CISSP · Question #331
As part of an application penetration testing process, session hijacking can BEST be achieved by which of the following?
The correct answer is C. Cookie manipulation. Cookie manipulation is a technique that allows an attacker to intercept, modify, or forge a cookie, which is a piece of data that is used to maintain the state of a web session. By manipulating the cookie, the attacker can hijack the session and gain unauthorized access to the we
Question
As part of an application penetration testing process, session hijacking can BEST be achieved by which of the following?
Options
- AKnown-plaintext attack
- BDenial of Service (DoS)
- CCookie manipulation
- DStructured Query Language (SQL) injection
How the community answered
(26 responses)- B4% (1)
- C92% (24)
- D4% (1)
Explanation
Cookie manipulation is a technique that allows an attacker to intercept, modify, or forge a cookie, which is a piece of data that is used to maintain the state of a web session. By manipulating the cookie, the attacker can hijack the session and gain unauthorized access to the web application. Known-plaintext attack, DoS, and SQL injection are not directly related to session hijacking, although they can be used for other purposes, such as breaking encryption, disrupting availability, or executing malicious commands.
Topics
Community Discussion
No community discussion yet for this question.