nerdexam
ExamsGCIHQuestions#565
GIAC

GCIH · Question #565

GCIH Question #565: Real Exam Question with Answer & Explanation

The correct answer is A: The value of the session_id should be validated by the server after requests. A variety of techniques are used for carrying the sessionID to the browser. One is URL Session Tracking. With this technique, the sessionID is passed in the URL. So, on the browser location line, you see the sessionID number or set of characters. This value should be validated in

Web Application Attacks & Post-Exploitation

Question

Analyze the screenshot below. What action should the penetration tester recommend to the security team?

Exhibit

GCIH question #565 exhibit

Options

  • AThe value of the session_id should be validated by the server after requests
  • BThe session_id variable should be encoded with Base64 in the URL
  • CThe session_id variable should be removed from the URL by a web app firewall
  • DThe URL should be redirected to HTTP so the payload can be easily inspected

Explanation

A variety of techniques are used for carrying the sessionID to the browser. One is URL Session Tracking. With this technique, the sessionID is passed in the URL. So, on the browser location line, you see the sessionID number or set of characters. This value should be validated in the server-side to ensure that the client has not manipulated the value.

Topics

#session management#session ID#URL parameters#server-side validation

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GCIH Practice