nerdexam
ExamsCSSLPQuestions#144
(ISC)2(ISC)2

CSSLP · Question #144

CSSLP Question #144: Real Exam Question with Answer & Explanation

The correct answer is D: Cross-Site Request Forgery. Cross-Site Request Forgery (CSRF) is a malicious exploit where unauthorized commands are transmitted from a user's browser, trusted by a website, without the user's knowledge.

Secure Software Concepts

Question

Which of the following is a malicious exploit of a website, whereby unauthorized commands are transmitted from a user trusted by the website?

Options

  • ACross-Site Scripting
  • BInjection flaw
  • CSide channel attack
  • DCross-Site Request Forgery

Explanation

Cross-Site Request Forgery (CSRF) is a malicious exploit where unauthorized commands are transmitted from a user's browser, trusted by a website, without the user's knowledge.

Common mistakes.

  • A. Cross-Site Scripting (XSS) involves injecting malicious scripts into web pages viewed by other users, typically to steal cookies or session tokens, rather than forcing a user to send unauthorized commands from their browser.
  • B. An Injection flaw occurs when untrusted data is sent to an interpreter as part of a command or query, such as SQL injection, leading to execution of unintended commands on the server-side.
  • C. A side-channel attack involves gleaning information from the physical implementation of a system (e.g., timing information, power consumption) rather than directly exploiting a software vulnerability.

Concept tested. Cross-Site Request Forgery (CSRF)

Reference. https://owasp.org/www-community/attacks/csrf

Topics

#CSRF#Web application security#Vulnerabilities#Attack types

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CSSLP PracticeBrowse All CSSLP Questions