Exam 1Y0-312 topic 1 question 7 discussion

Seems it should be C and D • Use HTTPS for access to external web sites, especially if sensitive data will be transmitted. HTTP Strict Transport Security (HSTS) can be optionally implemented by web applications to prevent the use of HTTP for the web connection by using a special response header. • HTTP response headers can be used to send security policies to an endpoint’s browser, ultimately ensuring a more secure connection.

HSTS do not help the client security in terms of pishing, ransomware. B is OK

C&D are both NetScaler settings. I assume this is a CVAD environment, so the answer should be A&B

C D are correct

I go for C and D as A and B restrict the users productivity.

I believe this one should be C and D. While disabling user plugins would be good from a security standpoint, it doesn't meet the constraints of the question (minimize attacks *without interfering with user productivity*).

C & D are correct answer

It should be B & C. HTTP Strict Transport Security (HSTS) can be optionally implemented by web applications to prevent the use of HTTP for the web connection by using a special response header. Source: CWS-315-2I-en-StudentManual-1-3-days-v02 - Page 246

Definitely B C makes sense: https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html

shouldn't this be B&C?