Crucial Exams

ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

A developer is updating an e-commerce site to display customer-supplied product reviews in an HTML template. The reviews are saved in the database without modification. To stop attackers from injecting malicious scripts that execute in shoppers' browsers, which control should the developer add to the presentation layer?

  • Obfuscate the site's JavaScript files with a packer during the build process.

  • Require multi-factor authentication for users who submit reviews.

  • Apply HTML entity encoding to the review text immediately before it is written to the page.

  • Reject any review whose length exceeds a predefined maximum.

ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Implementation
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot