312-50V13 · Question #338
312-50V13 Question #338: Real Exam Question with Answer & Explanation
The correct answer is C: A browser making a request to a server without the user's knowledge. Cross-Site Request Forgery (CSRF) Explained Why C is correct: CSRF exploits the trust a server has in a user's browser by tricking the browser into sending an authenticated request to a target server without the user's knowledge or intent - for example, a malicious webpage silent
Question
Cross-site request forgery involves:
Options
- AA request sent by a malicious user from a browser to a server
- BModification of a request by a proxy between client and server
- CA browser making a request to a server without the user's knowledge
- DA server making a request to another server without the user's knowledge
Explanation
Cross-Site Request Forgery (CSRF) Explained
Why C is correct: CSRF exploits the trust a server has in a user's browser by tricking the browser into sending an authenticated request to a target server without the user's knowledge or intent - for example, a malicious webpage silently triggers a fund transfer on a banking site the user is already logged into.
Why the distractors are wrong:
- A is wrong because the request in CSRF isn't knowingly sent by a malicious user directly - it's the victim's browser that sends it, unknowingly
- B describes a man-in-the-middle attack, where traffic is intercepted and altered in transit
- D describes server-side request forgery (SSRF), a related but distinct attack where a server is manipulated into making requests to other servers
Memory Tip: Think of CSRF as "Conning your browser" - the attack forges a request that appears to come legitimately from you, but you never authorized it. The key phrase is "without the user's knowledge", which distinguishes it from normal browsing behaviour.
Topics
Community Discussion
No community discussion yet for this question.