An XSS vulnerability was reported on one of the public websites of a company.

CompTIA CS0-003 Question Answer

An XSS vulnerability was reported on one of the public websites of a company. The security department confirmed the finding and needs to provide a recommendation to the application owner. Which of the following recommendations will best prevent this vulnerability from being exploited? (Select two).

Implement an IPS in front of the web server.

Enable MFA on the website.

Take the website offline until it is patched.

Implement a compensating control in the source code.

Configure TLS v1.3 on the website.

Fix the vulnerability using a virtual patch at the WAF.

Explanation:

Comprehensive Detailed Explanation:To effectively prevent Cross-Site Scripting (XSS) attacks, implementing appropriate security controls within the application code and at the network layer is critical. Here’s a breakdown of each option:

A. Implement an IPS in front of the web server

Explanation: Intrusion Prevention Systems (IPS) are primarily designed to detect and prevent network-based attacks, not application-layer vulnerabilities such as XSS. They do not specifically mitigate XSS threats effectively.

B. Enable MFA on the website

Explanation: Multi-factor authentication (MFA) strengthens user authentication but does not address XSS, which typically involves injecting malicious scripts rather than compromising user credentials.

C. Take the website offline until it is patched

While this might temporarily mitigate the risk, it is not a practical solution for ongoing operations, especially when effective preventative controls (e.g., WAF rules or code updates) can be implemented without disabling the service.

D. Implement a compensating control in the source code

Explanation: Implementing security controls at the code level is an effective way to mitigate XSS risks. This can involve proper input validation, output encoding, and utilizing libraries that sanitize user inputs. By addressing the root cause in the source code, developers prevent scripts from being injected or executed in the browser.

E. Configure TLS v1.3 on the website

Explanation: While TLS v1.3 secures the communication channel, it does not address XSS directly. XSS attacks manipulate client-side scripts, which TLS cannot prevent, as TLS only encrypts data in transit.

F. Fix the vulnerability using a virtual patch at the WAF

Explanation: Web Application Firewalls (WAFs) can mitigate XSS vulnerabilities by identifying and blocking malicious payloads. Virtual patching at the WAF level provides a temporary fix by preventing exploit attempts from reaching the application, giving developers time to implement a permanent fix in the source code.

[References:, OWASP XSS Prevention Cheat Sheet: Detailed guidance on encoding, sanitizing, and safe coding practices to prevent XSS., NIST SP 800-44: Guidelines on Web Security, discussing WAFs and application-layer protections., CWE-79: Common Weakness Enumeration on Cross-Site Scripting, which outlines ways to address and prevent XSS attacks., , , ]

CompTIA CS0-003 View All Questions

CompTIA CS0-003 Summary

Vendor: CompTIA
Product: CS0-003
Update on: Jun 20, 2026
Questions: 486

Price: $52.5 ~~$149.99~~

Buy Now CS0-003 PDF + Testing Engine Pack

A SOC manager is establishing a reporting process to manage vulnerabilities.

A vulnerability scan of a web server that is exposed to the internet was recently...

Summer Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmasmnth

An XSS vulnerability was reported on one of the public websites of a company.

The Answer Is:

Explanation:

CompTIA CS0-003 Summary

Payments We Accept

Contact Us