nerdexam
ExamsGCIHQuestions#282
GIAC

GCIH · Question #282

GCIH Question #282: Real Exam Question with Answer & Explanation

The correct answer is A: Use of a long random number or string as the session key reduces session hijacking.. Session hijacking exploits an active authenticated session to gain unauthorized access, and using long random session keys is a primary defense because it makes tokens difficult to guess or brute-force.

Web Application Attacks & Post-Exploitation

Question

Which of the following statements are true about session hijacking? Each correct answer represents a complete solution. Choose all that apply.

Options

  • AUse of a long random number or string as the session key reduces session hijacking.
  • BIt is used to slow the working of victim's network resources.
  • CTCP session hijacking is when a hacker takes over a TCP session between two machines.
  • DIt is the exploitation of a valid computer session to gain unauthorized access to information

Explanation

Session hijacking exploits an active authenticated session to gain unauthorized access, and using long random session keys is a primary defense because it makes tokens difficult to guess or brute-force.

Common mistakes.

  • B. Slowing or exhausting a victim's network resources describes a Denial of Service attack, not session hijacking, which targets active authenticated sessions rather than network availability.

Concept tested. Session hijacking definition, types, and mitigation

Reference. https://owasp.org/www-community/attacks/Session_hijacking_attack

Topics

#session hijacking#TCP session#session key#unauthorized access

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GCIH Practice