'", "encodingFormat": "text/html", "comment": { "@type": "Comment" } } ], "suggestedAnswer": [ { "@type": "Answer", "position": 0, "text": "''", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "This is a classic XSS payload that displays an alert box with the text 'XSS'." } }, { "@type": "Answer", "position": 1, "text": "SELECT * FROM users", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "This is an SQL injection payload, not an XSS payload." } }, { "@type": "Answer", "position": 2, "text": "rm -rf /", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "This is a Linux command used to delete files, not an XSS payload." } }, { "@type": "Answer", "position": 3, "text": "echo 'Hello, world!'", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "This is a PHP command used to print text, not an XSS payload." } } ] }, { "@type": "Question", "eduQuestionType": "Multiple choice", "learningResourceType": "Exam exercise", "name": "ethical_hacking_objective", "text": "What is the primary objective of ethical hacking within the context of network security?", "encodingFormat": "text/html", "assesses": "ethical_hacking_objective", "acceptedAnswer": [ { "@type": "Answer", "position": 0, "text": "To identify and mitigate security vulnerabilities, enhancing the security posture of systems and networks", "encodingFormat": "text/html", "comment": { "@type": "Comment" } } ], "suggestedAnswer": [ { "@type": "Answer", "position": 0, "text": "To identify and mitigate security vulnerabilities, enhancing the security posture of systems and networks", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "Ethical hacking aims to improve security by finding and fixing vulnerabilities." } }, { "@type": "Answer", "position": 1, "text": "To steal sensitive data for personal gain", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "Ethical hackers do not steal data; they help protect it." } }, { "@type": "Answer", "position": 2, "text": "To disrupt the operations of organizations for malicious purposes", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "Ethical hackers do not disrupt operations; they help prevent disruptions." } }, { "@type": "Answer", "position": 3, "text": "To gain unauthorized access to systems for unethical reasons", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "Ethical hackers do not gain unauthorized access; they help prevent unauthorized access." } } ] }, { "@type": "Question", "eduQuestionType": "Multiple choice", "learningResourceType": "Exam exercise", "name": "xss_types", "text": "Which of the following is NOT a type of Cross-Site Scripting (XSS) attack?", "encodingFormat": "text/html", "assesses": "xss_types", "acceptedAnswer": [ { "@type": "Answer", "position": 3, "text": "Cross-site request forgery (CSRF)", "encodingFormat": "text/html", "comment": { "@type": "Comment" } } ], "suggestedAnswer": [ { "@type": "Answer", "position": 0, "text": "Reflected XSS", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "Reflected XSS is a type of XSS attack." } }, { "@type": "Answer", "position": 1, "text": "Persistent XSS", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "Persistent XSS is a type of XSS attack." } }, { "@type": "Answer", "position": 2, "text": "DOM-based XSS", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "DOM-based XSS is a type of XSS attack." } }, { "@type": "Answer", "position": 3, "text": "Cross-site request forgery (CSRF)", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "CSRF is not a type of XSS attack." } } ] }, { "@type": "Question", "eduQuestionType": "Multiple choice", "learningResourceType": "Exam exercise", "name": "xss_prevention", "text": "What is the primary purpose of encoding user input in web applications?", "encodingFormat": "text/html", "assesses": "xss_prevention", "acceptedAnswer": [ { "@type": "Answer", "position": 0, "text": "To prevent XSS vulnerabilities", "encodingFormat": "text/html", "comment": { "@type": "Comment" } } ], "suggestedAnswer": [ { "@type": "Answer", "position": 0, "text": "To prevent XSS vulnerabilities", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "Encoding user input helps prevent XSS attacks." } }, { "@type": "Answer", "position": 1, "text": "To improve application performance", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "Encoding user input does not improve performance." } }, { "@type": "Answer", "position": 2, "text": "To reduce server load", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "Encoding user input does not reduce server load." } }, { "@type": "Answer", "position": 3, "text": "To encrypt sensitive data", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "Encoding user input does not encrypt data." } } ] }, { "@type": "Question", "eduQuestionType": "Multiple choice", "learningResourceType": "Exam exercise", "name": "XSS Prevention", "text": "Which HTTP response header is