$.$Which listed statements are wasf

$$ Web fingerprinting is based solely on the User$-$Agent header sent by a browser.

$$ WebAuthn provides stronger protection against phishing attacks compared to traditional username and password authentication.

$$ Attacking a web service may allow hackers to install ransomware.

$$ Cross$-$site request forgery $($CSRF$)$ attacks can be prevented by using unique tokens for each request.

Which below statements are valid

$$ Regular security assessments, such as penetration testing, can help identify and prevent code injection vulnerabilities.

$$ SSL$/$TLS certificates can be used to prevent man$-$in$-$the$-$middle attacks.

$$ A man$-$in$-$the$-$middle attack can be used to intercept and modify encrypted web traffic if the attacker has access to the encryption keys.

$$ HTTPS only encrypts the data sent from the client to the server, but not vice versa.

Which of the below statements are true

$$ Using a firewall to restrict access to a local HTTP server can help prevent unauthorized access.

$$ A common method of preventing code injection attacks is to validate user input and escape any special characters that Regular security scans and penetration testing can help find vulnerabilities in a web application.

$$ Setting random values as tokens in cookies is an insufficient defensive measure against the CSRF $($cross$-$site request forgery$)$ attack.

$$ may be used to inject code.

Which of the statements listed below are correct

$$ Cross$-$site scripting $($XSS$)$ attacks can be prevented by properly encoding user input.

$$ CSRF attacks can only be executed against state$-$changing operations, such as changing a password and not for reading sensitive information.

$$ The Cross$-$Origin Resource Sharing $($CORS$)$ allows web applications to bypass the Same Origin Policy and make requests to resources on a different domain.

$$ WebAuthn provides a standard way for websites to authenticate users, reducing the risk of custom, insecure authentication systems being implemented.

Which statements listed below are correct

$$ A local HTTP server does not require strong passwords for its users.

$$ DNS rebinding attacks can be used to bypass the same$-$origin policy and access sensitive information or control systems on the victim$$s network.

$$ Developers do not need to be careful about the input validation when developing a Node.js application.

$$ If a web application needs to access resources from a different domain with the user$$s consent for example using a third$-$party API or embedding content from another domain, the Same Origin Policy can be bypassed using techniques such as Cross$-$Origin Resource Sharing $($CORS$)$ or JSONP, that will allow web applications to make cross$-$domain requests while still ensuring that the user$$s privacy and security is protected.

Which statements are true

$$ Cross$-$Site Scripting attacks may be countered by validating user input on the client side and the server side and by encoding special characters to prevent them from being interpreted as code.

$$ HTTP Basic Authentication is considered less secure than form$-$based authentication because the credentials are transmitted in clear text.

$$ HTTPS encryption can help to protect against XSS attacks.

$$ Phishing attacks are only successful against users who are not familiar with basic internet and web security principles.

Which of following listed statements are correct

$$ If a script $($JavaScript$)$ running on the website example.com requests to access dataWhich of the following statements on computational complexity theory foundations are correct

A$)$ Symbolic execution will be more effctive in larger software

B$)$ In modern mobile device the main operating system is run in the secure enclave

C$)$ If the attacker would be able to steal the mobile devices manufacturer's private key, he would be also able to overcome secure boot measures for updating operating system and could install tampered OS to break security measures of the device.

D$)$ Finding expliot in general easier than finding Bugs

$.$ Which of the following statements on computational complexity theory foundations are correct

A$)$ in android system mobile applications usually share a uid $($user id$).$

B$)$ An important threat model for mobile device is that attackers steals it and wants to read the data stored on it$,$ which the mobile the mobile device can be secure at just one assumption, that it is password protected

C$)$ In a modern Mobile device application are run in the secure enclave

D$)$ In modern mobile device architecture the main CPU has direct access to the data encryption key, which are use to encrypt data stored in the flash chip.

A$)$ In andriod there is no need to protect the payload of the intent, which is a message of protocol to share resource.

B$)$ Secure enclave of mobile device should manage all keys

C$)$ A Scipt HTML tag is not subject to SOP

D$)$ The mobile device Unique identification number in modern mobile architecture does not need to be stored in the ROM of the secure enclave