PT0-002 Domain 2: Attacks and Exploits

Two designs were proposed. Design A would test LDAP injection paths. Design B would test API authentication. The team must pick the approach aligned with vendor best practices. Which choice is correct?

Multiple choice — select one answer

Answer choices

  1. a. Validate input sanitization on directory queries
  2. b. Parameterized queries and input validation
  3. c. Broken object level authorization checks
  4. d. Approved templates and metrics

Architectural breakdown & explanation

LDAPi can bypass authentication. Compare with Broken object level authorization checks: API flaws are common in modern apps.

Correct answer(s): a. Validate input sanitization on directory queries

Exam domain: Domain 2: Attacks and Exploits (45% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the CompTIA PenTest+ bank. Run a full timed practice exam with domain-weighted random questions in your browser.