Content providers typically employ the content distribution network (CDN), a collection of proxy servers distributed geographically, to accelerate downloads of files, images, streaming media, scripts, etc. As a website author, which of the following best addresses security concerns?
A. User analytics for behavioral targeting
B. Cookies for data tracking
C. Hashes for subresource Integrity
D. Scripts for cross-origin access
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is C. Hashes for subresource Integrity.
Tracking, Sending, Analyzing, and Marketing
SubResource Integrity (SRI) as Countermeasure
For example, the official jQuery web site advises the hash code of jQuery 3.5.1 is “9/aliU8dGd2tb6OSsuzixeV4y/faTqgFtohetphbbj0=” if a web author decides to use the copy from a CDN, the hash code should be specified as follows:
<script src="https://code.jquery.com/jquery-3.5.1.min.js" integrity="sha256-9/aliU8dGd2tb6OSsuzixeV4y/faTqgFtohetphbbj0=" crossorigin="anonymous"> </script>
Same-Origin and Cross-Origin
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and informative reference for security professionals.
A. 行為定位的用戶分析 (User analytics for behavioral targeting)
B. 用於數據跟踪的Cookies (Cookies for data tracking)
C. 子資源完整性哈希 (Hashes for subresource Integrity)
D. 跨域訪問腳本 (Scripts for cross-origin access)