PT0-002 Domain 2: Attacks and Exploits

Two designs were proposed. Design A would use credential stuffing responsibly. Design B would identify XSS in web apps. The team must pick the approach aligned with vendor best practices. Which choice is correct?

Multiple choice — select one answer

Answer choices

  1. a. Test with approved wordlists and limits
  2. b. Test reflected and stored XSS with safe payloads
  3. c. Check vendor default accounts are changed
  4. d. Broken object level authorization checks

Architectural breakdown & explanation

Controlled testing validates auth controls. Compare with Test reflected and stored XSS with safe payloads: XSS can steal sessions or deface apps.

Correct answer(s): a. Test with approved wordlists and limits

Exam domain: Domain 2: Attacks and Exploits (45% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the CompTIA PenTest+ bank. Run a full timed practice exam with domain-weighted random questions in your browser.