Two designs were proposed. Design A would use credential stuffing responsibly. Design B would identify XSS in web apps. The team must pick the approach aligned with vendor best practices. Which choice is correct?
Multiple choice — select one answer
Answer choices
Architectural breakdown & explanation
Controlled testing validates auth controls. Compare with Test reflected and stored XSS with safe payloads: XSS can steal sessions or deface apps.
Correct answer(s): a. Test with approved wordlists and limits
Exam domain: Domain 2: Attacks and Exploits (45% weight on the official guide).
Official documentation & study links
Practice this certification
This page is one question from the CompTIA PenTest+ bank. Run a full timed practice exam with domain-weighted random questions in your browser.