PT0-002 Domain 2: Attacks and Exploits

Two designs were proposed. Design A would test API authentication. Design B would perform phishing simulation. The team must pick the approach aligned with vendor best practices. Which choice is correct?

Multiple choice — select one answer

Answer choices

  1. a. Check vendor default accounts are changed
  2. b. Parameterized queries and input validation
  3. c. Broken object level authorization checks
  4. d. Test with approved wordlists and limits

Architectural breakdown & explanation

API flaws are common in modern apps. Compare with Approved templates and metrics: Simulations measure awareness.

Correct answer(s): c. Broken object level authorization checks

Exam domain: Domain 2: Attacks and Exploits (45% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the CompTIA PenTest+ bank. Run a full timed practice exam with domain-weighted random questions in your browser.