New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

ISC2 CAP Exam - Topic 4 Question 83 Discussion

Actual exam question for ISC2's CAP exam
Question #: 83
Topic #: 4
[All CAP Questions]

Which HTTP header is used by the CORS (Cross-origin resource sharing) standard to control access to resources on a server?

Show Suggested Answer Hide Answer
Suggested Answer: C

by Louann at Apr 21, 2024, 08:13 PM

Limited Time Offer

25%

Off

Get Premium CAP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Carmen
3 months ago
None of the above seems unlikely, but who knows?
upvoted 0 times
...
Ocie
3 months ago
Wait, is it really that one? I thought there were more options.
upvoted 0 times
...
Brent
3 months ago
Yeah, Access-Control-Allow-Headers is the right one.
upvoted 0 times
...
Mirta
4 months ago
I thought it was Access-Control-Request-Method.
upvoted 0 times
...
Chu
4 months ago
It's definitely Access-Control-Allow-Headers!
upvoted 0 times
...
Felix
4 months ago
I remember something about CORS headers, but I can't recall if any of these options are the main one used for access control.
upvoted 0 times
...
Felicitas
4 months ago
I'm not entirely sure, but I think "Access-Control-Request-Method" is more about what methods are allowed, not controlling access directly.
upvoted 0 times
...
Johnna
4 months ago
I feel like I saw a question about CORS headers in practice tests, and "Access-Control-Allow-Headers" sounds familiar.
upvoted 0 times
...
Lizbeth
5 months ago
I think the header we're looking for is related to permissions, but I can't remember if it's "Allow" or "Request."
upvoted 0 times
...
Dean
5 months ago
I remember learning about CORS in my web development class, so I think I've got a good handle on this. The correct answer is definitely C, Access-Control-Allow-Headers. That's the header used to control which headers are allowed in cross-origin requests.
upvoted 0 times
...
Louis
5 months ago
This seems like a tricky one. I'm not super familiar with the CORS standard, so I'm not totally confident in my answer. I'll just take a guess and go with B, Access-Control-Request-Headers.
upvoted 0 times
...
Florinda
5 months ago
Okay, I think I've got this. The Access-Control-Request-Headers header is used to indicate which headers will be sent in the actual request, while the Access-Control-Allow-Headers header is used by the server to specify which headers are allowed. So the correct answer must be C.
upvoted 0 times
...
Kiley
5 months ago
Hmm, I'm a bit confused on this one. I know CORS has to do with controlling access to resources, but I'm not totally sure which specific header is used for that. I'll have to think about it a bit more.
upvoted 0 times
...
Jenelle
5 months ago
I'm pretty sure the answer is Access-Control-Allow-Headers, since that's the header used to specify which headers are allowed to be sent in a cross-origin request.
upvoted 0 times
...
Pa
5 months ago
I've seen the Access-Control-Allow-Headers header used in CORS before, so I'm going to go with C on this one.
upvoted 0 times
...
German
5 months ago
Okay, let me think this through. The question is asking about a CORS header, so it's likely one of the Access-Control-* headers. I'm going to go with B, Access-Control-Request-Headers.
upvoted 0 times
...
Armanda
5 months ago
Hmm, I'm a bit confused on this one. I know CORS has to do with controlling access to resources, but I'm not sure which specific header is used for that.
upvoted 0 times
...
My
5 months ago
I'm pretty sure this has to do with the Access-Control-Allow-Headers header, which is used to specify which headers are allowed to be sent in a cross-origin request.
upvoted 0 times
...
Deandrea
5 months ago
I've got a strategy for this - I'll focus on understanding the key differences between what a code audit can and can't determine.
upvoted 0 times
...
Tammy
5 months ago
Whoa, this is a tricky one. I'll need to really focus and make sure I understand the differences between the options before selecting the answer.
upvoted 0 times
...
Bernardo
5 months ago
This looks like a security-related question, so I'll need to think about the different ways Citrix can protect against PII disclosure. I'm not totally sure, but I'll give it my best shot.
upvoted 0 times
...
Billi
5 months ago
I'm a bit confused by the options. I'm not sure if the firewall zone, firmware, or NTP are directly related to the synchronization errors. I'll have to think this through carefully.
upvoted 0 times
...
Wilda
9 months ago
My money's on A) Access-Control-Request-Method. Who needs sleep when you have caffeine and CORS trivia, am I right?
upvoted 0 times
Trinidad
8 months ago
Actually, it's D) None of the above.
upvoted 0 times
...
Linwood
8 months ago
I agree with you, A) Access-Control-Request-Method is the correct answer.
upvoted 0 times
...
Reita
8 months ago
I'm pretty sure it's C) Access-Control-Allow-Headers.
upvoted 0 times
...
Norah
9 months ago
I think it's B) Access-Control-Request-Headers.
upvoted 0 times
...
...
Annice
9 months ago
B) Access-Control-Request-Headers. Wait, is that right? I'm just guessing at this point.
upvoted 0 times
Deeanna
8 months ago
C) Access-Control-Allow-Headers
upvoted 0 times
...
Iraida
8 months ago
B) Access-Control-Request-Headers
upvoted 0 times
...
Elouise
8 months ago
A) Access-Control-Request-Method
upvoted 0 times
...
...
Dalene
10 months ago
C) Access-Control-Allow-Headers. I can't believe I remembered that from the training materials!
upvoted 0 times
Lisha
8 months ago
C) Access-Control-Allow-Headers
upvoted 0 times
...
Lynsey
9 months ago
B) Access-Control-Request-Headers
upvoted 0 times
...
Fletcher
9 months ago
A) Access-Control-Request-Method
upvoted 0 times
...
...
Brandee
10 months ago
I'm going with D. None of the above. That's too easy, there's gotta be a catch!
upvoted 0 times
Judy
8 months ago
User4: I'm going with D. None of the above. That's too easy, there's gotta be a catch!
upvoted 0 times
...
King
8 months ago
User3: I agree with User1, A) Access-Control-Request-Method sounds right
upvoted 0 times
...
Leontine
9 months ago
User2: I'm not sure, I'll go with B) Access-Control-Request-Headers
upvoted 0 times
...
Amber
9 months ago
User1: I think it's A) Access-Control-Request-Method
upvoted 0 times
...
...
Frank
10 months ago
Access-Control-Allow-Headers, of course! That's the header that defines which headers are allowed in the actual request.
upvoted 0 times
...
Mertie
11 months ago
Hmm, I see your point. Let's discuss it further.
upvoted 0 times
...
Anabel
11 months ago
I disagree, I believe the correct answer is B) Access-Control-Request-Headers.
upvoted 0 times
...
Mertie
11 months ago
I think the answer is A) Access-Control-Request-Method.
upvoted 0 times
...

Save Cancel