PT0-002 Domain 2: Attacks and Exploits

Operations reports a need to identify XSS in web apps. What is the MOST operationally efficient solution?

Multiple choice — select one answer

Answer choices

  1. a. Review parsers and object injection points
  2. b. Parameterized queries and input validation
  3. c. Test reflected and stored XSS with safe payloads
  4. d. Validate local and domain privilege boundaries

Architectural breakdown & explanation

XSS can steal sessions or deface apps.

Correct answer(s): c. Test reflected and stored XSS with safe payloads

Exam domain: Domain 2: Attacks and Exploits (45% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the CompTIA PenTest+ bank. Run a full timed practice exam with domain-weighted random questions in your browser.