Q2. (12 points) Suppose the following cookies, each named cid, have been set. ci: value = a2, domain = x.y.com, path = 7, non-secure C2: value = b5, domain = .y.com, path = /, secure c3: value = b8, domain = -y.com, path = /f00/, non-secure a. (2 pts) Suppose the browser vists https://z.y.com. Which cookie(s), if any, are sent to the server? b. (2 pts) Suppose the browser vists https://y.com/foo. Which cookie(s), if any, are sent to the server? c. (2 pts) Suppose the browser vists https://y.com/bar. Which cookie(s), if any, are sent to the server? d. (3 pts) Suppose an attacker has taken control of http://hackedserver.y.com. List each of the cookies C1, C2, C3 that the attacker can overwrite with value = evildoer. e. (3 pts) Suppose instead that C2 has been set with the httpOnly parameter set. Does this offer any protection against the attacker located at hackedserver.y.com? Why or why not? Q2. (12 points) Suppose the following cookies, each named cid, have been set. ci: value = a2, domain = x.y.com, path = 7, non-secure C2: value = b5, domain = .y.com, path = /, secure c3: value = b8, domain = -y.com, path = /f00/, non-secure a. (2 pts) Suppose the browser vists https://z.y.com. Which cookie(s), if any, are sent to the server? b. (2 pts) Suppose the browser vists https://y.com/foo. Which cookie(s), if any, are sent to the server? c. (2 pts) Suppose the browser vists https://y.com/bar. Which cookie(s), if any, are sent to the server? d. (3 pts) Suppose an attacker has taken control of http://hackedserver.y.com. List each of the cookies C1, C2, C3 that the attacker can overwrite with value = evildoer. e. (3 pts) Suppose instead that C2 has been set with the httpOnly parameter set. Does this offer any protection against the attacker located at hackedserver.y.com? Why or why not