An organization conducted a web application vulnerability assessment against the corporate website, and the following output was observed:
Which of the following tuning recommendations should the security analyst share?
A . Set an HttpOnlvflaq to force communication by HTTPS
B . Block requests without an X-Frame-Options header
C . Configure an Access-Control-Allow-Origin header to authorized domains
D . Disable the cross-origin resource sharing header
Answer: B
Explanation:
The output shows that the web application is vulnerable to clickjacking attacks, which allow an attacker to overlay a hidden frame on top of a legitimate page and trick users into clicking on malicious links. Blocking requests without an X-Frame-Options header can prevent this attack by instructing the browser to not display the page within a frame.
Latest CS0-003 Dumps Valid Version with 128 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund