ExamGecko
Question list
Search
Search

List of questions

Search

Related questions











Question 84 - CAS-004 discussion

Report
Export

A security architect is implementing a web application that uses a database back end. Prior to the production, the architect is concerned about the possibility of XSS attacks and wants to identify security controls that could be put in place to prevent these attacks.

Which of the following sources could the architect consult to address this security concern?

A.
SDLC
Answers
A.
SDLC
B.
OVAL
Answers
B.
OVAL
C.
IEEE
Answers
C.
IEEE
D.
OWASP
Answers
D.
OWASP
Suggested answer: D

Explanation:

OWASP is a resource used to identify attack vectors and their mitigations, OVAL is a vulnerability assessment standard

OWASP (Open Web Application Security Project) is a source that the security architect could consult to address the security concern of XSS (cross-site scripting) attacks on a web application that uses a database back end. OWASP is a non-profit organization that provides resources and guidance for improving the security of web applications and services. OWASP publishes the OWASP Top 10 list of common web application vulnerabilities and risks, which includes XSS attacks, as well as recommendations and best practices for preventing or mitigating them. SDLC (software development life cycle) is not a source for addressing XSS attacks, but a framework for developing software in an organized and efficient manner. OVAL (Open Vulnerability and Assessment Language) is not a source for addressing XSS attacks, but a standard for expressing system configuration information and vulnerabilities. IEEE (Institute of Electrical and Electronics Engineers) is not a source for addressing XSS attacks, but an organization that develops standards for various fields of engineering and technology. Verified

Reference: https://www.comptia.org/blog/what-is-owasp https://partners.comptia.org/docs/default-source/resources/casp-content-guide

asked 02/10/2024
abdirashid ahmed
31 questions
User
Your answer:
0 comments
Sorted by

Leave a comment first