CompTIA CySA+ (CS0-003) — Question 252

An XSS vulnerability was reported on one of the public websites of a company. The security department confirmed the finding and needs to provide a recommendation to the application owner. Which of the following recommendations will best prevent this vulnerability from being exploited? (Choose two.)

Answer options

• A. Implement an IPS in front of the web server.
• B. Enable MFA on the website.
• C. Take the website offline until it is patched.
• D. Implement a compensating control in the source code.
• E. Configure TLS v1.3 on the website.
• F. Fix the vulnerability using a virtual patch at the WAF.

Correct answer: D, F

Explanation

The correct answers, D and F, involve making changes directly to the source code and applying a virtual patch at the Web Application Firewall (WAF) to mitigate the XSS vulnerability effectively. Options A, B, C, and E do not directly address the XSS vulnerability itself; an IPS and MFA improve security but do not fix the underlying issue, taking the website offline is not a practical long-term solution, and configuring TLS v1.3 enhances security but is unrelated to XSS.