CompTIA Exam PT0-002 Topic 4 Question 82 Discussion

Actual exam question for CompTIA's PT0-002 exam

Question #: 82
Topic #: 4

[All PT0-002 Questions]

Which of the following web-application security risks are part of the OWASP Top 10 v2017? (Choose two.)

ABuffer overflows

BCross-site scripting

CRace-condition attacks

DZero-day attacks

EInjection flaws

FRansomware attacks

Show Suggested Answer

Suggested Answer: B, E

A01-Injection

A02-Broken Authentication

A03-Sensitive Data Exposure

A04-XXE

A05-Broken Access Control

A06-Security Misconfiguration

A07-XSS

A08-Insecure Deserialization

A09-Using Components with Known Vulnerabilities

A10-Insufficient Logging & Monitoring

Cross-site scripting (XSS) and injection flaws are two of the web-application security risks that are part of the OWASP Top 10 v2017 list. XSS is a type of attack that injects malicious scripts into web pages or applications that are viewed by other users, resulting in compromised sessions, stolen cookies, or redirected browsers. Injection flaws are a type of attack that exploits a vulnerability in an application's data input or output, such as SQL injection, command injection, or LDAP injection, resulting in unauthorized access, data loss, or remote code execution. The other options are not part of the OWASP Top 10 v2017 list.

by Bulah at May 05, 2025, 06:24 AM

Limited Time Offer

25%

Off

Get Premium PT0-002 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Niesha

3 days ago

I agree with Na. B and E seem like the obvious choices here. Can't believe they're still trying to trick us with buffer overflows and zero-day attacks!

upvoted 0 times

...