CompTIA PenTest+ (PT1-002) — Question 17

Which of the following BEST describe the OWASP Top 10? (Choose two.)

Answer options

• A. The most critical risks of web applications
• B. A list of all the risks of web applications
• C. The risks defined in order of importance
• D. A web-application security standard
• E. A risk-governance and compliance framework
• F. A checklist of Apache vulnerabilities

Correct answer: A, C

Explanation

The correct answers, A and C, accurately highlight that the OWASP Top 10 focuses on the most critical risks associated with web applications and ranks these risks by their importance. Options B, D, E, and F are incorrect because they either overgeneralize the scope of the OWASP Top 10 or misrepresent its purpose and format.