Valid PT0-003 Dumps shared by ExamDiscuss.com for Helping Passing PT0-003 Exam! ExamDiscuss.com now offer the newest PT0-003 exam dumps, the ExamDiscuss.com PT0-003 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com PT0-003 dumps with Test Engine here:
A penetration tester finds that an application responds with the contents of the /etc/passwd file when the following payload is sent: <?xml version="1.0"?> <!DOCTYPE data [ <!ENTITY foo SYSTEM "file:///etc/passwd"> ]> <test>&foo;</test> Which of the following should the tester recommend in the report to best prevent this type of vulnerability?
Correct Answer: C
This is an XML External Entity (XXE) attack, which occurs when an application processes XML input that allows external entity references. The best mitigation is to disable external entities in the XML parser. * Option A (Change file permissions) #: Changing file permissions does not fix the root cause, as the vulnerability is in XML processing. * Option B (Review logs) #: Logs help with detection, but do not prevent XXE attacks. * Option C (Disable external entities) #: Correct. * Disabling external entity resolution in the XML parser prevents XXE attacks. * Option D (WAF) #: A WAF can help block attacks, but disabling external entities is the best solution. # Reference: CompTIA PenTest+ PT0-003 Official Guide - Web Application Attacks (XXE)