nerdexam
EC-Council

312-50V11 · Question #445

A company's security policy states that all Web browsers must automatically delete their HTTP browser cookies upon terminating. What sort of security breach is this policy attempting to mitigate?

The correct answer is A. Attempts by attackers to access Web sites that trust the Web browser user by stealing the user's. Cookies can store passwords and form content a user has previously entered, such as a credit card number or an address. Cookies can be stolen using a technique called cross-site scripting. This occurs when an attacker takes advantage of a website that allows its users to post unf

Session Hijacking

Question

A company's security policy states that all Web browsers must automatically delete their HTTP browser cookies upon terminating. What sort of security breach is this policy attempting to mitigate?

Options

  • AAttempts by attackers to access Web sites that trust the Web browser user by stealing the user's
  • BAttempts by attackers to access the user and password information stored in the company's SQL
  • CAttempts by attackers to access passwords stored on the user's computer without the user's
  • DAttempts by attackers to determine the user's Web browser usage patterns, including when sites

How the community answered

(26 responses)
  • A
    92% (24)
  • B
    4% (1)
  • C
    4% (1)

Explanation

Cookies can store passwords and form content a user has previously entered, such as a credit card number or an address. Cookies can be stolen using a technique called cross-site scripting. This occurs when an attacker takes advantage of a website that allows its users to post unfiltered HTML and JavaScript https://en.wikipedia.org/wiki/HTTP_cookie#Cross-site_scripting_.E2.80.93_cookie_theft

Topics

#HTTP cookies#session theft#browser policy#cookie management

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice