07 Apr Practice Test Question: Terminals
Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies.
Bill is securing a set of terminals used to access a highly sensitive web application. He would like to protect against a man-in-the-browser attack. Which one of the following actions would be most effective in meeting Bill’s goal?
A. Requiring multifactor authentication
B. Requiring TLS encryption
C. Disabling certificate pinning
D. Disabling browser extensions
Correct Answer: D
In a man-in-the-browser attack, the attacker manages to gain a foothold inside the user’s browser, normally by exploiting a browser extension. This gives him or her access to all information accessed with the browser, regardless of whether the site uses strong authentication or transport encryption (such as TLS). Certificate pinning is a technique used to protect against inauthentic digital certificates and would not protect against a man-in-the-browser attack.