CompTIA PenTest+ PT0-002 Practice Question

A penetration tester is evaluating a website to determine if it is vulnerable to cross-site scripting attacks. During their assessment, they find that the website allows users to post comments which are then viewable by other visitors without any input sanitization. Which type of payload would be MOST effective for establishing a persistent cross-site scripting attack?

  • Local JavaScript file inclusion that would execute the payload from the user's device

  • Self-executing script that activates once but requires a page refresh to execute again

  • URL manipulation to reflect malicious code execution only once

  • Script inclusion that stores malicious code in the website’s database

CompTIA PenTest+ PT0-002
Attacks and Exploits
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Bash, the Crucial Exams Chat Bot
AI Bot