PT0-002 Domain 2: Attacks and Exploits

Two designs were proposed. Design A would identify XSS in web apps. Design B would test for insecure deserialization. The team must pick the approach aligned with vendor best practices. Which choice is correct?

Multiple choice — select one answer

Answer choices

  1. a. Approved templates and metrics
  2. b. Test reflected and stored XSS with safe payloads
  3. c. Review parsers and object injection points
  4. d. Review parsers and object injection points (not recommended for production workloads)

Architectural breakdown & explanation

XSS can steal sessions or deface apps. Compare with Review parsers and object injection points: Unsafe deserialization enables RCE.

Correct answer(s): b. Test reflected and stored XSS with safe payloads

Exam domain: Domain 2: Attacks and Exploits (45% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the CompTIA PenTest+ bank. Run a full timed practice exam with domain-weighted random questions in your browser.