CompTIA
PT0-001 · Question #194
PT0-001 Question #194: Real Exam Question with Answer & Explanation
The correct answer is B: XSS attacks. HTML entity encoding in the &#xHH; format neutralizes injected script payloads by rendering characters as display text rather than executable markup, preventing XSS attacks.
Question
Software developers should escape all characters (including spaces but excluding alphanumeric characters) with the HTML entity &#xHH; format to prevent what type of attack?
Options
- ADDoS attacks
- BXSS attacks
- CCSRF attacks
- DBrute-force attacks
Explanation
HTML entity encoding in the &#xHH; format neutralizes injected script payloads by rendering characters as display text rather than executable markup, preventing XSS attacks.
Common mistakes.
- A. DDoS attacks flood a target with traffic to exhaust resources and are not affected by how user input is encoded in web applications.
- C. CSRF attacks trick authenticated users into submitting forged requests and are mitigated by anti-CSRF tokens or SameSite cookie attributes, not by HTML entity encoding.
- D. Brute-force attacks repeatedly guess credentials and are countered by rate limiting or account lockout policies, not by input encoding.
Concept tested. HTML entity encoding preventing XSS injection
Reference. https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html
Community Discussion
No community discussion yet for this question.