Month End Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: simple70

Discussions
  1. Home
  2. Discussions
  3. CompTIA
  4. PenTest+
  5. PT0-003 Discussions
  6. PT0-003 Exam Topic 1 Question 7 Discussion
 CompTIA Discussions
Exam PT0-003 All Questions
Exam PT0-003 All Questions

View all questions & answers for the PT0-003 exam

Go to Exam

CompTIA PenTest+ PT0-003 Question # 7 Topic 1 Discussion

PT0-003 Exam Topic 1 Question 7 Discussion:
Question #: 7
Topic #: 1

A penetration tester finds it is possible to downgrade a web application's HTTPS connections to HTTP while performing on-path attacks on the local network. The tester reviews the output of the server response to:

curl -s -i https://internalapp/

HTTP/2 302

date: Thu, 11 Jan 2024 15:56:24 GMT

content-type: text/html; charset=iso-8659-1

location: /login

x-content-type-options: nosniff

server: Prod

Which of the following recommendations should the penetration tester include in the report?
A.

Add the HSTS header to the server.

B.

Attach the httponly flag to cookies.

C.

Front the web application with a firewall rule to block access to port 80.

D.

Remove the x-content-type-options header.

Get Premium PT0-003 Questions
Actual exam question for CompTIA PT0-003 exam by Phoenix604 at Apr 8, 2025, 10:21:07 AM

Contribute your Thoughts:


Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Submit