PT0-002 Domain 2: Attacks and Exploits

Two designs were proposed. Design A would perform phishing simulation. Design B would validate SQL injection risk. The team must pick the approach aligned with vendor best practices. Which choice is correct?

Multiple choice — select one answer

Answer choices

  1. a. Approved templates and metrics
  2. b. Review parsers and object injection points
  3. c. Validate local and domain privilege boundaries
  4. d. Parameterized queries and input validation

Architectural breakdown & explanation

Simulations measure awareness. Compare with Parameterized queries and input validation: Parameterization mitigates SQLi.

Correct answer(s): a. Approved templates and metrics

Exam domain: Domain 2: Attacks and Exploits (45% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the CompTIA PenTest+ bank. Run a full timed practice exam with domain-weighted random questions in your browser.