PT0-002 Domain 2: Attacks and Exploits

While troubleshooting latency, engineers determine they must test for insecure deserialization. Which action is appropriate?

Multiple choice — select one answer

Answer choices

  1. a. Approved templates and metrics
  2. b. Review parsers and object injection points
  3. c. Parameterized queries and input validation
  4. d. Broken object level authorization checks

Architectural breakdown & explanation

Unsafe deserialization enables RCE.

Correct answer(s): b. Review parsers and object injection points

Exam domain: Domain 2: Attacks and Exploits (45% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the CompTIA PenTest+ bank. Run a full timed practice exam with domain-weighted random questions in your browser.