CompTIA CASP+ (CAS-003) — Question 264

A web developer has implemented HTML5 optimizations into a legacy web application. One of the modifications the web developer made was the following client side optimization: localStorage.setItem(`session-cookie`, document.cookie);
Which of the following should the security engineer recommend?

Answer options

• A. SessionStorage should be used so authorized cookies expire after the session ends
• B. Cookies should be marked as ג€secureג€ and ג€HttpOnlyג€
• C. Cookies should be scoped to a relevant domain/path
• D. Client-side cookies should be replaced by server-side mechanisms

Correct answer: C

Explanation

The correct answer is C because scoping cookies to a relevant domain/path enhances security by limiting access to only the intended parts of the application. While options A, B, and D offer security improvements, they do not directly address the issue of cookie scope, which is crucial for preventing unauthorized access.