New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Eccouncil 312-96 Exam - Topic 1 Question 22 Discussion

Actual exam question for Eccouncil's 312-96 exam
Question #: 22
Topic #: 1
[All 312-96 Questions]

Thomas is not skilled in secure coding. He neither underwent secure coding training nor is aware of the consequences of insecure coding. One day, he wrote code as shown in the following screenshot. He passed 'false' parameter to setHttpOnly() method that may result in the existence of a certain type of vulnerability. Identify the attack that could exploit the vulnerability in the above case.

Show Suggested Answer Hide Answer
Suggested Answer: B

by Clay at Jul 13, 2024, 02:22 PM

Limited Time Offer

25%

Off

Get Premium 312-96 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Antonio
3 months ago
I didn't know 'false' could cause such issues, wow!
upvoted 0 times
...
Elbert
3 months ago
Directory Traversal seems unlikely here.
upvoted 0 times
...
Sherron
3 months ago
Wait, are we sure it's not SQL Injection?
upvoted 0 times
...
Aileen
4 months ago
Totally agree, that's a classic vulnerability!
upvoted 0 times
...
Alysa
4 months ago
This could lead to a Client-Side Scripts Attack.
upvoted 0 times
...
Alberto
4 months ago
I'm a bit confused. I thought SQL Injection was more about database queries, not cookies. But I guess if the cookies are compromised, it could lead to other attacks?
upvoted 0 times
...
Pamella
4 months ago
I practiced a question similar to this, and I think it was about how not using HttpOnly can expose cookies to XSS attacks. So, I would lean towards option B.
upvoted 0 times
...
Sherell
4 months ago
I think if the HttpOnly flag is not set, it could allow for client-side scripts to access the cookies, which might lead to a Client-Side Scripts Attack.
upvoted 0 times
...
Alishia
5 months ago
I remember something about HttpOnly cookies being important for preventing client-side script attacks, but I'm not entirely sure how that connects to the options given.
upvoted 0 times
...
Whitley
5 months ago
Hmm, this is a tricky one. I'm a bit confused about the vulnerability mentioned, but I'll try to break it down step-by-step. I think the key is understanding how the setHttpOnly() method works and the potential consequences of passing a 'false' parameter.
upvoted 0 times
...
Cammy
5 months ago
Alright, time to put on my thinking cap. The code snippet doesn't seem to be related to SQL injection or directory traversal, so I'm going to rule those out. I'm leaning towards a client-side script attack, but I'll make sure to review the details carefully.
upvoted 0 times
...
Emelda
5 months ago
Hmm, this looks like a tricky one. I'll need to carefully analyze the code and the vulnerability mentioned to determine the correct attack type.
upvoted 0 times
...
Lou
5 months ago
Okay, let's see here. The question says Thomas passed a 'false' parameter to the setHttpOnly() method, which could lead to a vulnerability. I'm thinking this might be related to a client-side script attack, but I'll double-check that.
upvoted 0 times
...
Rosendo
5 months ago
Okay, let me think this through. Since vRealize Operations Manager is already in use for vSphere monitoring, I'm guessing we need to add some specific components for Horizon monitoring.
upvoted 0 times
...
Colette
5 months ago
Hmm, I'm a bit unsure about this one. The DITSCAP/NIACAP model has a lot of different phases, and I'm not entirely sure which one is focused on the accreditation process and ATO. I'll need to think this through carefully.
upvoted 0 times
...
Maile
2 years ago
SQL Injection? Directory Traversal? What is this, a video game boss fight? I think Thomas just unlocked the 'Insecure Coding' achievement. Time to start a new game and level up those secure coding skills!
upvoted 0 times
Justine
2 years ago
C) SQL Injection Attack
upvoted 0 times
...
Jani
2 years ago
B) Client-Side Scripts Attack
upvoted 0 times
...
...
Arlette
2 years ago
Client-side scripts attack is the correct answer here. Passing 'false' to setHttpOnly() means the session cookie won't be marked as HttpOnly, which leaves it vulnerable to client-side scripts. Thomas really needs to brush up on web security basics.
upvoted 0 times
Eladia
1 year ago
It's important to always be aware of potential vulnerabilities in your code.
upvoted 0 times
...
Glynda
1 year ago
Yes, you're right. Thomas should definitely learn more about secure coding.
upvoted 0 times
...
Charolette
1 year ago
I think the correct answer is B) Client-Side Scripts Attack.
upvoted 0 times
...
...
Jenelle
2 years ago
I believe the correct answer is B) Client-Side Scripts Attack because the code is not properly securing the HTTPOnly flag.
upvoted 0 times
...
Oren
2 years ago
Hmm, I'm not too sure about this one. Could it also be a denial-of-service attack? Either way, Thomas needs to learn about secure coding practices, and fast! Maybe he can try a 'Secure Coding for Dummies' book - it might be a good starting point.
upvoted 0 times
...
Helene
2 years ago
The code snippet shows that Thomas passed 'false' to the setHttpOnly() method, which could lead to a client-side scripts attack. That's a dangerous vulnerability that could allow attackers to steal session cookies and gain unauthorized access.
upvoted 0 times
Della
1 year ago
C) SQL Injection Attack
upvoted 0 times
...
Lavonda
1 year ago
B) Client-Side Scripts Attack
upvoted 0 times
...
Elke
2 years ago
A) Denial-of-Service attack
upvoted 0 times
...
Ashley
2 years ago
C) SQL Injection Attack
upvoted 0 times
...
Shannan
2 years ago
B) Client-Side Scripts Attack
upvoted 0 times
...
Luis
2 years ago
A) Denial-of-Service attack
upvoted 0 times
...
...
Vilma
2 years ago
I agree with Chantay, passing 'false' to setHttpOnly() method can lead to client-side scripts being able to access sensitive information.
upvoted 0 times
...
Chantay
2 years ago
I think the vulnerability in the code could be exploited by a Client-Side Scripts Attack.
upvoted 0 times
...

Save Cancel