YouTube
shieldCISSP Practice Domain 8 — Software Development Security Q118 of 120

Which web vulnerability is mitigated by using HTTPOnly + Secure + SameSite=Strict cookie flags?

A CISSP practice question covering Domain 8: Software Development Security. Try answering before reading the explanation below.

Show options & answer
A
SQL injection
B
Cross-site scripting cookie theft and CSRF
✓ Correct answer
C
Buffer overflow
D
Server-side request forgery
Why "Cross-site scripting cookie theft and CSRF" is the right answer

HTTPOnly stops JS from reading cookies (mitigates XSS-based theft). Secure ensures cookies only ride HTTPS. SameSite restricts cross-site sending (mitigates CSRF). The other vulnerabilities require different defenses.

Take the full CISSP practice test
120 questions, instant explanations, study-video links on every miss. No account.
Start full test →

Other practice tests

All practice tests CISSP videos Glossary