During an investigation, an analyst discovers a server is vulnerable to an attack against an application that processes XML input. Which of the following controls must be in place to prevent such an attack?
A.
Filter all inputs, applying the allow list concept for each parameter from XML content.
B.
Enable an XML external entity and escape each parameter that is received through the XML file.
C.
Implement parameterized queries for each XML parser.
D.
Disable document type definitions completely using the proper method for each parser.
The safest way to prevent XXE is always to disable DTDs (External Entities) completely. Depending on the parser.
If it is not possible to disable DTDs completely, then external entities and external document type declarations must be disabled in a way that's specific to each parser.
So I think its D
helper source: https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html
I concur its D, Virtually all XXE vulnerabilities arise because the application's XML parsing library supports potentially dangerous XML features that the application does not need or intend to use. The easiest and most effective way to prevent XXE attacks is to disable those features.
upvoted 3 times
...
...
This section is not available anymore. Please use the main Exam Page.CS0-002 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Dutch012
1 year, 10 months agotutita
1 year, 10 months ago