CompTIA CySA+ (CS0-002) — Question 239

During an investigation, an analyst discovers a server is vulnerable to an attack against an application that processes XML input. Which of the following controls must be in place to prevent such an attack?

Answer options

• A. Filter all inputs, applying the allow list concept for each parameter from XML content.
• B. Enable an XML external entity and escape each parameter that is received through the XML file.
• C. Implement parameterized queries for each XML parser.
• D. Disable document type definitions completely using the proper method for each parser.

Correct answer: D

Explanation

The correct answer is D because disabling document type definitions prevents the processing of potentially malicious external entities that can lead to attacks such as XML External Entity (XXE) attacks. The other options either do not address the specific threat or are not effective enough to prevent the vulnerabilities associated with XML processing.