Prisma Certified Cloud Security Engineer (PCCSE) — Question 243

The development team wants to block Cross Site Scripting attacks from pods in its environment.
How should the team construct the CNAF policy to protect against this attack?

Answer options

• A. create a Host CNAF policy, targeted at a specific resource, check the box for XSS attack protection, and set the action to ג€preventג€.
• B. create a Container CNAF policy, targeted at a specific resource, check the box for XSS attack protection, and set the action to alert.
• C. create a Container CNAF policy, targeted at a specific resource, check the box for XSS protection, and set the action to prevent.
• D. create a Container CNAF policy, targeted at a specific resource, and they should set ג€Explicitly allowed inbound IP sourcesג€ to the IP address of the pod.

Correct answer: C

Explanation

The correct answer is C because it focuses on creating a Container CNAF policy that specifically targets XSS protection and sets the action to prevent, which directly mitigates the risk of such attacks. Option A is incorrect as it refers to a Host CNAF policy, which is not suitable for this scenario. Option B does not prevent the attack but only alerts, and option D does not address XSS protection at all.