specifically designed to prevent Reflected XSS attacks?", "encodingFormat": "text/html", "assesses": "XSS Prevention", "acceptedAnswer": [ { "@type": "Answer", "position": 1, "text": "X-Content-Type-Options", "encodingFormat": "text/html", "comment": { "@type": "Comment" } } ], "suggestedAnswer": [ { "@type": "Answer", "position": 0, "text": "Content-Type", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "Content-Type is used to specify the type of data being sent in the response, not to prevent XSS attacks." } }, { "@type": "Answer", "position": 1, "text": "X-Content-Type-Options", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "X-Content-Type-Options is a header that can be set to 'nosniff' to prevent browsers from guessing the MIME type of the response, which can help prevent XSS attacks." } }, { "@type": "Answer", "position": 2, "text": "X-Frame-Options", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "X-Frame-Options is used to prevent clickjacking attacks, not XSS attacks." } }, { "@type": "Answer", "position": 3, "text": "Cache-Control", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "Cache-Control is used to control how the response is cached, not to prevent XSS attacks." } } ] }, { "@type": "Question", "eduQuestionType": "Multiple choice", "learningResourceType": "Exam exercise", "name": "XSS Exploitation", "text": "What is the role of the 'document.write()' function in DOM-based XSS attacks?", "encodingFormat": "text/html", "assesses": "XSS Exploitation", "acceptedAnswer": [ { "@type": "Answer", "position": 0, "text": "It injects malicious code into the DOM", "encodingFormat": "text/html", "comment": { "@type": "Comment" } } ], "suggestedAnswer": [ { "@type": "Answer", "position": 0, "text": "It injects malicious code into the DOM", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "The 'document.write()' function can be used to inject malicious code into the DOM, which can then be executed by the browser." } }, { "@type": "Answer", "position": 1, "text": "It modifies the browser's location bar", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "The 'document.write()' function does not modify the browser's location bar." } }, { "@type": "Answer", "position": 2, "text": "It sends a request to the server", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "The 'document.write()' function does not send a request to the server." } }, { "@type": "Answer", "position": 3, "text": "It creates a new JavaScript object", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "The 'document.write()' function does not create a new JavaScript object." } } ] }, { "@type": "Question", "eduQuestionType": "Multiple choice", "learningResourceType": "Exam exercise", "name": "XSS Tools", "text": "Which of the following tools is commonly used to detect and exploit XSS vulnerabilities?", "encodingFormat": "text/html", "assesses": "XSS Tools", "acceptedAnswer": [ { "@type": "Answer", "position": 0, "text": "Burp Suite", "encodingFormat": "text/html", "comment": { "@type": "Comment" } } ], "suggestedAnswer": [ { "@type": "Answer", "position": 0, "text": "Burp Suite", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "Burp Suite is a popular tool for detecting and exploiting XSS vulnerabilities." } }, { "@type": "Answer", "position": 1, "text": "Wireshark", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "Wireshark is a tool for network analysis, not for detecting XSS vulnerabilities." } }, { "@type": "Answer", "position": 2, "text": "Metasploit", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "Metasploit is a tool for exploiting vulnerabilities, not for detecting them." } }, { "@type": "Answer", "position": 3, "text": "nmap", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "nmap is a tool for network scanning, not for detecting XSS vulnerabilities." } } ] }, { "@type": "Question", "eduQuestionType": "Multiple choice", "learningResourceType": "Exam exercise", "name": "XSS Fundamentals", "text": "What is the primary goal of an XSS attack?", "encodingFormat": "text/html", "assesses": "XSS Fundamentals", "acceptedAnswer": [ { "@type": "Answer", "position": 0, "text": "To steal sensitive information", "encodingFormat": "text/html", "comment": { "@type": "Comment" } } ], "suggestedAnswer": [ { "@type": "Answer", "position": 0, "text": "To steal sensitive information", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "The primary goal of an XSS attack is to steal sensitive information, such as cookies, session IDs, and other data that can be used to compromise a user's account." } }, { "@type": "Answer", "position": 1, "text": "To compromise the server", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "XSS attacks are not typically used to compromise the server." } }, { "@type": "Answer", "position": 2, "text": "To gain access to other systems", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "XSS