CompTIA CySA+CS0-002 – Question074

After a remote command execution incident occurred on a web server, a security analyst found the following piece of code in an XML file:

Which of the following is the BEST solution to mitigate this type of attack?

A.
Implement a better level of user input filters and content sanitization.
B. Properly configure XML handlers so they do not process &ent parameters coming from user inputs.
C. Use parameterized queries to avoid user inputs from being processed by the server.
D. Escape user inputs using character encoding conjoined with whitelisting.

Correct Answer: A