PT0-002 Domain 2: Attacks and Exploits

Two designs were proposed. Design A would test for weak password policies. Design B would enumerate external attack surface. The team must pick the approach aligned with vendor best practices. Which choice is correct?

Multiple choice — select one answer

Answer choices

  1. a. Parameterized queries and input validation
  2. b. Password spraying with lockout awareness
  3. c. Validate guest vs corporate isolation
  4. d. OSINT and scoped port discovery

Architectural breakdown & explanation

Testing reveals auth weaknesses. Compare with OSINT and scoped port discovery: Enumeration informs prioritization.

Correct answer(s): b. Password spraying with lockout awareness

Exam domain: Domain 2: Attacks and Exploits (45% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the CompTIA PenTest+ bank. Run a full timed practice exam with domain-weighted random questions in your browser.