CompTIA PenTest+ (PT0-003) — Question 52

A penetration tester finds it is possible to downgrade a web application's HTTPS connections to HTTP while performing on-path attacks on the local network. The tester reviews the output of the server response to curl -s -I https://internalapp/.

HTTP/2 302 -
date: Thu, 11 Jan 2024 15:56:24 GMT
content-type: text/html; charset=iso-8859-l
location: /login
x-content-type-options: nosniff
server: Prod

Which of the following recommendations should the penetration tester include in the report?

Answer options

• A. Add the HSTS header to the server.
• B. Attach the httponly flag to cookies.
• C. Front the web application with a firewall rule to block access to port 80.
• D. Remove the x-content-type-options header.

Correct answer: A

Explanation

The correct answer is A because adding the HSTS (HTTP Strict Transport Security) header helps prevent downgrade attacks by enforcing the use of HTTPS. Options B and D do not address the issue of HTTPS downgrading, while option C may block port 80 access but does not prevent attackers from downgrading connections if the HSTS header is not present.