nerdexam
Exams350-201Questions#52
Cisco

350-201 · Question #52

350-201 Question #52: Real Exam Question with Answer & Explanation

The correct answer is D: Fix applications according to the risk scores. Cross-Site Request Forgery (CSRF) is a type of attack that occurs when a malicious web site, email, blog, instant message, or program causes a user's web browser to perform an unwanted action on a trusted site when the user is authenticated. A CSRF attack works because browser re

Processes

Question

A company recently completed an internal audit and discovered that there is CSRF vulnerability in 20 of its hosted applications. Based on the audit, which recommendation should an engineer make for patching?

Options

  • AIdentify the business applications running on the assets
  • BUpdate software to patch third-party software
  • CValidate CSRF by executing exploits within Metasploit
  • DFix applications according to the risk scores

Explanation

Cross-Site Request Forgery (CSRF) is a type of attack that occurs when a malicious web site, email, blog, instant message, or program causes a user's web browser to perform an unwanted action on a trusted site when the user is authenticated. A CSRF attack works because browser requests automatically include all cookies including session cookies. Therefore, if the user is authenticated to the site, the site cannot distinguish between legitimate authorized requests and forged authenticated requests.

Topics

#CSRF#vulnerability management#risk scoring#patch prioritization

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 350-201 Practice
A company recently completed an internal audit and discovered that... | 350-201 Q#52 Answer | NerdExam