Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Google Professional Cloud Security Engineer Exam - Topic 4 Question 6 Discussion

You are on your company's development team. You noticed that your web application hosted in staging on GKE dynamically includes user data in web pages without first properly validating the inputted data. This could allow an attacker to execute gibberish commands and display arbitrary content in a victim user's browser in a production environment.How should you prevent and fix this vulnerability?
D) Use Web Security Scanner in staging to simulate an XSS injection attack, and then use a templating system that supports contextual auto-escaping.
A) Use Cloud IAP based on IP address or end-user device attributes to prevent and fix the vulnerability.
B) Set up an HTTPS load balancer, and then use Cloud Armor for the production environment to prevent the potential XSS attack.
C) Use Web Security Scanner to validate the usage of an outdated library in the code, and then use a secured version of the included library.

Google Professional Cloud Security Engineer Exam - Topic 4 Question 6 Discussion

Actual exam question for Google's Professional Cloud Security Engineer exam
Question #: 6
Topic #: 4
[All Professional Cloud Security Engineer Questions]

You are on your company's development team. You noticed that your web application hosted in staging on GKE dynamically includes user data in web pages without first properly validating the inputted data. This could allow an attacker to execute gibberish commands and display arbitrary content in a victim user's browser in a production environment.

How should you prevent and fix this vulnerability?

Show Suggested Answer Hide Answer
Suggested Answer: D

https://cloud.google.com/security-scanner/docs/remediate-findings

by Jeanice at May 09, 2022, 12:49 PM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Security Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Lino
7 months ago
Wait, can an attacker really execute commands like that? Sounds wild!
upvoted 0 times
...
Vince
7 months ago
I agree, HTTPS and Cloud Armor should be a priority!
upvoted 0 times
...
Sanjuana
8 months ago
Not sure if Cloud IAP is enough for this kind of vulnerability.
upvoted 0 times
...
Sylvie
8 months ago
I think using a templating system is the best way to go!
upvoted 0 times
...
Dorian
8 months ago
Definitely need to validate user input to avoid XSS.
upvoted 0 times
...
Louann
8 months ago
I feel like the Web Security Scanner is crucial here, especially in staging. We definitely need to simulate those attacks to identify vulnerabilities.
upvoted 0 times
...
Mi
8 months ago
I think using a templating system that supports auto-escaping sounds familiar. We practiced something similar in our last session, right?
upvoted 0 times
...
Rebbeca
8 months ago
I remember we discussed the importance of validating user input to prevent XSS attacks, but I'm not sure which option directly addresses that.
upvoted 0 times
...
Serina
8 months ago
I’m a bit confused about the role of Cloud Armor. Does it really help with XSS, or is it more for DDoS protection?
upvoted 0 times
...
Toi
8 months ago
I'm a little confused by the wording of the question. Do we need to consider the length of the cables as well? Maybe option C is worth considering to allow for flexibility.
upvoted 0 times
...
Precious
8 months ago
Payroll fraud is a tricky topic, but I'm going to go with C - Planning as my best guess.
upvoted 0 times
...
Audry
8 months ago
I feel pretty confident about this one. The key is to create a separate portal for the external researchers to collaborate, while giving the internal staff access to the main org. That way, we're meeting the needs of both groups.
upvoted 0 times
...
Eric
8 months ago
This looks like a tricky question. I'll need to think carefully about the different methods and how they use the product search index.
upvoted 0 times
...

Save Cancel