attacks are not typically used to gain access to other systems." } }, { "@type": "Answer", "position": 3, "text": "To disrupt website functionality", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "XSS attacks can disrupt website functionality, but this is not typically the primary goal." } } ] }, { "@type": "Question", "eduQuestionType": "Multiple choice", "learningResourceType": "Exam exercise", "name": "Best Practices", "text": "Which of the following is a key best practice for preventing XSS attacks in web applications?", "encodingFormat": "text/html", "assesses": "Best Practices", "acceptedAnswer": [ { "@type": "Answer", "position": 0, "text": "Use proper input validation and encoding", "encodingFormat": "text/html", "comment": { "@type": "Comment" } } ], "suggestedAnswer": [ { "@type": "Answer", "position": 0, "text": "Use proper input validation and encoding", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "Input validation and encoding are crucial for preventing malicious input from being executed as code." } }, { "@type": "Answer", "position": 1, "text": "Disable JavaScript on the website", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "Disabling JavaScript would prevent all scripts from running, not just malicious ones." } }, { "@type": "Answer", "position": 2, "text": "Allow users to input HTML tags", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "Allowing HTML tags could allow attackers to inject malicious code." } }, { "@type": "Answer", "position": 3, "text": "Trust all user input without validation", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "Trusting user input without validation is a major security risk." } } ] }, { "@type": "Question", "eduQuestionType": "Multiple choice", "learningResourceType": "Exam exercise", "name": "Purpose of Sandboxing", "text": "What is the primary purpose of using a 'sandboxed' environment for executing JavaScript code in a web browser?", "encodingFormat": "text/html", "assesses": "Purpose of Sandboxing", "acceptedAnswer": [ { "@type": "Answer", "position": 0, "text": "To prevent malicious code from accessing the user's system", "encodingFormat": "text/html", "comment": { "@type": "Comment" } } ], "suggestedAnswer": [ { "@type": "Answer", "position": 0, "text": "To prevent malicious code from accessing the user's system", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "Sandboxing isolates JavaScript code, preventing it from accessing the user's system." } }, { "@type": "Answer", "position": 1, "text": "To improve JavaScript performance", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "Sandboxing does not primarily improve JavaScript performance." } }, { "@type": "Answer", "position": 2, "text": "To isolate JavaScript code from other applications", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "Sandboxing isolates JavaScript code from the browser, not other applications." } }, { "@type": "Answer", "position": 3, "text": "To encrypt JavaScript code", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "Sandboxing does not encrypt JavaScript code." } } ] }, { "@type": "Question", "eduQuestionType": "Multiple choice", "learningResourceType": "Exam exercise", "name": "Legacy Web Application Mitigation", "text": "What is a common technique used to mitigate the risk of XSS attacks in legacy web applications?", "encodingFormat": "text/html", "assesses": "Legacy Web Application Mitigation", "acceptedAnswer": [ { "@type": "Answer", "position": 0, "text": "Using a content security policy (CSP)", "encodingFormat": "text/html", "comment": { "@type": "Comment" } } ], "suggestedAnswer": [ { "@type": "Answer", "position": 0, "text": "Using a content security policy (CSP)", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "CSP helps prevent XSS attacks by restricting the execution of untrusted scripts." } }, { "@type": "Answer", "position": 1, "text": "Implementing HTTP Strict Transport Security (HSTS)", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "HSTS is not specifically designed to mitigate XSS attacks." } }, { "@type": "Answer", "position": 2, "text": "Enabling cross-origin resource sharing (CORS)", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "CORS is not a mitigation technique for XSS attacks." } }, { "@type": "Answer", "position": 3, "text": "Disabling all cookies", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "Disabling cookies would not effectively mitigate XSS attacks." } } ] }, { "@type": "Question", "eduQuestionType": "Multiple choice", "learningResourceType": "Exam exercise", "name": "Defining Characteristics", "text": "Which of the following is a defining characteristic of a Cross-Site Scripting (XSS) attack? ", "encodingFormat": "text/html", "assesses": "Defining Characteristics", "acceptedAnswer": [ { "@type": "Answer", "position": 0, "text": "Exploitation