[&] What is a common security risk associated with session IDs?
- They can be susceptible to tampering and hijacking. -- Correct
- They can be easily encrypted.
- They require constant re-authentication.
- They take up too much storage space.

[&] How are session IDs commonly sent to the user's browser?
- As a cookie. -- Correct
- As part of the URL.
- Within the HTML of the webpage.
- Via email attachment.

[&] What is a session ID?
- A unique token generated by web applications to identify and track user sessions. -- Correct
- A cookie used to store user preferences.
- A temporary file stored on the server.
- An encrypted password used for authentication.

[&] What is a key function of cookies in web applications?
- Generating session IDs.
- Storing session identifiers for session management. -- Correct
- Encrypting all user data.
- Blocking malicious IP addresses.

[&] Why are session IDs important in web application penetration testing?
- They encrypt user data on the server.
- They allow for stateful communication between a user's browser and the server. -- Correct
- They generate unique user passwords.
- They prevent DDoS attacks.

[&] Which of the following best describes a cookie?
- A small piece of data sent from a server stored in the user's browser. -- Correct
- A unique identifier generated by the user's browser.
- A virus protection tool.
- A server log file tracking user activity.