CISSP Question #909: Real Exam Question with Answer & Explanation

The correct answer is B: Whitelist input validation. Whitelist input validation only allows explicitly permitted characters, formats, or patterns (for example, "only digits and hyphens" for a phone field), which greatly reduces the chance that malicious script can be injected in the first place. In contrast, blacklist‑style checks

Submitted by carter_n· Mar 5, 2026Software Development Security

Question

Which of the following is the MOST effective method to mitigate Cross-Site Scripting (XSS) attacks?

Options

AUse Software as a Service (SaaS)
BWhitelist input validation
CRequire client certificates
DValidate data output

Explanation

Whitelist input validation only allows explicitly permitted characters, formats, or patterns (for example, "only digits and hyphens" for a phone field), which greatly reduces the chance that malicious script can be injected in the first place. In contrast, blacklist‑style checks (blocking known "bad" strings) are easier to bypass, so whitelisting is considered a stronger, more secure approach for XSS and similar injection flaws.

Topics

#XSS#Input validation#Web application security#Output encoding

Community Discussion

No community discussion yet for this question.

Full CISSP Practice Browse All CISSP Questions