TimSaysICan Training - CySA+ PBQ

CySA+ PBQ: Web Server Vulnerability Review

Match web evidence to remediation actions.

Back to Training Portal

Scenario

Three web servers were reviewed. One exposes credentials and sessions without encryption, one uses secure cookie flags correctly, and one has an expired SSL certificate marked high risk.

Your task: Review the evidence and select the best analyst response for each field.
EvidenceDetails
Web Server 1Admin activity with visible usernames/passwords and unencrypted sessions
Web Server 2Cookies use Secure, HttpOnly, and SameSite=Strict
Web Server 3SSL certificate expired on 2025-01-14

Analyst Decisions

Instructor Answer