CompTIA Security+ (SY0-701) — Question 367

An organization's web servers host an online ordering system. The organization discovers that the servers are vulnerable to a malicious JavaScript injection, which could allow attackers to access customer payment information. Which of the following mitigation strategies would be most effective for preventing an attack on the organization's web servers? (Choose two.)

Answer options

• A. Regularly updating server software and patches
• B. Implementing strong password policies
• C. Encrypting sensitive data at rest and in transit
• D. Utilizing a web-application firewall
• E. Performing regular vulnerability scans
• F. Removing payment information from the servers

Correct answer: A, D

Explanation

Regularly updating server software and patches (A) is crucial as it fixes known vulnerabilities, while utilizing a web-application firewall (D) helps filter and monitor HTTP traffic to and from the web server, blocking malicious requests. The other options, while important for overall security, do not directly address the prevention of JavaScript injection attacks on web servers.