PT0-003 · Question #202
PT0-003 Question #202: Real Exam Question with Answer & Explanation
Sign in or unlock PT0-003 to reveal the answer and full explanation for question #202. The question stem and answer options stay visible for context.
Question
A penetration tester finds it is possible to downgrade a web application's HTTPS connections to HTTP while performing on-path attacks on the local network. The tester reviews the output of the server response to: HTTP/2 302 date: Thu, 11 Jan 2024 15:56:24 GMT content-type: text/html; charset=iso-8859-l location: /login x-content-type-options: nosniff server: Prod Which of the following recommendations should the penetration tester include in the report?
Options
- AAdd the HSTS header to the server.
- BAttach the httponly flag to cookies.
- CFront the web application with a firewall rule to block access to port 80.
- DRemove the x-content-type-options header.
Unlock PT0-003 to see the answer
You've previewed enough free PT0-003 questions. Unlock PT0-003 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.