350-701 · Question #53
350-701 Question #53: Real Exam Question with Answer & Explanation
The correct answer is B: Incorporate contextual output encoding/escaping.. While disabling scripts in general and enabling them on a per-doman basis, it does have some drawbacks for functionality. Users would be forced to enable scripting to have the site fully functional, which would make the user vulnerable to XXS attack again. Selectively disabling s
Question
Which two preventive measures are used to control cross-site scripting? (Choose two.)
Options
- AEnable client-side scripts on a per-domain basis.
- BIncorporate contextual output encoding/escaping.
- CDisable cookie inspection in the HTML inspection engine.
- DRun untrusted HTML input through an HTML sanitization engine.
- ESameSite cookie attribute should not be used.
Explanation
While disabling scripts in general and enabling them on a per-doman basis, it does have some drawbacks for functionality. Users would be forced to enable scripting to have the site fully functional, which would make the user vulnerable to XXS attack again. Selectively disabling scripts is a good alternative, but is not in the question list of answers. The most significant problem with blocking all scripts on all websites by default is substantial reduction in functionality andresponsiveness . Another problem with script blocking is that many users do not understand it, and do not know how to properly secure their browsers. Yet another drawback is that many sites do not work without client-side scripting, forcing users to disable protection for that site and opening their systems to vulnerabilities.
Topics
Community Discussion
No community discussion yet for this question.