Pre-Summer Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: force70

  1. Home
  2. Discussions
  3. CompTIA
  4. PenTest+
  5. PT0-003 Discussions
  6. PT0-003 Exam Topic 4 Question 36 Discussion

CompTIA PenTest+ Exam PT0-003 Question # 36 Topic 4 Discussion

 CompTIA Discussions      Browse All Questions      Go to Exam Detail      Get Premium Access
 Previous
Next  

CompTIA PenTest+ Exam PT0-003 Question # 36 Topic 4 Discussion

PT0-003 Exam Topic 4 Question 36 Discussion:
Question #: 36
Topic #: 4

A penetration tester finds that an application responds with the contents of the /etc/passwd file when the following payload is sent:

xml

Copy code

< ?xml version= " 1.0 " ? >

< !DOCTYPE data [

< !ENTITY foo SYSTEM " file:///etc/passwd " >

] >

< test > & foo; < /test >

Which of the following should the tester recommend in the report to best prevent this type of vulnerability?
A.

Drop all excessive file permissions with chmod o-rwx.

B.

Ensure the requests application access logs are reviewed frequently.

C.

Disable the use of external entities.

D.

Implement a WAF to filter all incoming requests.

Get Premium PT0-003 Questions
Actual exam question for CompTIA PT0-003 exam by Kai6482 at May 1, 2026, 3:53:45 AM

Contribute your Thoughts:


Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Submit
 Previous
Next