1Y0-341 Exam - Question 7

A & D are fine CSRF meaning CSRF form tagging check (https://docs.netscaler.com/en-us/citrix-adc/current-release/application-firewall/form-protections/cross-site-request-forgery-check.html) where data from web forms returned by users are checked.

A and B check the form of the input

The question is asking about data returned by the client. XSS and CSRF are with regard to preventing malicious data from being sent to the server rather than ensuring the correct data is returned by the client.

A. Form Field Consistency - This ensures that the client has not altered the structure of the web forms and that data submitted adheres to HTML restrictions for length and type. B. Field Formats - This validates the type and length of user-submitted data in web forms to ensure they are appropriate for the intended fields.

B (Field Formats) should also be correct, since it validates users' forms input as well Field Formats: https://docs.citrix.com/en-us/citrix-adc/current-release/application-firewall/form-protections/field-formats-check.html Form Field Consistency Check: https://docs.citrix.com/en-us/citrix-adc/current-release/application-firewall/form-protections/form-field-consistency-check.html CSRF: https://docs.citrix.com/en-us/citrix-adc/current-release/application-firewall/form-protections/cross-site-request-forgery-check.html

Reference - https://docs.citrix.com/en-us/citrix-adc-secure-deployment.html See "Third Tier of Security."

A. Form Field Consistency: This ensures that the data submitted by the client matches the expected format and values, preventing tampering or manipulation of form fields. B. Field Formats: This involves validating that the data conforms to the expected format, such as ensuring email addresses are correctly formatted or dates are in the proper format.