14 Mar Practice Test Question – Browser Attacks
Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies.
Harold is investigating a security incident where the victim was visiting a message board and viewed a message containing malicious code. He had another tab open in his browser that was logged into a popular shopping website. The malicious code on the message board made a purchase on the shopping website without his knowledge and shipped the merchandise to an overseas address. What type of attack likely took place?
A. Server-side request forgery
B. Cross-site scripting
C. Cross-site request forgery
D. Phishing
Correct Answer: C
In this case, the attack depended upon the fact that the victim was already logged into the shopping website. The attacker knew that some portion of the visitors to the message board would be logged into that site and took advantage of that trust relationship to send commands through the user’s browser to the shopping site. That’s an example of a cross-site request forgery attack. Cross-site scripting attacks work in a similar manner but they do not leverage those trust relationships. Server-side request forgery attacks target the web server itself rather than the end user. Phishing attacks attempt to trick the user into sharing sensitive information, but this attack took place without the victim’s knowledge.
Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test!
No Comments