nerdexam
(ISC)2

CISSP · Question #331

As part of an application penetration testing process, session hijacking can BEST be achieved by which of the following?

The correct answer is C. Cookie manipulation. Cookie manipulation is a technique that allows an attacker to intercept, modify, or forge a cookie, which is a piece of data that is used to maintain the state of a web session. By manipulating the cookie, the attacker can hijack the session and gain unauthorized access to the we

Submitted by satoshi_tk· Mar 5, 2026Security Assessment and Testing

Question

As part of an application penetration testing process, session hijacking can BEST be achieved by which of the following?

Options

  • AKnown-plaintext attack
  • BDenial of Service (DoS)
  • CCookie manipulation
  • DStructured Query Language (SQL) injection

How the community answered

(26 responses)
  • B
    4% (1)
  • C
    92% (24)
  • D
    4% (1)

Explanation

Cookie manipulation is a technique that allows an attacker to intercept, modify, or forge a cookie, which is a piece of data that is used to maintain the state of a web session. By manipulating the cookie, the attacker can hijack the session and gain unauthorized access to the web application. Known-plaintext attack, DoS, and SQL injection are not directly related to session hijacking, although they can be used for other purposes, such as breaking encryption, disrupting availability, or executing malicious commands.

Topics

#application penetration testing#session hijacking#cookie manipulation

Community Discussion

No community discussion yet for this question.

Full CISSP Practice