CompTIA PenTest+ (PT0-002) — Question 387

Which of the following BEST describe the OWASP Top 10? (Choose two.)

Answer options

• A. The most critical risks of web applications
• B. A list of all the risks of web applications
• C. The risks defined in order of importance
• D. A web-application security standard
• E. A risk-governance and compliance framework
• F. A checklist of Apache vulnerabilities

Correct answer: A, C

Explanation

The OWASP Top 10 identifies the most critical risks associated with web applications, making option A correct. Additionally, it organizes these risks based on their severity, which validates option C. The other options do not accurately reflect the OWASP Top 10's purpose and structure.