of a vulnerability that allows untrusted data to be interpreted as executable code in a web browser", "encodingFormat": "text/html", "comment": { "@type": "Comment" } } ], "suggestedAnswer": [ { "@type": "Answer", "position": 0, "text": "Exploitation of a vulnerability that allows untrusted data to be interpreted as executable code in a web browser", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "XSS attacks exploit vulnerabilities to execute malicious code in the victim's browser." } }, { "@type": "Answer", "position": 1, "text": "The attack targets only websites that utilize JavaScript", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "XSS attacks can target websites regardless of JavaScript usage." } }, { "@type": "Answer", "position": 2, "text": "Data is securely encrypted before transmission to the web server", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "XSS attacks involve exploiting vulnerabilities, not encrypting data." } } ] }, { "@type": "Question", "eduQuestionType": "Multiple choice", "learningResourceType": "Exam exercise", "name": "XSS Attack Types", "text": "In a reflected XSS attack, the malicious code originates from:", "encodingFormat": "text/html", "assesses": "XSS Attack Types", "acceptedAnswer": [ { "@type": "Answer", "position": 3, "text": "The user's input reflected back to their browser", "encodingFormat": "text/html", "comment": { "@type": "Comment" } } ], "suggestedAnswer": [ { "@type": "Answer", "position": 0, "text": "A third-party website", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "The malicious code in a reflected XSS attack originates from the victim's input, which is reflected back to their browser." } }, { "@type": "Answer", "position": 1, "text": "The victim's browser cache", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "The malicious code in a reflected XSS attack is included in the response from the server, not the victim's browser cache." } }, { "@type": "Answer", "position": 2, "text": "The server-side configuration files", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "The malicious code in a reflected XSS attack is included in the response from the server, not the server-side configuration files." } }, { "@type": "Answer", "position": 3, "text": "The user's input reflected back to their browser", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "In a reflected XSS attack, the malicious code is included in the victim's input, which is reflected back to their browser." } } ] }, { "@type": "Question", "eduQuestionType": "Multiple choice", "learningResourceType": "Exam exercise", "name": "XSS Attack Types", "text": "Which of the following is a typical payload used in stored XSS attacks?", "encodingFormat": "text/html", "assesses": "XSS Attack Types", "acceptedAnswer": [ { "@type": "Answer", "position": 2, "text": "<script>alert('XSS Attack Successful!')</script>", "encodingFormat": "text/html", "comment": { "@type": "Comment" } } ], "suggestedAnswer": [ { "@type": "Answer", "position": 0, "text": "%3Cscript%3Ealert('XSS')%3C/script%3E", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "This payload is typically used in reflected XSS attacks, not stored XSS attacks." } }, { "@type": "Answer", "position": 1, "text": "eval('alert(1)';", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "This payload is typically used in DOM-based XSS attacks, not stored XSS attacks." } }, { "@type": "Answer", "position": 2, "text": "<script>alert('XSS Attack Successful!')</script>", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "This payload is typically used in stored XSS attacks, where it is stored on the server and executed when the victim accesses the page." } }, { "@type": "Answer", "position": 3, "text": "alert(1)", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "This payload is typically used in client-side attacks, not stored XSS attacks." } } ] }, { "@type": "Question", "eduQuestionType": "Multiple choice", "learningResourceType": "Exam exercise", "name": "XSS Prevention", "text": "What is the primary purpose of an XSS filter?", "encodingFormat": "text/html", "assesses": "XSS Prevention", "acceptedAnswer": [ { "@type": "Answer", "position": 2, "text": "To prevent untrusted user input from being interpreted as executable code", "encodingFormat": "text/html", "comment": { "@type": "Comment" } } ], "suggestedAnswer": [ { "@type": "Answer", "position": 0, "text": "To block all incoming HTTP requests", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "An XSS filter specifically targets and blocks malicious input that could lead to XSS vulnerabilities." } }, { "@type": "Answer", "position": 1, "text": "To encrypt user input before transmission", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "Encryption is a separate security measure, while an XSS filter focuses on preventing malicious input from being