Free Top CompTIA Pentest+ PT0-003 Actual Exam Questions - Question 13 Discussion
HOTSPOT -You are a security analyst tasked with hardening a web server. You have been given a list of HTTP payloads that were flagged as malicious.
INSTRUCTION - Giving the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future. If at any time you would like to bring back the initial state of the simulation, please click the Reset All button. Hot Area:
Looks like the payloads clearly show classic SQL injection patterns, so focusing on input validation and prepared statements is key. Option C seems right since it mentions parameterized queries, which block injections effectively.
B looks like cross-site scripting since it has script tags. The fix should be output encoding or input validation instead of SQL-focused options.
Option C looks like classic SQL injection payloads, so blocking it at the web app layer with prepared statements is solid. Also, adding a web application firewall could help catch anything that slips through.
Option C