Google Exam Professional Cloud Security Engineer Topic 1 Question 101 Discussion

Actual exam question for Google's Professional Cloud Security Engineer exam

Question #: 101
Topic #: 1

[All Professional Cloud Security Engineer Questions]

You are on your company's development team. You noticed that your web application hosted in staging on GKE dynamically includes user data in web pages without first properly validating the inputted dat

a. This could allow an attacker to execute gibberish commands and display arbitrary content in a victim user's browser in a production environment.

How should you prevent and fix this vulnerability?

AUse Cloud IAP based on IP address or end-user device attributes to prevent and fix the vulnerability.

BSet up an HTTPS load balancer, and then use Cloud Armor for the production environment to prevent the potential XSS attack.

CUse Web Security Scanner to validate the usage of an outdated library in the code, and then use a secured version of the included library.

DUse Web Security Scanner in staging to simulate an XSS injection attack, and then use a templating system that supports contextual auto-escaping.

Show Suggested Answer

Suggested Answer: D

There is mention about simulating in Web Security Scanner. 'Web Security Scanner cross-site scripting (XSS) injection testing *simulates* an injection attack by inserting a benign test string into user-editable fields and then performing various user actions.' https://cloud.google.com/security-command-center/docs/how-to-remediate-web-security-scanner-findings#xss

by Avery at Apr 05, 2025, 10:45 PM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Security Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

An

2 months ago

Hmm, I wonder if the attacker will try to execute a 'git push origin master' command. Better go with option D to be safe!

upvoted 0 times

Oretha

26 days ago

Let's also make sure to use a templating system that supports contextual auto-escaping to further secure the web application.

upvoted 0 times

...

Jules

2 months ago

Agreed, using Web Security Scanner to simulate an XSS injection attack in staging is a good idea.

upvoted 0 times

...

Pearlie

2 months ago

I think we should go with option D to prevent any potential XSS attack.

upvoted 0 times

...

Micheal

3 months ago

This is a classic case of 'garbage in, garbage out.' Option D is the way to go! Gotta love those templating systems with auto-escaping.

upvoted 0 times

Jennie

1 months ago

We should also consider using the Web Security Scanner to simulate potential attacks and catch any vulnerabilities early on.

upvoted 0 times

...

Jose

2 months ago

Using a templating system with auto-escaping is crucial in preventing XSS attacks. Let's implement that as soon as possible.

upvoted 0 times

...

Shaunna

2 months ago

I agree, option D is definitely the best choice. We need to make sure our web application is secure.

upvoted 0 times

...

Valentin

3 months ago

I'm leaning towards option B. Setting up an HTTPS load balancer and using Cloud Armor seems like a robust solution to prevent the potential XSS attack.

upvoted 0 times

Ronna

2 months ago

It's important to prioritize security measures like this to keep our web application safe from vulnerabilities.

upvoted 0 times

...

Tegan

2 months ago

I agree, setting up an HTTPS load balancer and using Cloud Armor can definitely help protect against potential attacks.

upvoted 0 times

...

Starr

2 months ago

That sounds like a good idea. Option B seems like a strong choice to prevent XSS attacks.

upvoted 0 times

...

Alyssa

3 months ago

I believe setting up an HTTPS load balancer and using Cloud Armor is also a good option to prevent XSS attacks.

upvoted 0 times

...

Tonja

3 months ago

Definitely go with option D! Simulating the attack in the staging environment is the best way to identify and fix the vulnerability before it reaches production.

upvoted 0 times