Implementing and Operating Cisco Security Core Technologies (SCOR) — Question 24

Which two preventive measures are used to control cross-site scripting? (Choose two.)

Answer options

• A. Enable client-side scripts on a per-domain basis.
• B. Incorporate contextual output encoding/escaping.
• C. Disable cookie inspection in the HTML inspection engine.
• D. Run untrusted HTML input through an HTML sanitization engine.
• E. SameSite cookie attribute should not be used.

Correct answer: B, D

Explanation

The correct answers are B and D because contextual output encoding/escaping directly mitigates the risks associated with cross-site scripting by ensuring that data is rendered safely in the browser. Additionally, using an HTML sanitization engine cleans untrusted input, removing potentially harmful scripts. Options A and C do not provide effective prevention strategies, while E contradicts best practices for cookie attributes that enhance security.