CompTIA PenTest+ (PT0-001) — Question 118

A penetration tester is testing a web application and is logged in as a lower-privileged user. The tester runs arbitrary JavaScript within an application, which sends an XMLHttpRequest, resulting in exploiting features to which only an administrator should have access. Which of the following controls would BEST mitigate the vulnerability?

Answer options

• A. Implement authorization checks.
• B. Sanitize all the user input.
• C. Prevent directory traversal.
• D. Add client-side security controls

Correct answer: A

Explanation

Implementing authorization checks ensures that users can only access features and functionalities for which they have been granted permission, effectively preventing privilege escalation. While sanitizing user input is important for preventing injection attacks, it does not address the issue of user privilege management. Preventing directory traversal is unrelated to this scenario, and adding client-side security controls does not adequately secure server-side access controls.