Back to CompTIA Security+ (CompTIA Security+)

Web Security

Protecting web applications and servers

Focuses on securing web applications and servers against various cyber threats by implementing proper security controls, secure coding techniques, and understanding how to detect and prevent common web vulnerabilities.
5 minutes 5 Questions

Web Security involves protecting websites, web applications, and associated services from threats targeting web-based systems. For CompTIA Security+ purposes, key components include: 1. HTTPS/TLS: Encrypting connections between clients and servers using certificates to prevent eavesdropping and ma…

Concepts covered: Transport Layer Security (TLS) / Secure Sockets Layer (SSL), HTTP Strict Transport Security, Content Security Policy Header, Cross-Site Scripting (XSS), Secure Cookie Handling, Clickjacking Defense, Content Security Policy (CSP), Structured Query Language (SQL) Injection, Same Origin Policy, Cross-Site Request Forgery (CSRF)

Test mode:
Start practice test
CompTIA Security+ - Web Security Example Questions

Test your knowledge of Web Security

Question 1

A penetration tester has identified a CSRF vulnerability within your web application. Which cookie attribute should you set to prevent attackers from using a user's browser to send unauthorized requests?

Correct Answer: SameSite

The SameSite attribute helps in protecting against CSRF attacks by not sending the cookie when a browser executes a cross-origin request. The other options do not offer direct protection against CSRF.

Question 2

You're updating your website's security and notice numerous CSRF tokens missing. What method would be best to secure against clickjacking attacks?

Correct Answer: Enable the Content Security Policy (CSP) header

By enabling the Content Security Policy (CSP) header, you restrict resources to load from specific domains, helping prevent clickjacking attacks. Other options are not as effective or do not specifically address clickjacking defense.

Question 3

An attacker has found a way to place content over your website that makes it appear as if it's part of your site. How do you defend against this?

Correct Answer: Restrict iframes loading from external sources

Restricting iframes loading from external sources prevents attackers from placing content over your site using iframes. Other options do not specifically focus on clickjacking attacks and can be bypassed or provide incomplete protection.

image/svg+xml
🎓 Unlock Premium Access

CompTIA Security+ + ALL Certifications

  • 🎓 Access to ALL Certifications: Study for any certification on our platform with one subscription
  • 1241 Superior-grade CompTIA Security+ practice questions
  • Unlimited practice tests across all certifications
  • Detailed explanations for every question
  • CompTIA Security+: 5 full exams plus all other certification exams
  • 100% Satisfaction Guaranteed: Full refund if unsatisfied
  • Risk-Free: 7-day free trial with all premium features!
More Web Security questions
48 questions (total)
Start 48 question test