CompTIA CASP+ (CAS-003) — Question 356

A recent security assessment revealed a web application may be vulnerable to clickjacking. According to the application developers, a fix may be months away.
Which of the following should a security engineer configure on the web server to help mitigate the issue?

Answer options

• A. File upload size limits
• B. HttpOnly cookie field
• C. X-Frame-Options header
• D. Input validation

Correct answer: C

Explanation

The X-Frame-Options header is specifically designed to prevent clickjacking by controlling whether a web page can be displayed in a frame. The other options, such as file upload limits, HttpOnly cookie fields, and input validation, do not address the specific vulnerability of clickjacking and are thus ineffective in this scenario.