PCCSE · Question #21
The development team wants to block Cross Site Scripting attacks from pods its environment How should the team construct the CNAF policy to protect against this attack?
The correct answer is C. create a Container CNAF policy, targeted at a specific resource, check the box for XSS attack. Since the workloads are pods (containers), a Container CNAF (Cloud Native Application Firewall) policy is the correct type - not a Host CNAF policy. The policy should be targeted at the specific resource (the pod/container) to limit scope and avoid unintended impact. Within the C
Question
The development team wants to block Cross Site Scripting attacks from pods its environment How should the team construct the CNAF policy to protect against this attack?
Options
- Acreate a Container CNAF policy, targeted at a specific resource, check the box for XSS attack
- Bcreate a Host CNAF policy, targeted at a specific resource, check the box for XSS attack
- Ccreate a Container CNAF policy, targeted at a specific resource, check the box for XSS attack
- Dcreate a Container CNAF policy, targeted at a specific resource, and they should set "Explicitly
How the community answered
(15 responses)- A7% (1)
- C93% (14)
Explanation
Since the workloads are pods (containers), a Container CNAF (Cloud Native Application Firewall) policy is the correct type - not a Host CNAF policy. The policy should be targeted at the specific resource (the pod/container) to limit scope and avoid unintended impact. Within the CNAF rule configuration, there is a checkbox specifically for XSS (Cross-Site Scripting) attack protection, which when enabled causes Prisma Cloud to inspect and block XSS payloads in HTTP traffic. A Host CNAF policy (B) would apply to host-level traffic, which is incorrect for pod-based workloads.
Topics
Community Discussion
No community discussion yet for this question.