nerdexam
Palo_Alto_Networks

PCCSE · Question #21

The development team wants to block Cross Site Scripting attacks from pods its environment How should the team construct the CNAF policy to protect against this attack?

The correct answer is C. create a Container CNAF policy, targeted at a specific resource, check the box for XSS attack. Since the workloads are pods (containers), a Container CNAF (Cloud Native Application Firewall) policy is the correct type - not a Host CNAF policy. The policy should be targeted at the specific resource (the pod/container) to limit scope and avoid unintended impact. Within the C

Container Security

Question

The development team wants to block Cross Site Scripting attacks from pods its environment How should the team construct the CNAF policy to protect against this attack?

Options

  • Acreate a Container CNAF policy, targeted at a specific resource, check the box for XSS attack
  • Bcreate a Host CNAF policy, targeted at a specific resource, check the box for XSS attack
  • Ccreate a Container CNAF policy, targeted at a specific resource, check the box for XSS attack
  • Dcreate a Container CNAF policy, targeted at a specific resource, and they should set "Explicitly

How the community answered

(15 responses)
  • A
    7% (1)
  • C
    93% (14)

Explanation

Since the workloads are pods (containers), a Container CNAF (Cloud Native Application Firewall) policy is the correct type - not a Host CNAF policy. The policy should be targeted at the specific resource (the pod/container) to limit scope and avoid unintended impact. Within the CNAF rule configuration, there is a checkbox specifically for XSS (Cross-Site Scripting) attack protection, which when enabled causes Prisma Cloud to inspect and block XSS payloads in HTTP traffic. A Host CNAF policy (B) would apply to host-level traffic, which is incorrect for pod-based workloads.

Topics

#Container Security#Application Security#Cloud Native Security#XSS Protection

Community Discussion

No community discussion yet for this question.

Full PCCSE Practice