[&] Why is coaxing the application important in an XXE attack?
- To guarantee XML document well-formedness
- To expose SSL configurations
- To leverage cookies for larger size payloads
- To obtain data not automatically reflected back -- Correct

[&] What distinction exists between private and public external entities in an XXE context?
- Private entities require authentication; public do not
- Private entities are accessible by select authors; public are for broader usage -- Correct
- Public entities are stored locally; private are universal
- Private entities are restricted to the server; public can be queried via a public URL

[&] Which technique is often employed to test for XXE vulnerabilities?
- SSL certificate spoofing
- SQL injection via XML payloads
- Resource inclusion via XML external entity definition -- Correct
- Cross-site scripting (XSS) with XML tags

[&] Which of the following best describes a potential impact of an XXE attack?
- Data loss on client-side devices
- Reading sensitive files on the server -- Correct
- Automatic transformation of XML documents
- Unauthorized access to XML schemas across networks

[&] In the demonstration, what serves as a prerequisite for executing an XXE vulnerability in Apache Solr?
- Access to an unencrypted configuration file
- The implementation of a JSON-based import handler
- The existence of an unsecured login page
- An enabled data import handler -- Correct

[&] What is an XML External Entity (XXE) vulnerability primarily characterized by?
- Modifying XML schemas for schema-less data handling
- Injecting invalid XML syntax into data payloads
- Processing external entities referenced in an XML document -- Correct
- Unauthorised access to JavaScript within XML