nerdexam
ExamsGCIHQuestions#24
GIAC

GCIH · Question #24

GCIH Question #24: Real Exam Question with Answer & Explanation

The correct answer is C: Session hijacking. Session hijacking is the takeover of an already-authenticated computer session to gain unauthorized access to systems or services without needing valid credentials.

Web Application Attacks & Post-Exploitation

Question

Which of the following refers to the exploitation of a valid computer session to gain unauthorized access to information or services in a computer system?

Options

  • APiggybacking
  • BHacking
  • CSession hijacking
  • DKeystroke logging

Explanation

Session hijacking is the takeover of an already-authenticated computer session to gain unauthorized access to systems or services without needing valid credentials.

Common mistakes.

  • A. Piggybacking refers to physically following an authorized person through a secured entry point to gain unauthorized physical access to a building or facility, not the exploitation of a computer session.
  • B. Hacking is a broad term covering many methods of gaining unauthorized system access and does not specifically describe the targeted exploitation of an existing authenticated session.
  • D. Keystroke logging captures keyboard input to steal passwords or sensitive data as they are typed, which records new input rather than exploiting an existing authenticated session.

Concept tested. Session hijacking definition and exploitation mechanism

Reference. https://owasp.org/www-community/attacks/Session_hijacking_attack

Topics

#session hijacking#unauthorized access#session exploitation

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GCIH Practice