PT0-001 · Question #55
PT0-001 Question #55: Real Exam Question with Answer & Explanation
The correct answer is A: Enable HTTP Strict Transport Security.. Basic authentication transmits credentials as base64-encoded text, which is trivially decoded if sent over plain HTTP. HTTP Strict Transport Security (HSTS) enforces that browsers only communicate with the server over HTTPS, preventing credential interception and downgrade attack
Question
Options
- AEnable HTTP Strict Transport Security.
- BEnable a secure cookie flag.
- CEncrypt the communication channel.
- DSanitize invalid user input.
Explanation
Basic authentication transmits credentials as base64-encoded text, which is trivially decoded if sent over plain HTTP. HTTP Strict Transport Security (HSTS) enforces that browsers only communicate with the server over HTTPS, preventing credential interception and downgrade attacks.
Common mistakes.
- B. The secure cookie flag protects session cookies from being sent over non-HTTPS connections, but does not address the exposure of credentials transmitted in the Authorization header by basic authentication.
- C. Simply adding TLS to the channel is a partial mitigation, but without HSTS enforcement a downgrade attack or misconfigured client can still initiate an HTTP connection that exposes basic auth credentials.
- D. Sanitizing user input defends against injection attacks such as XSS or SQL injection and has no bearing on the transmission security of credentials sent via the basic authentication mechanism.
Concept tested. HSTS enforcement to protect basic authentication credentials
Reference. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
Community Discussion
No community discussion yet for this question.