GCIH · Question #692
An administrator needs to protect his organization's IIS webservers from Cross-Site Scripting attacks. Which action should he take?
The correct answer is A. Use the Anti-XSS library from Microsoft. Cross-Site Scripting (XSS) attacks occur when malicious scripts are injected into web pages and executed in other users' browsers. Microsoft's Anti-XSS Library is a purpose-built encoding library for ASP.NET applications that sanitizes and encodes user-supplied input before it is
Question
An administrator needs to protect his organization's IIS webservers from Cross-Site Scripting attacks. Which action should he take?
Options
- AUse the Anti-XSS library from Microsoft
- BConfigure two-factor authentication for clients
- CUse a random element when setting session cookies
- DConfigure application whitelisting on the IIS server
How the community answered
(31 responses)- A94% (29)
- B3% (1)
- C3% (1)
Explanation
Cross-Site Scripting (XSS) attacks occur when malicious scripts are injected into web pages and executed in other users' browsers. Microsoft's Anti-XSS Library is a purpose-built encoding library for ASP.NET applications that sanitizes and encodes user-supplied input before it is rendered in the browser, directly neutralizing XSS payloads. It is the most direct and effective countermeasure for XSS on IIS. Two-factor authentication (B) hardens user login but does nothing to prevent script injection. Using a random nonce in session cookies (C) mitigates session fixation and CSRF, not XSS. Application whitelisting (D) controls which executables can run on the server OS but has no effect on malicious content served through the web application itself.
Topics
Community Discussion
No community discussion yet for this question.