CompTIA PenTest+ (PT0-002) — Question 131

Which of the following web-application security risks are part of the OWASP Top 10 v2017? (Choose two.)

Answer options

• A. Buffer overflows
• B. Cross-site scripting
• C. Race-condition attacks
• D. Zero-day attacks
• E. Injection flaws
• F. Ransomware attacks

Correct answer: B, E

Explanation

The correct answers, B (Cross-site scripting) and E (Injection flaws), are recognized as significant web application vulnerabilities in the OWASP Top 10 v2017. The other options, while they represent various types of security risks, do not appear in that specific OWASP list.