EC-Council
EC0-350 · Question #9
EC0-350 Question #9: Real Exam Question with Answer & Explanation
Sign in or unlock EC0-350 to reveal the answer and full explanation for question #9. The question stem and answer options stay visible for context.
Question
Consider the following code: text=<script>alert(document.cookie)</script> If an attacker can trick a victim user to click a link like this, and the Web application does not validate input, then the victim's browser will pop up an alert showing the users current set of cookies. An attacker can do much more damage, including stealing passwords, resetting your home page, or redirecting the user to another Web site. What is the countermeasure against XSS scripting?
Options
- ACreate an IP access list and restrict connections based on port number
- BReplace "<" and ">" characters with "& l t;" and "& g t;" using server scripts
- CDisable Javascript in IE and Firefox browsers
- DConnect to the server using HTTPS protocol instead of HTTP
Unlock EC0-350 to see the answer
You've previewed enough free EC0-350 questions. Unlock EC0-350 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.