CISSP · Question #1283
An attacker is able to remain indefinitely logged into a exploiting to remain on the web service?
The correct answer is C. Session management. Session management is the process of controlling and maintaining the state and information of a user's interaction with a web service. It involves creating, maintaining, and terminating sessions, as well as ensuring their security and integrity. An attacker who is able to remain
Question
An attacker is able to remain indefinitely logged into a exploiting to remain on the web service?
Options
- AAlert management
- BPassword management
- CSession management
- DIdentity management (IM)
How the community answered
(47 responses)- A2% (1)
- C94% (44)
- D4% (2)
Explanation
Session management is the process of controlling and maintaining the state and information of a user's interaction with a web service. It involves creating, maintaining, and terminating sessions, as well as ensuring their security and integrity. An attacker who is able to remain indefinitely logged into a web service is exploiting a weakness in session management, such as the lack of session expiration, session timeout, or session revocation. Alert management, password management, and identity management (IM) are all related to security, but they do not directly address the issue of session management.
Topics
Community Discussion
No community discussion yet for this question.