nerdexam
ExamsCAS-003Questions#529
CompTIA

CAS-003 · Question #529

CAS-003 Question #529: Real Exam Question with Answer & Explanation

The correct answer is B: XSRF. A CSRF (Cross-Site Request Forgery) attack tricks an authenticated user's browser into submitting an unauthorized request to a trusted site. The attacker cannot forge the request correctly if it requires a secret, unpredictable token tied to the user's session. By embedding a ser

Question

A security architect is reviewing the code for a company's financial website. The architect suggests adding the following HTML element, along with a server-side function, to generate a random number on the page used to initiate a funds transfer: <input type="hidden" name="token" value=generateRandomNumber()> Which of the following attacks is the security architect attempting to prevent?

Options

  • ASQL injection
  • BXSRF
  • CXSS
  • DClickjacking

Explanation

A CSRF (Cross-Site Request Forgery) attack tricks an authenticated user's browser into submitting an unauthorized request to a trusted site. The attacker cannot forge the request correctly if it requires a secret, unpredictable token tied to the user's session. By embedding a server-generated random token in the hidden form field, the server can validate that the form submission originated from the legitimate page and not from a malicious third-party site. SQL injection targets database queries, XSS injects malicious scripts into pages, and clickjacking overlays UI elements to deceive clicks - none of these are mitigated by a hidden CSRF token.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-003 Practice