Keep the current shell command, but add HTML encoding to the response page.

Output encoding helps prevent browser-side issues, but it does not stop command injection on the server.

Increase the web server timeout so the ping utility has more time to complete.

Timeout tuning does not prevent an attacker from appending extra shell commands to the request.

Require users to authenticate before they can access the page.

Authentication may reduce exposure, but it does not correct the underlying unsafe command execution.

What does this SY0-701 question test?

Static NAT maps one inside address to one outside address.

What is the correct answer to this question?

The correct answer is: Replace the shell call with a safe library function and strictly allowlist approved host values. — The exhibit shows OS command injection: the application builds a shell command directly from user input, and the attacker appends a second command using a semicolon. The best remediation is to remove shell interpretation by calling a safe library or API function and to restrict inputs with a strict allowlist of approved hosts. This addresses both the injection path and the application’s intended business requirement. Authentication or output encoding alone would not fix the flaw. Why others are wrong: HTML encoding only affects how responses are displayed and does nothing to stop the server from executing injected shell commands. Extending timeouts may make normal pings more reliable, but it does not mitigate command chaining. Authentication is valuable, yet even authenticated users could exploit the flaw unless the command execution pattern is redesigned to avoid shell expansion entirely.

What should I do if I get this SY0-701 question wrong?

Then try more questions from the same exam bank and focus on understanding why the wrong options are tempting.