nerdexam
EC-Council

EC0-350 · Question #425

EC0-350 Question #425: Real Exam Question with Answer & Explanation

The correct answer is B. The session cookies do not have the HttpOnly flag set.. See the full explanation below for the reasoning.

Question

During a penetration test, a tester finds that the web application being analyzed is vulnerable to Cross Site Scripting (XSS). Which of the following conditions must be met to exploit this vulnerability?

Options

  • AThe web application does not have the secure flag set.
  • BThe session cookies do not have the HttpOnly flag set.
  • CThe victim user should not have an endpoint security solution.
  • DThe victim's browser must have ActiveX technology enabled.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full EC0-350 Practice