Which countermeasure addresses insufficient transport layer protection?

When transport layer protection is lacking, the most effective countermeasure is ensuring that sensitive data in cookies isn’t sent over unencrypted channels. Marking cookies as Secure tells the browser to only send them over HTTPS, so they aren’t transmitted in plain text over an unprotected connection. This reduces the risk of session hijacking or cookie theft in transit by protecting the cookie data during transmission. Defining access rights changes who can do things in the application, not how data travels across the network. Configuring every security mechanism is a broad, vague action that doesn’t specifically address transport-layer encryption for cookies. Not storing plain text passwords and focusing on cookie timeouts address password handling and session expiration, not the protection of cookies as they traverse the network.