Pre-Summer Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ac4s65

A penetration tester finds that an application responds with the contents of the /etc/passwd file...

CompTIA PT0-003 Full Course Access
CompTIA PT0-003 View All Questions

A penetration tester finds that an application responds with the contents of the /etc/passwd file when the following payload is sent:

< ?xml version= " 1.0 " ? >

< !DOCTYPE data [ < !ENTITY foo SYSTEM " file:///etc/passwd " > ] >

< test > & foo; < /test >

Which of the following should the tester recommend in the report to best prevent this type of vulnerability?

A.

Drop all excessive file permissions with chmod o-rwx

B.

Ensure the requests application access logs are reviewed frequently

C.

Disable the use of external entities

D.

Implement a WAF to filter all incoming requests

PT0-003 PDF/Engine
  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions
buy now PT0-003 pdf
Get 65% Discount on All Products, Use Coupon: "ac4s65"
Next
The following file was obtained during reconnaissance: Which of the following is most likely to...
A penetration tester conducts a web application assessment and receives the following Set-Cookie upon logging...
Previous