CompTIA Study Materials
AWS Study Materials
AWS Cloud Practitioner AWS Cloud Practitioner
AWS Cloud Practitioner CLF-C02
Microsoft Study Materials
Microsoft Azure Fundamentals Microsoft Azure Fundamentals
Microsoft Azure Fundamentals AZ-900

Free CompTIA PenTest+ PT0-002 Practice Question

A penetration tester is evaluating a website to determine if it is vulnerable to cross-site scripting attacks. During their assessment, they find that the website allows users to post comments which are then viewable by other visitors without any input sanitization. Which type of payload would be MOST effective for establishing a persistent cross-site scripting attack?

  • Script inclusion that stores malicious code in the website’s database

  • URL manipulation to reflect malicious code execution only once

  • Self-executing script that activates once but requires a page refresh to execute again

  • Local JavaScript file inclusion that would execute the payload from the user's device

This question is for objective:
Attacks and Exploits
Your Score:
Attacks and Exploits
Information Gathering and Vulnerability Scanning
Reporting and Communication
Tools and Code Analysis
Planning and Scoping