PROFESSIONAL-CLOUD-SECURITY-ENGINEER · Question #26
PROFESSIONAL-CLOUD-SECURITY-ENGINEER Question #26: Real Exam Question with Answer & Explanation
The correct answer is D: Use Web Security Scanner in staging to simulate an XSS injection attack, and then use a. Web Security Scanner cross-site scripting (XSS) injection testing simulates an injection attack by inserting a benign test string into user-editable fields and then performing various user actions. https://cloud.google.com/security-command-center/docs/how-to-remediate-web-securit
Question
You are on your company's development team. You noticed that your web application hosted in staging on GKE dynamically includes user data in web pages without first properly validating the inputted data. This could allow an attacker to execute gibberish commands and display arbitrary content in a victim user's browser in a production environment. How should you prevent and fix this vulnerability?
Options
- AUse Cloud IAP based on IP address or end-user device attributes to prevent and fix the
- BSet up an HTTPS load balancer, and then use Cloud Armor for the production environment to
- CUse Web Security Scanner to validate the usage of an outdated library in the code, and then use
- DUse Web Security Scanner in staging to simulate an XSS injection attack, and then use a
Explanation
Web Security Scanner cross-site scripting (XSS) injection testing simulates an injection attack by inserting a benign test string into user-editable fields and then performing various user actions. https://cloud.google.com/security-command-center/docs/how-to-remediate-web-security-scanner-
Topics
Community Discussion
No community discussion yet for this question.