For cookie or session poisoning, which practice is recommended?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Study for the EC-Council Certified Security Specialist (ECSS) Test. Enhance your skills with flashcards and multiple-choice questions; each question provides hints and explanations. Prepare confidently for your exam!

Multiple Choice

For cookie or session poisoning, which practice is recommended?

Explanation:
Managing the lifetime of a session cookie is a key defense against cookie or session poisoning. Implementing a timeout on cookies sets an expiration so a stolen or forged cookie becomes unusable after a short period. This tightens the window an attacker has to exploit a compromised session and forces reauthentication, which helps prevent ongoing hijacking or misuse of the session. Other choices touch on related security practices but don’t directly address the poisoning risk as effectively. Not storing plain text or weak passwords protects credentials, not the cookie itself. Setting the secure flag helps protect cookies in transit, but if a cookie has already been captured, the flag doesn’t limit how long it can be used. Strong input validation is important for overall security, but it doesn’t specifically mitigate session cookie poisoning.

Managing the lifetime of a session cookie is a key defense against cookie or session poisoning. Implementing a timeout on cookies sets an expiration so a stolen or forged cookie becomes unusable after a short period. This tightens the window an attacker has to exploit a compromised session and forces reauthentication, which helps prevent ongoing hijacking or misuse of the session.

Other choices touch on related security practices but don’t directly address the poisoning risk as effectively. Not storing plain text or weak passwords protects credentials, not the cookie itself. Setting the secure flag helps protect cookies in transit, but if a cookie has already been captured, the flag doesn’t limit how long it can be used. Strong input validation is important for overall security, but it doesn’t specifically mitigate session cookie poisoning.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy