PrepAway - Latest Free Exam Questions & Answers

Which of the following can be implemented in hardware or software to protect a web server from crosssite scrip

Which of the following can be implemented in hardware or software to protect a web server from crosssite scripting attacks?

PrepAway - Latest Free Exam Questions & Answers

A.
Intrusion Detection System

B.
Flood Guard Protection

C.
Web Application Firewall

D.
URL Content Filter

Explanation:
Cross-site scripting (XSS) is a form of malicious code-injection attack on a web server in which an attacker
injects code into the content sent to website visitors. XSS can be mitigated by implementing patch
management on the web server, using firewalls, and auditing for suspicious activity.Incorrect Answers:
A: An Intrusion Detection System (IDS) is used to detect attempts to access a system. It cannot be used to
detect cross-site scripting attacks where a malicious user is injecting malicious content into content being
downloaded by a user.
B: Flood Guard Protection is used to prevent a network being flooded by data such as DoS, SYN floods,
ping floods etc. The flood of data saturates the network and prevents the successful transmission of valid
data across the network. Flood Guard Protection is not used to prevent cross-site scripting attacks.
D:
A URL Content Filter is used to permit access to allowed URLs (Websites) only or to block access to
URLs that are not allowed according to company policy. For example, a company might use a URL Content
Filter to block access to social networking sites. A URL Content Filter is not used to prevent cross-site
scripting attacks.

http://en.wikipedia.org/wiki/Cross-site_scripting
https://www.owasp.org/index.php/Web_Application_Firewall


Leave a Reply