CompTIA CySA+ (CS0-003) — Question 19

A penetration tester submitted data to a form in a web application, which enabled the penetration tester to retrieve user credentials. Which of the following should be recommended for remediation of this application vulnerability?

Answer options

• A. Implementing multifactor authentication on the server OS
• B. Hashing user passwords on the web application
• C. Performing input validation before allowing submission
• D. Segmenting the network between the users and the web server

Correct answer: C

Explanation

The correct answer is C because performing input validation helps prevent malicious data from being processed by the application, thereby blocking exploitation attempts. Options A and B, while beneficial for security, do not directly address the vulnerability related to input submission. Option D is more about network architecture than directly fixing the application flaw.