nerdexam
CompTIA

SY0-301 · Question #725

A security administrator develops a web page and limits input into their fields on the web page as well as filters special characters in output. The administrator is trying to prevent which of the fol

The correct answer is B. XSS. XSS (Cross-Site Scripting) is the correct answer. XSS attacks occur when an attacker injects malicious scripts into web page content that is then executed by other users' browsers. The two primary defenses described-limiting/validating input and encoding/filtering special charact

Threats, vulnerabilities, and mitigations

Question

A security administrator develops a web page and limits input into their fields on the web page as well as filters special characters in output. The administrator is trying to prevent which of the following attacks?

Options

  • ASpoofing
  • BXSS
  • CFuzzing
  • DPharming

How the community answered

(49 responses)
  • A
    2% (1)
  • B
    94% (46)
  • D
    4% (2)

Explanation

XSS (Cross-Site Scripting) is the correct answer. XSS attacks occur when an attacker injects malicious scripts into web page content that is then executed by other users' browsers. The two primary defenses described-limiting/validating input and encoding/filtering special characters in output-are the standard countermeasures against XSS. Input validation prevents malicious data from entering the system, and output encoding prevents injected content from being interpreted as executable script by the browser.

Topics

#XSS#input validation#output encoding#web application security

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice