Free Certified-AppSec-Practitioner Mock Exam – Practice Online Confidently

Which of the following security attributes ensures that the browser only sends the cookie over a TLS (encrypted) channel?

Scan the code below and identify the vulnerability which is the most applicable for this scenario.

Based on the screenshot below, which of the following statements is true?

Request

GET /userProfile.php?sessionId=7576572ce164646de967c759643d53031 HTTP/1.1

Host: example.com

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) Firefox/107.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8

Accept-Language: en-GB,en;q=0.5

Accept-Encoding: gzip, deflate

Upgrade-Insecure-Requests: 1

Sec-Fetch-Dest: document

Sec-Fetch-Mode: navigate

Sec-Fetch-Site: none

Sec-Fetch-User: ?1

Cookie: JSESSIONID=7576572ce164646de967c759643d53031

Te: trailers

Connection: keep-alive

PrettyRaw | Hex | php | curl | ln | Pretty

HTTP/1.1 200 OK

Date: Fri, 09 Dec 2022 11:42:27 GMT

Server: Apache/2.4.54 (Unix) OpenSSL/1.0.2k-fips PHP/8.0.25

X-Powered-By: PHP/8.0.25

Content-Length: 12746

Content-Type: text/html; charset=UTF-8

Connection: keep-alive

Set-Cookie: JSESSIONID=7576572ce164646de967c759643d53031; Path=/; HttpOnly

Under the same-origin policy (also SOP), a web browser permits scripts contained in a web page to access data in another web page, but only if both web pages have the same origin. Which of the following pages are in the same origin as that of the below URL?

http://www.example.com/dir/page2.html

http://www.example.com/dir/other.html

http://www.example.com:81/dir/other.html

http://www.example.com/dir/other.html

http://en.example.com/dir/other.html

In the context of the Race Condition vulnerability, which of the following statements is true?