Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Which of the following coding practices can make an application or server vulnerable to web-based attacks?

  1. Always store key parameters in a cookie

  2. Use prepared statements for SQL queries

  3. Implement secure coding guidelines

  4. Validate all input data

The correct answer is: Always store key parameters in a cookie

Storing key parameters in a cookie can expose an application or server to web-based attacks because cookies can be intercepted, manipulated, or stolen by malicious actors if not handled securely. For instance, if sensitive information such as session tokens, user credentials, or authentication tokens is stored in cookies without proper security measures (like encryption or flags to prevent access), attackers can easily exploit this vulnerability. Cookies are often sent with every HTTP request made to the server, meaning that if the information they contain is not adequately secured, attackers can potentially gain unauthorized access to user sessions or sensitive data. This practice can lead to various security issues, including cross-site scripting (XSS) and session hijacking, which can ultimately compromise the integrity of the application and user data. The other practices listed—using prepared statements for SQL queries, implementing secure coding guidelines, and validating all input data—are considered best practices in securing web applications. Prepared statements help prevent SQL injection attacks, secure coding guidelines provide a framework to create and maintain secure applications, and validating input ensures that only expected data types and values are processed, thereby reducing a variety of attack vectors.

More Questions Like This