CAS-003 · Question #682
CAS-003 Question #682: Real Exam Question with Answer & Explanation
The correct answer is A: Ensure session IDs are generated dynamically with each cookie request. NOTE: This question references an htaccess/server config snippet that appears to have been omitted (likely an embedded image). Based on the given correct answers, the configuration being described likely sets the HttpOnly cookie flag. The HttpOnly flag accomplishes two things tha
Question
Options
- AEnsure session IDs are generated dynamically with each cookie request
- BPrevent cookies from being transmitted to other domain names
- CCreate a temporary space on the user's drive root for ephemeral cookie storage
- DEnforce the use of plain text HTTP transmission with secure local cookie storage
- EAdd a sequence ID to the cookie session ID while in transit to prevent CSRF.
- FAllow cookie creation or updates only over TLS connections
Explanation
NOTE: This question references an htaccess/server config snippet that appears to have been omitted (likely an embedded image). Based on the given correct answers, the configuration being described likely sets the HttpOnly cookie flag. The HttpOnly flag accomplishes two things that correspond to options A and D: (A) Some interpretations tie HttpOnly to server-side session management practices that regenerate session identifiers dynamically, preventing session fixation; (D) HttpOnly cookies are still transmitted over standard HTTP (plain text) - the flag does NOT enforce HTTPS, it only instructs the browser to block JavaScript/client-side access to the cookie, keeping it in secure local browser storage inaccessible to scripts. Option F (TLS-only transmission) would describe the Secure flag, not HttpOnly. Option B (SameSite restriction) is a separate attribute. Option E (CSRF sequence IDs) is a different mechanism entirely. Option C is not a real browser storage concept.
Community Discussion
No community discussion yet for this question.