CompTIA PenTest+ (PT0-002) — Question 205

During a code review assessment, a penetration tester finds the following vulnerable code inside one of the web application files:

<% String id = request.getParameter("id"); %>

Employee ID: <%= id %>

Which of the following is the BEST remediation to prevent a vulnerability from being exploited, based on this code?

Answer options

• A. Parameterized queries
• B. Patch application
• C. Output encoding
• D. HTML sanitization

Correct answer: C

Explanation

The best way to prevent vulnerabilities in this code is through output encoding, as it ensures that any data displayed to the user is properly encoded, thus mitigating risks like cross-site scripting (XSS). Parameterized queries are relevant for SQL injection prevention, while patching the application and HTML sanitization are less effective in this specific context.