210-255 · Question #62
Which two HTTP header fields relate to intrusion analysis? (Choose two).
The correct answer is A. user-agent B. host. The user-agent and host HTTP header fields are most valuable for intrusion analysis because they expose client identity and the intended target of each request.
Question
Which two HTTP header fields relate to intrusion analysis? (Choose two).
Options
- Auser-agent
- Bhost
- Cconnection
- Dlanguage
- Ehandshake type
How the community answered
(28 responses)- A89% (25)
- C7% (2)
- D4% (1)
Why each option
The user-agent and host HTTP header fields are most valuable for intrusion analysis because they expose client identity and the intended target of each request.
The user-agent header identifies the client software making the request and is commonly manipulated by attackers using exploit frameworks, automated scanners, or malware, making it a primary indicator for detecting malicious or anomalous HTTP activity.
The host header specifies which domain or virtual host is being targeted and is critical for detecting host header injection attacks, identifying which assets are under attack, and correlating requests to specific web applications in a multi-tenant environment.
The connection header manages TCP connection persistence such as keep-alive directives and provides no meaningful signal for identifying malicious intent or attacker behavior patterns.
The accept-language header indicates preferred response language for content negotiation and carries no security significance relevant to intrusion detection or attack analysis.
Handshake type is not a standard HTTP header field; TLS handshake negotiation occurs at the transport layer and is not visible or applicable as an HTTP header for intrusion analysis.
Concept tested: HTTP header fields relevant to intrusion detection analysis
Source: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers
Topics
Community Discussion
No community discussion yet for this question.