Google Exam Professional Cloud Security Engineer Topic 4 Question 6 Discussion

Actual exam question for Google's Professional Cloud Security Engineer exam

Question #: 6
Topic #: 4

[All Professional Cloud Security Engineer Questions]

You are on your company's development team. You noticed that your web application hosted in staging on GKE dynamically includes user data in web pages without first properly validating the inputted data. This could allow an attacker to execute gibberish commands and display arbitrary content in a victim user's browser in a production environment.

How should you prevent and fix this vulnerability?

AUse Cloud IAP based on IP address or end-user device attributes to prevent and fix the vulnerability.

BSet up an HTTPS load balancer, and then use Cloud Armor for the production environment to prevent the potential XSS attack.

CUse Web Security Scanner to validate the usage of an outdated library in the code, and then use a secured version of the included library.

DUse Web Security Scanner in staging to simulate an XSS injection attack, and then use a templating system that supports contextual auto-escaping.

Show Suggested Answer

Suggested Answer: D

https://cloud.google.com/security-scanner/docs/remediate-findings

by Jeanice at May 09, 2022, 12:49 PM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Security Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!