XSS or Cross-Site Scripting is a threat to web applications where malicious code is placed on a website that attacks the use using their existing authenticated session status.

Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web sites. Cross-site scripting (XSS) attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user in the output it generates without validating or encoding it.

An attacker can use XSS to send a malicious script to an unsuspecting user. The end user's browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by your browser and used with that site. These scripts can even rewrite the content of the HTML page.

Mitigation:

Configure your IPS - Intrusion Prevention System to detect and suppress this traffic.

Input Validation on the web application to normalize inputted data.

Set web apps to bind session cookies to the IP Address of the legitimate user and only permit that IP Address to use that cookie.

See the XSS (Cross Site Scripting) Prevention Cheat Sheet

See the Abridged XSS Prevention Cheat Sheet

See the DOM based XSS Prevention Cheat Sheet

See the OWASP Development Guide article on Phishing.

See the OWASP Development Guide article on Data Validation.

The following answers are incorrect:

Intrusion Detection Systems: Sorry. IDS Systems aren't usually the target of XSS attacks but a properly-configured IDS/IPS can 'detect and report on malicious string and suppress the TCP connection in an attempt to mitigate the threat.

Firewalls: Sorry. Firewalls aren't usually the target of XSS attacks.

DNS Servers: Same as above, DNS Servers aren't usually targeted in XSS attacks but they play a key role in the domain name resolution in the XSS attack process.

The following reference(s) was used to create this question:

CCCure Holistic Security+ CBT and Curriculum

and

https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29

From the published (ISC)2 goals for the Certified Information Systems Security Professional candidate:

The CISSP candidate should be familiar to communications and network security as it relates to voice, data, multimedia, and facsimile transmissions in terms of local area, wide area, and remote access.

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 57.

This question is asking you to consider the effects of object reuse. Object reuse is 'reassigning to subject media that previously contained information. Object reuse is a security concern because if insufficient measures were taken to erase the information on the media, the information may be disclosed to unauthorized personnel.'

This concept relates to Security Architecture and Design, because it is in level C2: Controlled Access Protection, of the Orange Book, where 'The object reuse concept must be invoked, meaning that any medium holding data must not contain any remnants of information after it is release for another subject to use.'

AIO Version 5 (Shon Harris), page 360

and

TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.

Terminology can be confusing between the different souces as both CBK and AIO3 call an application layer firewall a proxy and proxy servers are generally classified as either circuit-level proxies or application level proxies.

The distinction is that a circuit level proxy creates a conduit through which a trusted host can communicate with an untrusted one and doesn't really look at the application contents of the packet (as an application level proxy does). SOCKS is one of the better known circuit-level proxies.

Firewalls

Packet Filtering Firewall - First Generation

n Screening Router

n Operates at Network and Transport level

n Examines Source and Destination IP Address

n Can deny based on ACLs

n Can specify Port

Application Level Firewall - Second Generation

n Proxy Server

n Copies each packet from one network to the other

n Masks the origin of the data

n Operates at layer 7 (Application Layer)

n Reduces Network performance since it has do analyze each packet and decide what to do with it.

n Also Called Application Layer Gateway

Stateful Inspection Firewalls -- Third Generation

n Packets Analyzed at all OSI layers

n Queued at the network level

n Faster than Application level Gateway

Dynamic Packet Filtering Firewalls -- Fourth Generation

n Allows modification of security rules

n Mostly used for UDP

n Remembers all of the UDP packets that have crossed the network's perimeter, and it decides whether to enable packets to pass through the firewall.

Kernel Proxy -- Fifth Generation

n Runs in NT Kernel

n Uses dynamic and custom TCP/IP-based stacks to inspect the network packets and to enforce security policies.

'Current level firewall' is incorrect. This is an amost-right-sounding distractor to confuse the unwary.

'Cache level firewall' is incorrect. This too is a distractor.

'Session level firewall' is incorrect. This too is a distractor.

References

CBK, p. 466 - 467

AIO3, pp. 486 - 490

CISSP Study Notes from Exam Prep Guide

Additional examples of CIRT activities are:

Management of the network logs, including collection, retention, review, and analysis of data

Management of the resolution of an incident, management of the remediation of a vulnerability, and post-event reporting to the appropriate parties.

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 64.