nerdexam
(ISC)2

CISSP · Question #1283

An attacker is able to remain indefinitely logged into a exploiting to remain on the web service?

The correct answer is C. Session management. Session management is the process of controlling and maintaining the state and information of a user's interaction with a web service. It involves creating, maintaining, and terminating sessions, as well as ensuring their security and integrity. An attacker who is able to remain

Submitted by kev92· Mar 5, 2026Software Development Security

Question

An attacker is able to remain indefinitely logged into a exploiting to remain on the web service?

Options

  • AAlert management
  • BPassword management
  • CSession management
  • DIdentity management (IM)

How the community answered

(47 responses)
  • A
    2% (1)
  • C
    94% (44)
  • D
    4% (2)

Explanation

Session management is the process of controlling and maintaining the state and information of a user's interaction with a web service. It involves creating, maintaining, and terminating sessions, as well as ensuring their security and integrity. An attacker who is able to remain indefinitely logged into a web service is exploiting a weakness in session management, such as the lack of session expiration, session timeout, or session revocation. Alert management, password management, and identity management (IM) are all related to security, but they do not directly address the issue of session management.

Topics

#Session management#Session hijacking#Web application security

Community Discussion

No community discussion yet for this question.

Full CISSP Practice