Neo Lo

I go through the OCMJEA wall of fame several times, but do not find any guidance about how to apply request.
As an Asian people, it is not easy to pass this exam because of our poor English.
So I want to share my name on this big forum for encouraging others.

Before Java EE 6 Enterprise Architect retired, I passed.
1Z0-865 takes me 3 month include studying UML and complete the assignment.
I submitted at 7/31/2020 and take 1Z0-866 at 8/3/2020.

next step -> find soft ware job at USA!

Jeanne Boyarsky wrote:I agree with you that D is more important than C. Without C, you don't have basic protection!

Yes, C is very important for web secure.
I think it's not so close to XSS attack, isn't it?

Hello everyone:
The following answer maybe wrong. May I ask some help here?

Which two measures are most effective in protecting websites from cross site scripting (XSS)
attacks?
A. Escape “<” and “>” parameters that displayed or evaluated by the JavaScript interpreter.
B. URL-encode “<” and “>”parameters so they will never be evaluated by the JavaScript
Interpreter.
C. Ensure that the session cookie is sent only on UTTPS connections.
D. Treat all user-supplied input as unsafe, and white list known good characters
E. Execute all user-supplied scripts in a server-side sandbox.
answer: CE.

I think DE is more correctly. AB is right, but not enough.