After a remote command execution incident occurred on a web server, a security analyst found the following piece of code in an XML file: Which of the following is the BEST solution to mitigate this type of attack?
A.
Implement a better level of user input filters and content sanitization.
B.
Properly configure XML handlers so they do not process &ent parameters coming from user inputs.
C.
Use parameterized queries to avoid user inputs from being processed by the server.
D.
Escape user inputs using character encoding conjoined with whitelisting.
The piece of code in the XML file is an example of a command injection attack, which is a type of attack that exploits insufficient input validation or output encoding to execute arbitrary commands on a server or system2 The attacker can inject malicious commands into an XML element that is processed by an XML handler on the server, and cause the server to execute those commands. The best solution to mitigate this type of attack is to implement a better level of user input filters and content sanitization, which means checking and validating any user input before processing it, and removing or encoding any potentially harmful characters or commands.
This section is not available anymore. Please use the main Exam Page.CS0-002 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
2Fish
Highly Voted 2 years, 3 months agoskibby16
Most Recent 1 year, 7 months agobuchhe
1 year, 10 months agomraval
2 years, 4 months agoabsabs
2 years, 4 months agoAverage_Joe
2 years, 8 months agodavid124
2 years, 8 months agoAdrian831
2 years, 9 months agorv438360
2 years, 9 months agoR00ted
2 years, 9 months agoUshouldkno
2 years, 9 months ago