ISC2 CCSP Quiz 33 Topic 7 Questions 161-165

Question: 1

The Open Web Application Security Project (OWASP) Top Ten is a list of web application security threats that is composed by a member-driven OWASP committee of application development experts and published approximately every 24 months. The 2013 OWASP Top Ten list includes ''cross-site scripting (XSS).''

Which of the following is not a method for reducing the risk of XSS attacks?

Response:

AUse an auto-escaping template system.

BXML escape all identity assertions.

CSanitize HTML markup with a library designed for the purpose.

DHTML escape JSON values in an HTML context and read the data with JSON.parse.

Show Answer

Question: 2

At which layer does the IPSec protocol operate to encrypt and protect communications between two parties?

Response:

ANetwork

BApplication

CTransport

DData link

Show Answer

Question: 3

Which of the following data sanitation methods would be the MOST effective if you needed to securely remove data as quickly as possible in a cloud environment?

Response:

AZeroing

BCryptographic erasure

COverwriting

DDegaussing

Show Answer

Question: 4

Egress monitoring solutions usually include a function that ____________.

Response:

AUses biometrics to scan users

BInspects incoming packets

CResides on client machines

DUses stateful inspection

Show Answer

Question: 5

Which of the following is a method for apportioning resources that involves setting guaranteed minimums for all tenants/customers within the environment?

Response:

AReservations

BShares

CCancellations

DLimits

Show Answer

ISC2 CCSP Quiz:33 Topic:7 Questions:161-165