EC-Council
EC0-350 · Question #835
EC0-350 Question #835: Real Exam Question with Answer & Explanation
Sign in or unlock EC0-350 to reveal the answer and full explanation for question #835. The question stem and answer options stay visible for context.
Question
Dan is conducting penetration testing and has found a vulnerability in a Web Application which gave him the sessionID token via a cross site scripting vulnerability. Dan wants to replay this token. However, the session ID manager (on the server) checks the originating IP address as well. Dan decides to spoof his IP address in order to replay the sessionID. Why do you think Dan might not be able to get an interactive session?
Options
- ADan cannot spoof his IP address over TCP network
- BThe scenario is incorrect as Dan can spoof his IP and get responses
- CThe server will send replies back to the spoofed IP address
- DDan can establish an interactive session only if he uses a NAT
Unlock EC0-350 to see the answer
You've previewed enough free EC0-350 questions. Unlock EC0-350 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.