CompTIA PenTest+ (PT1-002) — Question 4

Which of the following web-application security risks are part of the OWASP Top 10 v2017? (Choose two.)

Answer options

• A. Buffer overflows
• B. Cross-site scripting
• C. Race-condition attacks
• D. Zero-day attacks
• E. Injection flaws
• F. Ransomware attacks

Correct answer: B, E

Explanation

The correct answers are B (Cross-site scripting) and E (Injection flaws) as they are recognized as significant vulnerabilities in the OWASP Top 10 v2017. The other options like Buffer overflows, Race-condition attacks, Zero-day attacks, and Ransomware attacks, while serious security issues, are not categorized in that specific OWASP list.