executed as code." } }, { "@type": "Answer", "position": 2, "text": "To prevent untrusted user input from being interpreted as executable code", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "An XSS filter examines user input and removes or encodes any potentially malicious characters that could lead to XSS vulnerabilities." } } ] }, { "@type": "Question", "eduQuestionType": "Multiple choice", "learningResourceType": "Exam exercise", "name": "", "text": "Which of the following techniques can aid in mitigating the risk of XSS attacks?", "encodingFormat": "text/html", "assesses": "", "acceptedAnswer": [ { "@type": "Answer", "position": 2, "text": "Input validation and sanitization", "encodingFormat": "text/html", "comment": { "@type": "Comment" } } ], "suggestedAnswer": [ { "@type": "Answer", "position": 0, "text": "Using complex passwords", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "Complex passwords are important for general account security, but they do not specifically address XSS vulnerabilities." } }, { "@type": "Answer", "position": 1, "text": "Disabling JavaScript on the client side", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "While disabling JavaScript can prevent XSS attacks that rely on JavaScript, it is not a practical solution as it can break essential website functionality." } }, { "@type": "Answer", "position": 2, "text": "Input validation and sanitization", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "Input validation checks user input for malicious characters, while sanitization removes or encodes them, preventing XSS vulnerabilities." } }, { "@type": "Answer", "position": 3, "text": "Installing antivirus software", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "Antivirus software is designed to protect against viruses and malware, not XSS vulnerabilities." } } ] }, { "@type": "Question", "eduQuestionType": "Multiple choice", "learningResourceType": "Exam exercise", "name": "", "text": "Name a commonly used tool for scanning web applications for XSS vulnerabilities", "encodingFormat": "text/html", "assesses": "", "acceptedAnswer": [ { "@type": "Answer", "position": 0, "text": "Burp Suite", "encodingFormat": "text/html", "comment": { "@type": "Comment" } } ], "suggestedAnswer": [ { "@type": "Answer", "position": 0, "text": "Burp Suite", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "" } }, { "@type": "Answer", "position": 1, "text": "Metasploit", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "" } }, { "@type": "Answer", "position": 2, "text": "Wireshark", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "" } } ] }, { "@type": "Question", "eduQuestionType": "Multiple choice", "learningResourceType": "Exam exercise", "name": "", "text": "In a blind XSS attack, the attacker:", "encodingFormat": "text/html", "assesses": "", "acceptedAnswer": [ { "@type": "Answer", "position": 3, "text": "Cannot observe the immediate effects of the attack on the victim's browser", "encodingFormat": "text/html", "comment": { "@type": "Comment" } } ], "suggestedAnswer": [ { "@type": "Answer", "position": 0, "text": "Utilizes sophisticated encryption techniques", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "" } }, { "@type": "Answer", "position": 1, "text": "Requires direct access to the victim's computer", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "" } }, { "@type": "Answer", "position": 2, "text": "Can only target websites that employ specific web frameworks", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "" } }, { "@type": "Answer", "position": 3, "text": "Cannot observe the immediate effects of the attack on the victim's browser", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "" } } ] }, { "@type": "Question", "eduQuestionType": "Multiple choice", "learningResourceType": "Exam exercise", "name": "", "text": "Explain the distinction between reflected and stored XSS attacks.", "encodingFormat": "text/html", "assesses": "", "acceptedAnswer": [ { "@type": "Answer", "position": 0, "text": "Reflected XSS occurs when malicious code is reflected back to the user's browser in response to a request, while stored XSS occurs when malicious code is stored on the server-side and executed when a vulnerable page is loaded.", "encodingFormat": "text/html", "comment": { "@type": "Comment" } } ], "suggestedAnswer": [ { "@type": "Answer", "position": 0, "text": "Reflected XSS occurs when malicious code is reflected back to the user's browser in response to a request, while stored XSS occurs when malicious code is stored on the server-side and executed when a vulnerable page is loaded.", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "" } }, { "@type": "Answer", "position": 1, "text": "Reflected XSS attacks are more severe than stored XSS attacks.", "encodingFormat": "text/html", "comment": { "@type": "Comment", "text": "" } } ] } ] }