Exam CS0-003 topic 1 question 346 discussion

The best recommendations to prevent the XSS (Cross-Site Scripting) vulnerability from being exploited are: D. Implement a compensating control in the source code F. Fix the vulnerability using a virtual patch at the WAF Explanation: • D. Implement a compensating control in the source code This is the most effective and permanent fix. Proper input validation, output encoding, and sanitization in the source code prevent XSS from occurring. • F. Fix the vulnerability using a virtual patch at the WAF (Web Application Firewall) A virtual patch is a temporary solution that blocks exploit attempts until a permanent code fix is implemented. This helps reduce risk immediately without altering application code.

D Implement a compensating control in the source code (e.g., input validation, output encoding, Content-Security-Policy) Fixes the root cause inside the application so untrusted data can no longer be rendered as active script in the browser. F Apply a virtual patch at the WAF Provides an immediate, centrally managed rule set that filters or sanitises malicious XSS payloads while the development team works on the permanent code fix.

F is for sure 1/2 of the answers. For me, it's a 50/50 tossup between C and D. Taking the website offline would obviously prevent any exploitation, but would be a major hit to availability, where as implementing a compensating control would help to mitigate the vulnerability while maintaining availability.

I think D and F. While it does say "best way" and taking the server offline would technically be best, it just doesn't seem practical and would affect uptime and availability of company services. D and F would correct the issue at hand and keep the website up at the same time

I think fixing the server with a WAF because its public facing website and taking the website off online is possible because it mentions "one of the public websites of a company"