CompTIA SecurityX (CAS-005) — Question 163
A company runs a DAST scan on a web application. The tool outputs the following recommendations:
• Use Cookie prefixes.
• Content Security Policy - SameSite=strict is not set.
Which of the following vulnerabilities has the tool identified?
Answer options
- A. RCE
- B. XSS
- C. CSRF
- D. TOCTOU
Correct answer: C
Explanation
The recommendations provided focus on improving cookie security and preventing cross-site request forgery (CSRF) attacks. Using Cookie prefixes and setting the SameSite attribute to strict helps protect against CSRF, making C the correct answer. The other options like RCE, XSS, and TOCTOU do not directly relate to the recommendations given.