Which listed statements are true

$$ Web fingerprinting is based solely on the User$-$Agent header sent by a browser.

$$ WebAuthn provides stronger protection against phishing attacks compared to traditional username and password authentication.

$$ Attacking a web service may allow hackers to install ransomware.

$$ Cross$-$site request forgery $($CSRF$)$ attacks can be prevented by using unique tokens for each request.

Which below statements are valid

$$ Regular security assessments, such as penetration testing, can help identify and prevent code injection vulnerabilities.

$$ SSL$/$TLS certificates can be used to prevent man$-$in$-$the$-$middle attacks.

$$ A man$-$in$-$the$-$middle attack can be used to intercept and modify encrypted web traffic if the attacker has access to the encryption keys.

$$ HTTPS only encrypts the data sent from the client to the server, but not vice versa.

Which of the below statements are true

$$ Using a firewall to restrict access to a local HTTP server can help prevent unauthorized access.

$$ A common method of preventing code injection attacks is to validate user input and escape any special characters that Regular security scans and penetration testing can help find vulnerabilities in a web application.

$$ Setting random values as tokens in cookies is an insufficient defensive measure against the CSRF $($cross$-$site request forgery$)$ attack.

$$ may be used to inject code.

Which of the statements listed below are correct

$$ Cross$-$site scripting $($XSS$)$ attacks can be prevented by properly encoding user input.

$$ CSRF attacks can only be executed against state$-$changing operations, such as changing a password and not for reading sensitive information.

$$ The Cross$-$Origin Resource Sharing $($CORS$)$ allows web applications to bypass the Same Origin Policy and make requests to resources on a different domain.

$$ WebAuthn provides a standard way for websites to authenticate users, reducing the risk of custom, insecure authentication systems being implemented.

Which statements listed below are correct

$$ A local HTTP server does not require strong passwords for its users.

$$ DNS rebinding attacks can be used to bypass the same$-$origin policy and access sensitive information or control systems on the victim$$s network.

$$ Developers do not need to be careful about the input validation when developing a Node.js application.

$$ If a web application needs to access resources from a different domain with the user$$s consent for example using a third$-$party API or embedding content from another domain, the Same Origin Policy can be bypassed using techniques such as Cross$-$Origin Resource Sharing $($CORS$)$ or JSONP, that will allow web applications to make cross$-$domain requests while still ensuring that the user$$s privacy and security is protected.

Which statements are true

$$ Cross$-$Site Scripting attacks may be countered by validating user input on the client side and the server side and by encoding special characters to prevent them from being interpreted as code.

$$ HTTP Basic Authentication is considered less secure than form$-$based authentication because the credentials are transmitted in clear text.

$$ HTTPS encryption can help to protect against XSS attacks.

$$ Phishing attacks are only successful against users who are not familiar with basic internet and web security principles.

Which of following listed statements are correct

$$ If a script $($JavaScript$)$ running on the website example.com requests to access data in another website $($website$.$com$),$ the web browser allow for it$,$ only if both web pages have the same origin $($which is defined by a combination of URI, host name and the port number$).$

$$ Side channel attacks are only effective against hardware of web applications.

$$ A Denial of Service attack can only be executed by a single attacker.

$$ Fingerprinting is a technique used to track and identify unique users across the web by collecting information about their devices and browsers.

Which following statements are true

$$ WebAuthn is not compatible with existing username and password$-$based authentication systems.

$$ Using a web application firewall $($WAF$)$ can help prevent attacks such as SQL injection and cross$-$site scripting $($XSS$).$

$$ A script HTML tag is not a subject to the SOP $($same origin policy$).$

$$ Clickjacking attacks can be used to trick users to for example grant access to his web camera without knowing about it$.$

$$ Which following listed statements are correct

Which below statements are correct

$$ The only information that can be collected through fingerprinting is the type of operating system, web browser being used and the IP address.

$$ Code injection attacks can only be executed in statically$-$typed programming languages.

$$ Two$-$Factor Authentication $(2$FA$)$ provides an additional layer of security beyond just a username and password.

$$ The Same Origin Policy is designed to prevent malicious scripts from accessing sensitive information from another domain, and to ensure that web a