Q1: A WebSocket connection typically starts as
Multiple Choice
**Explanation:**
**Correct (C):** WebSocket uses an HTTP handshake with Upgrade and Connection headers
References (URLs)
Goal: be able to reason about the HTTP upgrade handshake and origin based controls.
Q2: Which pair of schemes matches WebSocket and WebSocket over TLS
Multiple Choice
**Explanation:**
**Correct (A):** ws is plaintext, wss runs over TLS
Q3: A server wants to prevent a browser from using a victim's cookies to open a privileged WebSocket. Which check is relevant
Multiple Choice
**Explanation:**
**Correct (B):** Browsers send Origin on the handshake. Servers commonly use it as a CSRF like defense
Q4: Which header is used by the client to carry a random value that the server uses to compute Sec-WebSocket-Accept
Multiple Choice
**Explanation:**
**Correct (A):** Client sends Sec-WebSocket-Key, server replies with Sec-WebSocket-Accept
Q5: Which statements about WebSocket are correct (select all)
Multi-Select
**Explanation:**
**Correct (A,B,C):** WebSocket defines framing and uses HTTP for the initial upgrade
**Options:**
- D (incorrect): Authentication depends on your app and deployment
Q6: Name the request header commonly used to enforce allowed browser origins (one word)
Short Text
**Explanation:**
**Correct:** Origin