CompTIA CySA+ (CS0-002) — Question 168

A security analyst sees the following OWASP ZAP output from a scan that was performed against a modern version of Windows while testing for client-side vulnerabilities:

Alert Detail -
Low (Medium) Web Browser XSS Protection not enabled
Description: Web browser XSS protection not enabled, or disabled by the configuration of the HTTP Response header

URL: https://domain.com/sun/ray -

Which of the following is the MOST likely solution to the listed vulnerability?

Answer options

• A. Enable the browsers XSS filter
• B. Enable Windows XSS protection.
• C. Enable the browser’s protected pages mode.
• D. Enable server-side XSS protection.

Correct answer: A

Explanation

The correct answer is A, as enabling the browser's XSS filter directly addresses the lack of client-side protection against cross-site scripting attacks. Options B and C refer to Windows or browser settings that do not specifically target XSS protection in the browser context, while D relates to server-side measures, which are not applicable to this client-side vulnerability.