with domain-weighted random questions in your browser.