PT0-002 Question #615: Real Exam Question with Answer & Explanation

Sign in or unlock PT0-002 to reveal the answer and full explanation for question #615. The question stem and answer options stay visible for context.

Attacks and Exploits

Question

A penetration tester discovers a page on a company's website that has an XSS vulnerability and uses the following code to exploit it: The tester examines the logs on attacker.com and discovers that some cookies have been collected but not the session cookie. Which of the following is the best explanation?

Options

APOST requests are not logged by attacker.com.
BThe XSS JavaScript uses document.cookie, not domain. cookie.
CThe session cookie has the HttpOnly flag set.
DThe <script> tag will not execute document write commands

Unlock PT0-002 to see the answer

You've previewed enough free PT0-002 questions. Unlock PT0-002 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.

Unlock PT0-002 - $49.99 / 30 days Sign in

Topics

#XSS#HttpOnly#Cookie Security#Session Hijacking Prevention

Full PT0-002 Practice Browse All PT0-002 Questions